Zero Trust Architecture: Key Principles, Components, Pros, and Cons

Whom can you trust within your network? In the zero trust paradigm, the answer is no one. The zero trust approach to cybersecurity states that access should only be granted after a user is verified and only to the extent needed to perform a particular task.

In this article, we take a detailed look at different approaches to zero trust implementation. We explore the basic principles of a zero trust architecture and consider the key pros and cons of this cybersecurity approach.

Zero trust in a nutshell

No one can be trusted by default.

The term zero trust was first used by Forrester experts when describing a new security model in which users and devices are no longer split into trusted and untrusted groups. The core idea of this model is to only grant access to authenticated and verified users.

There are several common interpretations of zero trust models in network security. In 2018, cybersecurity experts from Idaptive defined zero trust as a model based on a three-step process:

• Verify a user’s identity
• Validate devices
• Limit privileged access

In 2019, Microsoft went public with their implementation of the zero trust security model. They stated that in order to build an ideal zero trust environment, you need to:

• Verify a user’s identity through authentication
• Validate device health via a device management system
• Apply the principle of least privilege
• Verify the health of used services

It’s noteworthy that the fourth component, service health, is more of a theoretical concept that Microsoft marked as a future goal.

What is a zero trust architecture?

The most detailed explanation of zero trust so far was published in 2020 by the National Institute of Standards and Technology (NIST). In Special Publication (SP) 800-207, NIST describes the areas to focus on when building a zero trust architecture (ZTA) and the principles on which to base such an architecture.

According to NIST, organizations can establish a ZTA in several ways:

• By focusing on user access privileges and context-based identity verification
• By splitting the network into separate segments protected with different policies and access rules
• By using software-defined perimeter approaches

In any case, there are three components of a zero trust architecture that form its core:

• A policy engine grants, revokes, or denies a particular user access to requested enterprise resources.
• A policy enforcement point (PEP) enables, terminates, and monitors connections between a user and enterprise resources.
• A policy administrator sends commands to a PEP based on the decision of the policy engine to allow or deny a user’s connection to a requested resource.

These components don’t need to be separate, unique systems. Depending on their needs, an organization may choose to deploy a single asset responsible for performing the tasks of all three components. Alternatively, an organization may combine several tools and systems to implement a single component.

How Escalating Privileges Can Shake Your Enterprise Security

Building a zero trust architecture: NIST perspective

Take it one step at a time.

NIST suggests that organizations build a zero trust architecture on seven pillars:

1. Resources — An organization should treat all of their data, computing services, and devices as resources that need to be protected. If network users can access an organization’s resources from personal devices, such devices may also be treated as enterprise resources.

2. Communication — All communication, both from within and outside the network, must be treated the same and protected in the most secure method available.

3. Per-session access — Each connection to a critical resource or an organization should be established on a per-session basis only.

4. Dynamic policy — Access to an organization’s resources should be granted according to the organization’s policy rules and the principle of dynamic least privilege. Such a policy should determine the organization’s resources, users, and access privileges for these users.

5. Monitoring — To ensure proper data protection and security of corporate resources, organizations should monitor those resources and all actions taken with them.

6. Authentication and authorization — Before granting access to any corporate resource, an organization should enforce dynamic authentication and authorization.

7. Continuous improvement — An organization should gather information about the current state of network assets, infrastructure, and connections to improve the security posture of the network.

It’s noteworthy that organizations don’t have to apply all of these zero trust architecture design principles at once. You can limit your efforts to implementing several principles that most fit your needs.

Furthermore, the zero trust approach to cybersecurity doesn’t demand a complete replacement of a traditional perimeter-based network architecture. Instead, it suggests augmenting the existing network by adding network segments secured with gateways, improving access policies and rules, and enhancing user activity monitoring measures.

And since zero trust also has its limitations, you should consider both the advantages and drawbacks of this approach before deciding to implement it.

Mandatory Access Control vs Discretionary Access Control: Which to Choose?

Pros and cons of implementing zero trust

Consider these benefits and limitations before building a zero trust architecture.

As with any promising approach, zero trust has its strong and weak sides. Let’s take a closer look at the key advantages and drawbacks you should consider before switching to zero trust security architecture.

First, let’s outline the main benefits of a zero trust approach:

• Increased resource access visibility — The zero trust security approach requires you to determine and classify all network resources. This enables organizations to better see who accesses what resources for which reasons and understand what measures should be applied to secure resources.
• Decreased attack surface — By shifting the focus to securing individual resources, organizations that implement zero trust principles face reduced risks of hacker attacks targeting the network perimeter.
• Improved monitoring — Implementing a zero trust security strategy is associated with deploying a solution for continuous monitoring and logging of asset states and user activity, like keystroke logger software. This enables organizations to better detect potential threats and respond to them in a timely manner.

However, we can’t ignore some disadvantages of zero trust:

• Configuration challenges — As ZTA can’t be established with a single solution, organizations may struggle with properly configuring the tools they already use. For instance, not all applications provide means for deploying the principle of least privilege, which is the core of the zero trust philosophy.
• Insider threats — While significantly enhancing protection against outside attacks, ZTA isn’t fully immune to insider attacks. If an attacker gets a hold of a legitimate user’s credentials or a malicious insider misuses their privileges, an organization’s critical resources may be put at risk of compromise. However, this issue can be partially addressed with an approach to PAM with just-in-time administration, multi-factor authentication (MFA), and manual approval of access requests.
• Dependence on the policy decision point — ZTA strongly relies on a policy administrator and policy engine. Without their approval, no connection to enterprise resources can be established. As a result, the performance of the entire network will depend on the proper configuration and maintenance of these two components.

The good news is that you can start implementing the zero trust approach with small steps, and Ekran System can help you with this vital task.

Insider Threat Risk Assessment: Definition, Benefits, and Best Practices

Implementing zero trust principles with Ekran System

The Ekran System platform simplifies the implementation of key zero trust principles while helping organizations effectively detect and mitigate insider threats.

Ekran System provides robust functionality for preventing insider threats, including:

• User identity management and verification to help you make sure that people attempting to access your critical assets are indeed who they claim to be.
• Granular access management to successfully implement the principle of least privilege by using role-based access permissions, two-factor authentication, and manual access approvals.
• User activity monitoring and logging to clearly see who does what with your sensitive data and critical systems. You can also go back to the records of a particular user session to review it when needed.

Finally, Ekran System is a cross-platform solution that can be deployed in all kinds of environments, from on-premises and hybrid environments to the cloud. Thanks to that, you can get ultimate visibility of all your critical assets.

Ekran System’s privileged access management capabilities

Conclusion

Building a zero trust architecture is a complex and continuous process. However, organizations don’t have to apply all of the zero trust principles or implement them simultaneously. You can start implementing a zero trust architecture with small steps: define and classify all of your organization’s resources, implement proper user verification mechanisms, and grant your users only the privileges they truly need at the moment.

Ekran System provides most of the capabilities you need for ensuring the necessary level of access control and insider threat prevention. Request a 30-day trial of the Ekran System platform and start your transition to zero trust security right now!