Zero Trust Architecture — what’s the buzzword for?
ZTA (Zero Trust Architecture) is a common buzzword these days in the IT industry, where many companies are either trying to explore or define what ZTA means for their corporation or banking on other technology companies to pave the way for adopting Zero Trust.
At its core, ZTA is a security blueprint or framework based on Zero Trust principles. The NIST paper published in Aug 2020, SP 800–207 Zero Trust Architecture defines it as
Zero trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.
The important thing to remember here is that ZTA implementation will differ from enterprise to enterprise, but ZT principles and core tenants will remain the same overall with the core emphasis on “never trust, always verify.” The white-paper on Embrace proactive security with Zero Trust by Microsoft is just one of the many out there that shows that ZTA is an evolving concept. There is no single tool that completes the ZTA story; rather, it is a collection of many tools that an organization employs to achieve its ZTA strategy.
ZT paradigm moves the focus from the traditional network based security efforts (on VPN, inside corporate network etc.) to interactions between users (human/machine) and resources (web application/ micro-services, etc.) via different assets (company machine, BYOD, micro-services etc.). In the above envisioned workflow, one of the most critical aspects is the notion of a strong identity for the users, authentication and authorization. A strong authentication (AuthN) mechanism followed by an adaptive authorization (AuthZ) layer governed by access control policies rooted in ZTA core tenants will shape the success story for your organization’s ZTA vision.
So next time you hear ZTA, just remember it is conceptual to an extent and differs in implementation on a case-by-case basis.
Stay up to date:
Thanks for reading! If you found this article helpful, please consider buying me a coffee to support my work. Thanks again!
