Zero Trust

Hybrid industry zero trust

- Gap analysis. (CISK, CSA). The risk is you don’t have lot of filtering in east-west traffic.
Segregation is there. From an identity point of view u have root access, privilege identies secure,
how do u ensure that.
- I don’t want my org resource work outside of India. Lot og policies can be applied in azure
tenant level or Aws org level.
- No individuals create resources in cloud outside of india. That might be the gap. Unrestricted
access, monitoring to it. No control over the policies. Those are the gaps

Zero trust is a security concept or framework.

The goal is to trust nothing. Instead, we must authenticate, authorize and assess every user and device.
In traditional security our deivces, servers, apps are connected to router and firewall. Its called
perimeter based security. As these devices are owned by the business and connected to the same
network. We can control them using group policy for configuration and AD for authentication. We can
also control physical access. We call it trusted network.

Some of the challenges are shown above.

- How do we make sure these device are free from malware and secure enough to access our
company resource. One of the biggestr problem in perimeter security is lateral movement. If
attacker gets weakness in any point/device, it can get access to other apps and devices.
Pandemic skyrocketed this issue.
- Zero trust removes all trust from users, devices and network.
- In this case u need to verify urself. U cn be verified by following things: credentials, devices,
location.

# Principle one: Never trust, always verify.

 - Every request should be continuously and dynamically verified. This stops hackers from taking
advantage from open session and trusted access.

# Principle two: Least Privilege

- Giving more access to user that not required or temporarily giving access and forgot to remove.
These are weakness. Example: when all users have local admin rights. (install app, run tasks).
- Just enough access or just I time access.

# Assume Breach:

- Segment our system using Reduce blast radius. Reduce the damage done if attacker gets access.
o Network based segment: reduce the area of network
o User based segment: limit the scope of credentials.
- Analytics for visibility and detection. Need tools for visibility and to respond the threats.
Zero Trust Security Architecture (ZTSA) is a modern approach to cybersecurity that operates on the
principle of "never trust, always verify." This model assumes that threats could be external and internal
to the network, and as such, no entity—inside or outside the network—should be automatically trusted.
Instead, every access request is thoroughly verified before granting permission. The goal of Zero Trust is
to minimize the risk of security breaches by implementing strict access controls and continuous
monitoring.

Here are the key principles and practices of Zero Trust Security Architecture:

Key Principles of Zero Trust Security Architecture

1. Verify Explicitly:

 Always authenticate and authorize based on all available data points, including user
identity, location, device health, service or workload, data classification, and anomalies.

2. Use Least Privilege Access:

 Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive
policies, and data protection to ensure users have only the access they need.

3. Assume Breach:

 Minimize the blast radius and segment access. Verify end-to-end encryption and use
analytics to get visibility, drive threat detection, and improve defenses.

Core Practices of Zero Trust

1. Micro Segmentation:

 Divide the network into smaller zones to maintain separate access for different parts of
the network. This way, if a breach occurs, the impact is contained within a small
segment.

2. Strong Identity Verification:

 Implement multi-factor authentication (MFA) and ensure robust identity governance.

Continuously validate user identities and devices.

3. Device Health Verification:

 Check the security posture of devices before granting access. This includes ensuring
devices are updated, compliant with security policies, and not compromised.

4. Least Privilege Access:

 Provide users with the minimum level of access necessary to perform their jobs. This
minimizes the risk of unauthorized access to sensitive data.
 5. Continuous Monitoring and Analysis:

 Monitor all network traffic, user activities, and system behavior in real-time to detect
and respond to anomalies. Utilize advanced analytics and machine learning to identify
suspicious activities.

6. End-to-End Encryption:

 Ensure data is encrypted both in transit and at rest. This prevents data interception and
tampering.

7. Dynamic Policy Enforcement:

 Apply adaptive policies that can change based on the context of the access request,
such as user role, location, time of day, and current threat landscape.

Implementing Zero Trust Architecture

1. Identify the Protect Surface:

 Determine what needs to be protected (data, assets, applications, services) and

understand the interdependencies between these elements.

2. Map the Transaction Flows:

 Understand how data flows across the network and who needs access to it. This helps in
designing appropriate access controls.

3. Build a Zero Trust Network:

 Design the network infrastructure to support Zero Trust principles, which includes
segmentation, deploying security tools, and setting up access controls.

4. Create and Enforce Policies:

 Define security policies based on the principle of least privilege and enforce them
through technology solutions like firewalls, secure access service edge (SASE), and
identity and access management (IAM) systems.

5. Monitor and Maintain:

 Continuously monitor the network, update security policies as needed, and respond to
incidents promptly. Regularly review and adjust the Zero Trust model to address new
threats and changes in the IT environment.

Benefits of Zero Trust Security

 Reduced Risk of Data Breaches: By strictly verifying every access request, Zero Trust
significantly reduces the risk of unauthorized access and data breaches.

 Improved Compliance: Helps organizations meet regulatory requirements by ensuring stringent

access controls and data protection measures.
  Enhanced Visibility: Continuous monitoring provides better visibility into network activities,
helping to detect and respond to threats faster.

 Better Protection for Remote Work: As remote work becomes more prevalent, Zero Trust
provides robust security for accessing corporate resources from any location.

Implementing a Zero Trust Security Architecture requires a shift in mindset and thorough planning, but it
ultimately strengthens the overall security posture by reducing vulnerabilities and improving incident
response capabilities.