Guiding Principles for Zero Trust
Achieving Zero Trust in your environment is not tied to a specific platform, but rather certain capabilities deployed following a set of guiding principles.
These principles should be used when evaluating technologies and assessing the effectiveness of your network design and workflow.
Never trust, always verify
This is a fundamental tenet of Zero Trust. All data and computing services are considered resources in your environment, and access should only be granted on a per-session basis. This means your policy must take into consideration authentication, access control, and posture, at a minimum, before allowing access to resources. In addition, any violation of your policy results in immediate session termination.
Provide least privilege access
Lateral movement within a network is one of biggest causes of data breaches. That’s because once adversaries get in and implant malware, perhaps by using stolen credentials to get past perimeter security, they can use those privileges to access sensitive resources and exfiltrate data.
For Zero Trust, only grant least privilege access to resources. This means users (or applications) are authorized to access only what they need to perform their work and nothing more—in other words, they are given the right level of access for the right session and nothing else. As a result, even if a user’s credentials become compromised, an adversary is limited on what they can do (and where they can go) within your network.
Assume everything is compromised
This goes hand in hand with the basic tenet of Zero Trust: nothing can be trusted implicitly. As you design your architecture, work from the premise that everything everywhere in your environment either already is compromised or eventually will be compromised. This will ensure necessary steps are taken to provide control, segmentation, and isolation in your network.
Continuous assessment and re-verification
Once a user or device logs into your network doesn’t mean it should remain there forever. Session limits must be imposed, otherwise an adversary could hijack a session, adopt higher-level privileges, and cause harm. Preventing this requires monitoring, continuous assessment, and re-verification of privileges, actions, and posture.
In a Zero Trust Architecture, policies are dynamic. They take into consideration the observable state of the client (device), identity, the destination service, the requesting asset, and behavioral or environmental attributes, such as the desired action, time of day, and location.