Zero Trust Architecture

Zero Trust is a security model based on the principle of "never trust, always verify." It assumes that threats exist both outside and inside the network, and no user, device, or connection should be implicitly trusted based on network location alone.

---

The Problem with Perimeter-Based Trust

Traditional network security operates on a castle-and-moat model:

Traditional Model:

Outside (Untrusted) ──── [Firewall/Moat] ──── Inside (Trusted)

Problem: Once inside the moat, everything is trusted.
         An attacker who bypasses the perimeter has
         unrestricted access to internal resources.

This model fails because:

Assumption	Reality
The perimeter stops all threats	Phishing, insider threats, and supply chain attacks bypass the perimeter
Internal traffic is safe	Lateral movement is the primary technique for post-exploitation
VPN = trusted	Compromised VPN credentials grant broad network access
On-premises = secure	Cloud, remote work, and SaaS extend the network beyond any perimeter

---

Zero Trust Principles

Principle	Description
Never trust, always verify	Every access request must be authenticated and authorised
Assume breach	Design as if the network is already compromised
Least privilege access	Grant only the minimum access required, only for the duration needed
Verify explicitly	Use all available data — identity, device health, location, behaviour
Microsegmentation	Isolate resources so that compromising one does not expose others
Continuous verification	Do not trust a single authentication event — re-verify throughout the session

---

Zero Trust Architecture Components

Component	Role
Policy Engine (PE)	Evaluates access requests against policies using identity, device, and context
Policy Administrator (PA)	Executes the decision — grants or denies the connection
Policy Enforcement Point (PEP)	The gateway that enforces the PE/PA decision at the resource boundary
Identity Provider (IdP)	Authenticates users and issues identity tokens
Device Trust	Evaluates device health, compliance, and management status
Data Classification	Identifies the sensitivity of the resource being accessed
Threat Intelligence	Provides real-time risk signals (compromised credentials, known threats)

Zero Trust Access Flow

User/Device
    │
    ▼
[Policy Enforcement Point (PEP)]
    │
    │── Collects: identity, device posture, location, time, behaviour
    │
    ▼
[Policy Engine (PE)]
    │
    │── Evaluates against policies
    │── Checks: IdP, device trust, threat intelligence, data classification
    │
    ▼
[Decision: Allow / Deny / Step-Up Auth]
    │
    ▼
[Access to specific resource ONLY]
    (No broad network access)

---

NIST SP 800-207: Zero Trust Architecture

NIST SP 800-207 is the foundational standard for Zero Trust. It defines three approaches:

Approach	Description
Identity-Centric	Access decisions based on user and device identity
Network-Centric	Microsegmentation and software-defined perimeters
Combined	Both identity and network controls working together (recommended)

NIST Zero Trust Tenets

1. All data sources and computing services are considered resources
2. All communication is secured regardless of network location
3. Access to individual enterprise resources is granted on a per-session basis
4. Access is determined by dynamic policy — including identity, device, behaviour, and environment
5. The enterprise monitors and measures the security posture of all owned and associated assets
6. All resource authentication and authorisation are dynamic and strictly enforced before access is allowed
7. The enterprise collects as much information as possible about the current state of assets and uses it to improve security posture

---

Implementing Zero Trust

Step 1: Identity Foundation