Resources > Security Terms Glossary > What is Zero Trust

What is Zero Trust?

What is Zero Trust?

Since mobile users began connecting via unmanaged devices to business applications over the internet, there’s been a growing need to implement zero trust security. When you can’t trust the connection, device, or network, zero trust sounds like a great idea. But in the last few years, there’s been a lot of confusion about what the term actually means.

Zero trust is a concept that was first identified by John Kindervag of Forrester Research more than a decade ago. It is a framework for enabling certain capabilities that secure organizations in the modern cloud and mobile world. A key principle of the zero trust approach is least-privileged access, which assumes that no user or application should be inherently trusted. It begins on the basis that everything is hostile, and only establishes trust based upon the user identity, and context—such as the user’s location, the security posture of the endpoint device, and the app or service being requested—with policy serving as the gatekeeper every step of the way.
 

How zero trust enables modernization

At its core, the concept is simple: zero trust = assume everything to be hostile. While this sounds obvious, the notion is antithetical to the corporate network security model built on the centralized data center and the secure network perimeter. Since the early 1990s, companies have been building a network architecture with a secure perimeter using endpoint-based controls, relying on approved IP addresses, ports, and protocols to establish access controls and validate applications, data, and/or users, which are then trusted to communicate inside the network. Users outside the secure perimeter used VPNs to establish remote access to the internal network, and, once inside, were trusted.

In contrast, the zero trust approach treats all traffic, including traffic already inside the perimeter, as hostile. For example, unless workloads have been identified by a set of attributes—a workload fingerprint or identity—they are untrusted and blocked from communicating. Identity-based policies result in stronger security that travels with the workload wherever it communicates—in a public cloud, a hybrid environment, a container, or an on-premises network architecture. Because protection is environment-agnostic, applications and services are secured using a zero trust approach even if they communicate across network environments, requiring no architectural changes or policy updates. 

In the simplest terms, zero trust securely connects users, devices, and applications using business policies over any network.

Removing network location as a position of advantage eliminates excessive implicit trust, replacing it with explicit identity-based trust.
Gartner, Market Guide to Zero Trust Network Access, June 2020
Zero trust is being misused as a marketing term. Vendors are applying the term ‘Zero Trust’ to market everything in security, creating significant marketing confusion.
Gartner, 2019

The foundations of zero trust

Zero trust is not simply about a single technology such as user identity, remote user access, or network segmentation. Zero trust is a strategy, a foundation upon which to build a cybersecurity ecosystem.  At its core are three tenets:

  1. Terminate every connection: Many technologies, such as firewalls, use a “passthrough” approach, which means that files are sent to their recipients at the same time they’re being inspected. If a malicious file is detected, an alert is sent, but it can often be too late. In contrast, zero trust terminates every connection so it can hold and inspect unknown files before they reach the endpoint. Built on a proxy architecture, zero trust operates inline and inspects all traffic at line speed, including encrypted traffic, executing deep data and threat analysis.
  2. Protect data using granular policies based on context: Zero trust applies user identity and device posture to verify access rights, and it uses granular business policies based upon context, including user, device, the application being requested, as well as the type of content. Policies are adaptive, which means that as context changes, such as the user’s location or device, the user access privileges are continually reassessed.
  3. Reduce risk by eliminating the attack surface: Zero trust connects users directly to the applications and resources they need, and never connects them to networks (see ZTNA). By enabling one-to-one connections (user-to-app and app-to-app), zero trust eliminates the risk of lateral movement and prevents a compromised device from infecting other network resources. With zero trust, users and applications are invisible to the internet, so they can’t be discovered or attacked.

Why adopt a zero trust security model?

Today’s cloud environments can be hostile places. They host business-critical applications and data, making them ripe for attack by hackers who would like nothing more than to steal, destroy, or hold hostage sensitive data, such as personally identifiable information (PII), intellectual property (IP), and financial information for personal gain.
‍‍
While no security strategy is perfect, and data breaches will never be totally eliminated, zero trust reduces the attack surface and limits the blast radius—that is, the impact and severity—of a cyberattack, which reduces the time and cost of responding to and cleaning up after a data breach. 

Cybersecurity Insiders 2019 Zero Trust Adoption Report

Read full report
what is zero trust report icon

White Paper: The Network Architect’s Guide to Adopting ZTNA

Read the guide
what is zero trust guide icon

Gartner Market Guide for Zero Trust Network Access

Read Findings
what is zero trust report icon

Four benefits of zero trust

1. Reduces business and organizational risk

Zero trust assumes that all applications and services are malicious and are disallowed from communicating until they can be positively verified by their identity attributes—immutable properties of the software or services themselves that meet predefined trust principles, such as authentication and authorization requirements.‍

Zero trust, therefore, reduces risk because it uncovers what’s on the network and how those assets are communicating. Further, as baselines are created, a zero trust strategy reduces risk by eliminating overprovisioned software and services and continuously checking the “credentials” of every communicating asset.

 

2. Provides access control over cloud and container environments

Security practitioners’ greatest fears about moving to and using the cloud are loss of visibility and access management. Despite an evolution in cloud service provider (CSP) security, workload security remains a shared responsibility between the CSP and the organization using the cloud. That said, there is only so much an organization can affect inside someone else’s cloud.‍

With a zero trust security architecture, security policies are applied based on the identity of communicating workloads and are tied directly to the workload itself. In this way, security stays as close as possible to the assets that require protection and is not affected by network constructs such as IP addresses, ports, and protocols. As a result, protection not only travels with the workload where it tries to communicate but remains unchanged even as the environment changes.

 

3. Helps reduce the risk of a data breach 

Because zero trust is based on the principle of least privilege, every entity—user, device, workload—is assumed to be hostile. As a result, every request is inspected, users and devices are authenticated, and permissions are assessed before "trust" is granted, and this "trust" is continually reassessed as any context changes, such as the user's location or the data being accessed.

If an attacker should gain a foothold in the network or cloud instance through a compromised device or other vulnerability, that attacker will have no ability to access or steal data as a result of being untrusted. And there is no ability to move laterally due to the zero trust model of creating a "secure segment of one," which means there is nowhere an attacker can go. Access is always locked down.

 

4. Supports compliance initiatives

Zero trust shields all user and workload connections from the internet, so they cannot be exposed or exploited. This invisibility makes it simpler to demonstrate compliance with privacy standards and other regulations, and results in fewer findings in audits. 

In addition, with zero trust segmentation (microsegmentation) implemented, organizations have the ability to create perimeters around certain types of sensitive data (e.g., PCI or credit card data, data backups) using fine-grained controls that keep regulated data separate from other, non-regulated data. When it comes time for an audit, or in the event of a data breach, a zero trust segmentation (microsegmentation) strategy provides superior visibility and control over flat network architectures that provide over-privileged access.

a diagram showing zero trust architecture

Getting started with zero trust

Designing a zero trust architecture requires security and IT teams to focus on business concepts: What are we trying to protect? From whom? Recognize that a zero trust architecture underpins the entire security solution; technologies and processes are layered on top of the strategy, not the other way around.  ‍

Zero trust can be delivered as a service, which is recommended by Gartner in its zero trust network access (ZTNA) framework. It can also be implemented in stages, with organizations starting with their most critical assets. As an alternative, they can start with non-critical assets as a test case before implementing zero trust more broadly. Regardless of your starting point, a zero trust security solution returns immediate gains through risk reduction and security control.

Additional resources: