Zero Trust Architecture (ZTA)

Zero Trust Architecture (ZTA) is a security framework for protecting infrastructure and data. The central idea of ZTA is that subjects in a system should not be trusted by default. Subjects are entities that request access. They can be applications, users and devices. If ZTA had a motto, it would be, "Never trust; always verify."

In a ZTA model, every access request comes from a subject, and the system evaluates that subject each time access is requested—regardless of where the request comes from or whether the subject has accessed the system before.

User access example

In a traditional cyber security framework, systems can remember users and grant them continued access without additional verification. This might mean that a user could sign in on one platform and be granted access to other, more sensitive data without being re-verified. While this is convenient for the user, it greatly increases the risk and potential impact of cyber threats.

In a ZTA model, a user isn’t trusted by default. In the above example, the ZTA system would not automatically remember a given user. Instead, it would assess the need for re-authentication whenever the subject needed access to a new resource, such as data or another tool.

Secure IT environments

Instead of focusing on protecting the system perimeter (in other words, at the initial login or access point), ZTA builds protection throughout the network.

ZTA also replaces security based on physical location. It is driven by users, devices and context.

ZTA uses an array of different, integrated capabilities that work together to create more secure IT environments. Some of these capabilities include:

• multi-factor authentication (MFA)
• contextual access control based on the principle of least privilege, which gives the minimum amount of access required for a user to complete their tasks
• network segmentation
• continuous monitoring and risk assessment
• end-to-end encryption