Research Project - Identity Controls
andreazi
CIS403_Project_Research_Zero_Trust.pdf
Running head: ZERO TRUST NETWORK 1
Zero Trust Network: More Security Features
Fernando Andreazi
EC-Council University
ZERO TRUST NETWORK 2
Table of Contents
Zero Trust Network ................................................................................................................. 3
Abstract ..................................................................................................................................... 3
Introduction .............................................................................................................................. 5
Background .............................................................................................................................. 6
Problem Statement................................................................................................................... 8
Objectives of the project ........................................................................................................ 8
Literature review ..................................................................................................................... 9
Zero Trust Security.................................................................................................................. 9
The Principles of Zero Trust ............................................................................................. 11
The History of Zero Trust Security .................................................................................. 12
How is the Zero Security model different from a traditional model? .................................. 13
How Zero trust security supports security in a cloud environment? ............................ 13
Zero trusts security micro-segmentation ......................................................................... 14
Why modern organizations need to adopt Zero trust security technique ............................. 14
Zero Trust Architecture ........................................................................................................ 15
Zero Trust Microsoft ............................................................................................................. 17
How do Zero Trust capabilities work in Microsoft? ....................................................... 18
Zero Trust Networks ............................................................................................................. 19
Methodology adopted ............................................................................................................ 20
Results-Project findings ..................................................................................................... 20
Recommendations .................................................................................................................. 25
ZERO TRUST NETWORK 3
Conclusion .............................................................................................................................. 25
References ............................................................................................................................... 26
Zero Trust Network
Abstract
The conventional system security within networks rely on the principals of creating a
safe computer environment. The principles of network security follows a philosophy that
everything inside the network is secure while everything outside the network is unsafe. The
new cyber security opportunities being built across the industry aim at zero intrusion and 100
percent safe. The cyber network security experts and engineers are not relenting on the cyber
security they create because a threat can come from inside the network as outside. Therefore,
the Zero Trust network aims at improving security while considering every interaction as a
risk to the data safety. With the inevitable use of cloud computing, the cyber world is
becoming completely high risk considering, but efforts such as Zero Trust security networks
will solve the problem of cyber safety.
The Zero Trust network security is a modern alternative of IT security, which will
replace the VPN mechanisms. It will solve the paradigm of perimeter-centred with legacy
approaches and technologies that uphold the concept of trust verification process. The novel
principle behind Zero Trust network is working under ‘trust yet verification’ and ‘never
confidence, always test’ principles. The Zero Trust network security will become a
mandatory for organizations that believe in secure computing. Analysis of the Zero Trust
network will be done using analysis of existing literature, developer’s opinions and
description of the network in addition to comparison with the VPN systems. The Zero Trust
ZERO TRUST NETWORK 4
environment assume that every user is working in an open environment that has unlimited
vulnerabilities and threats, but they are secure.
ZERO TRUST NETWORK 5
Introduction
Zero trusts (ZT) is the terminology employed in describing the paradigms of
cybersecurity, which are continually evolving. They tend to shift network defences ranging
from perimeter networks that are static and try to put more effort into the numerous users,
investments, and resources. The architecture, for instance, employs the principle of zero trusts
in planning enterprise workflows and infrastructure (Mazzagatte, Bajo, & Rathod, 2017).
Zero trust postulates that there is no indirect trust that is given to either user accounts or
assets primarily on the basis of their network or physical locations, for instance, the internet
versus the local area network. The authorization and authentication of both the device and
user are functions that are discrete and that take place before resource enterprise session is
established. Zero trusts have the primary responsibility of ensuring that trends in networks,
which include assets based on cloud and remote users, are not situated within a network
boundary owned by an enterprise (Uttarwar, & Kalia, 2019). Additionally, zero trust puts
more effort into safeguarding resources rather than the segments of the network; this s
because the location of the network is no longer perceived as a major constituent of security
resources. The document conveys a brief elaboration of the approach and provides overall
execution models and use scenarios where zero trusts could enhance the enterprise's general
performance.
There are numerous advantages of replacing the ancient system with the Zero Trust
network. Within the environs of zero-trust network structure, it is postulated that we are
undertaking operations in an open environment characterized by a wide variety of constant
vulnerabilities and threats (Scott, 2018). It, therefore, makes sure that every bit of data,
whether incoming or outgoing, is encrypted to prevent any miscellaneous activity. However,
the process causes some inconveniences to the user since cookies that always keep them
logged in are not provided. Moreover, the administrator's privileges are restricted. The
ZERO TRUST NETWORK 6
admins are prohibited from accessing or employing their power almost every time.
Furthermore, the systems are divided into portions to ensure that they can work with the
approach of zero trusts. They are thus divided into separate sections to avoid any foreigner
from gaining access to information that is sensitive.
Background
The IT industry and infrastructure has continued to grow increasingly complex.
Security is also becoming highly complex. Large enterprises operate both internal and
external networks. They remote offices that have local infrastructure and must connect
through the cloud using mobile or cloud services. Such complexity has outgrown traditional
systems of perimeter-based network security mechanisms because there no single or easily
identified perimeter that works with zero threats (Uttarwar, & Kalia, 2019). The perimeter-
based network security systems have insufficient safety from attackers and security breaches.
Consequently, the traditional security hinder access to embedded and important services for
fear of safety. The complex enterprises have led to the need to develop a new model for
cyber security principles that offer safety while providing access to all the open locations.
The “zero trust” (ZT) promise a revolutionary cyber security system that guarantee safety
while providing wider access to open resource points.
A ZT approach primarily focuses on data and information protection with an
opportunity to expand to other enterprise assets; hence giving devices, and infrastructures
wide access opportunities to even previously untrusted locations. The ZT security models
offer assumptions that an attacker has a fulltime presence on the network, hence you need to
access remote services (Uttarwar, & Kalia, 2019). While currently, organizations rely solely
on the enterprise-owned network infrastructure, there is no access to outside the private
owned network. The ZT is different because it treats both enterprise-owned networks similar
ZERO TRUST NETWORK 7
to non-enterprise-owned networks. The principle behind such treatment is that it enhances
safety in both environment. The new paradigm in cybersecurity is continuous with ane
valuation of the risks of both internal and external assets of business functions (Uttarwar, &
Kalia, 2019). Therefore, the ZT allow for maximized asset access to all users without
compromising the safety of the date being accessed.
A zero trust architecture (ZTA) comprise of an enterprise of cybersecurity strategy
designed to work on ZT principles. The ZTA is designed with an aim of preventing data
breach while creating a limit within an internal lateral environment (Stafford, n.d).
Components of ZTA include its logical components including the possibility of its
deployment scenarios and how it functions with threats (Stafford, n.d). The ZTA architecture
also present a general roadmap of design that can be adopted by any organization. The ZTA
also discusses significant policy controls and regulations allowing its use from relevant
authorities (Uttarwar, & Kalia, 2019). The future influence of ZTA can be deduced from its
architecture as shown in figure 1. The ZTA does not comprise of a single-network
architecture but it is a set of guiding principles that make up a network infrastructure with
systems and operational design elements for enhanced security protocols.
Organization’s transitions to the ZTA might seem as journey because the ZT cannot
be built on an existing platform. Therefore, it is not a whole sale replacement technology;
hence is going to be a preserve of large organizations (Stafford, n.d). Large organizations
have advantages of deploying the ZT because of the need to increase the security and data
safety and more so because of the need to be within the functional business. Organizations
should seek future technologies, hence the need to develop an increased investment in ZT
security technologies. The need to protect organizational data is itself an investment. Today,
most enterprises will be using hybrid infrastructure to enhance security, but the perimeter-
based systems will continue becoming burdensome to investors who will find organizations
ZERO TRUST NETWORK 8
having optimal information with resilient practices of cyber security safety that protect
against common and advanced threats (Uttarwar, & Kalia, 2019). Improving organization’s
security posture is not a question of discussion, but it’s mandatory.
Problem Statement
Increasing reliance on IT is increasing cyber threats that are beyond control. The Zero
Trust network is designed to work opposite of the VPN network system. The VPN network
system offer security to internal network enterprises and locks out external access from
outside or from inside the network. The problem with denied access because of security
reasons reduced opportunities may otherwise be essential within the network. Organizations
are therefore, seeking a solution that can offer 100% safety without compromising with
perimeters. The Zero Trust network occurs with a fundamental principal of providing access
to all network locations through the internet without comprising safety within or outside the
enterprise network. The Zero Trust network maybe costly to the organizations, but there is
need to understand its working mechanisms while presenting its future capability. ZT seems
as the solution for internet safety that is awaiting deployment for public usage. The concerns
to the public is whether the technology can promise these enhanced safety, which is better
and preferred than the current systems.
Objectives of the project
• The main objective of the current project is to establish the current status and use of
Zero Trust Network Security System.
• The project will assess the superiority of Zero Trust security network that will be
compared to VPN network
ZERO TRUST NETWORK 9
Literature review
Zero Trust Security
The Zero-Trust Security model is a new network micro-segmentation for creating
secure zones in the data centers and cloud computing. It facilitates an avenue for isolation
between network loads at the same time to protect them. It differs from the conventional
security models as it provides zero-trust security. Presently most companies are shifting to
focus on implementing micro-segmentation that provides the foundation to implement a zero-
trust security model.
The process of micro-segmentation involves creating secure zones in the data center
and cloud as well as designing isolation between workloads that protect them. Micro-
segmentation provides organizations with greater ease to manipulate over servers, bypassing,
perimeter targeting the security gear. In case of any data breaches by hackers, micro-
segmentation can limit the capacity of lateral exploration of networks.
Zero Trust is a security design concept or a policy that gives companies the perception
that they no longer need something mechanically inside or outside their infrastructure
perimeters. Organizations should verify any incoming connections trying to connect to their
systems before providing access. The system follows a system address until users are sure
about who the other user is and whether they are authorized.
Organizations can become more secure by adopting the concepts of Zero trust and
architectural components at the same time, easing the compliance burdens, and reducing
costs. In zero-trust, the users assume all network traffic is untrusted. That means, the security
personnel, and other professionals must at all times instill the discipline and ensure that all
the infrastructure and resources are accessed in a secure mode regardless of location. Also,
they should adopt the least privilege approach, at the same time adhering to strict access
control, inspect and apply the log all traffic. The 21st-century organizations require new and
ZERO TRUST NETWORK 10
more effective security models, adapts to the complexity of the modern environment,
integrates with the mobile workforce, and that which protects people, infrastructure, apps,
devices, and data whenever they are located.
Kindervag, 2010, defines Zero Trust Security as an Information Security model that
works in line with the strict principle of ensuring every person or device that access the
resource from outside is verified. The strict authentication identity needs to be adhered to
regardless of whether the user is from outside or inside the network perimeter. The model
mentioned above is not associated with any technology; instead, it utilizes a holistic method
to network security that integrated various diverse ideologies and technologies. The
conventional IT network security employs a concept known as castle and moat. This concept
complicates the connection from outside the network. However, for every inside user or
device is recognized as trusted by default (Kindervag, 2010). Although the approach is safe,
it possesses some drawbacks since in case a security breach occurs to the network, the hacker
can reign and create havoc over the entire system. Notably, the castle and moat security
approach possess some vulnerability. The system is crucial as it is exacerbated by the fact
data is not placed in one place, and organizations have no control over the data. With the
present age of the internet, data mining has become the order of the day. Information seems
to be scattered all over the cloud vendors, and this becomes difficult for computer analysts to
redesign a single security control measure that can guard the entire network from hackers.
Hence zero-trust security, approach work by assuming that no single users, whether internal
or external, are trusted by default network. The network is not required to gain access to the
organization's resources without verification. This extra layer of security has demonstrated to
inhibit data breaches.
ZERO TRUST NETWORK 11
The Principles of Zero Trust
The concept work by assuming everything behind the corporate firewall is not safe.
Notably, the Zero Trust Model assumes breaches and ensure verification of every request as
though it originates from an open-source or network. Furthermore, zero trusts teach us that
regardless of where the request originates from or what nature of the resource it accesses,
"never trust," and "always verify." Any access or request is fully authenticated, authorized,
or encrypted before granted access. The process of micro-segmentation, least privilege
access principles are applied to reduce the lateral movement. Also, rich intelligence and
analytics to draft and bare employed to detect and respond to any anomalies in real-time or
before any break-in (Scott, 2018).
The philosophy that accompanies Zero-Trust Network presumes that the network is
all rounded liable to attacks. With this in mind, no user or machine or any other resource;
hence no should automatically be trusted. The other principle behind Zero Trust Security is
the provision of least-privilege access. Least privilege access involves providing users with
only needed access no much of what they need, such as an army general giving its soldiers
information on a need to know basis. With this strategy at hand, the user's exposure to
crucial network components is minimized or curtailed (Lefler, 2013 ). Furthermore, zero trust
networks employ the practice of micro-segmentation. Micro-segmentation is a way of
dividing the security perimeters into minor components or parts and retain separate access to
single parts of the networks. For instance, a network with single data-centered that is entitled
to use micro-segmentation may comprise of other dozens of single units of secure zones.
Thus any users, program, or device with access to one of the smaller units will not be
permitted to access any of the other minute sections without a distinct authorization. Also,
Multi-Factor Authentication (MFA) is an essential part of Zero Trust Security. As such,
MFA means adding a layer of security evidence since passwords alone are not strong enough
ZERO TRUST NETWORK 12
to allow access. The frequently used MFA application is a 2-factor authentication 2FA,
utilized on most online platforms such as Google and Facebook. Aside from entering a
password, users are required to enter a 2MFA with these services. Then a code is sent on
another device, such as a mobile phone or email, which completes the two pieces of evidence
mandated to show or claim who they are. Control on users' access to Zero Trust entails strict
control over access to devices (Leftler, 2013. However, zero trust systems require
administrators to keep an eye on how many other different devices are attempting to gain
access to their network and confirm that every device is approved. With this, further attacks
on the surface are curtailed.
The History of Zero Trust Security
VPNs, despite making use of encryption, have historically been the chosen option for
remote access. However, its technology was not developed for security and eventually lead
to frustration to user experience, especially on mobile. Organizations allow employees to
take work to home or wherever they go, and expect them to login in freely from any device at
hand. If VPN connections prove slow or disconnecting frequently, then cloud-centric
infrastructure technology allows users to conduct a bypass to VPN and connect to the
required resource directly. If the VPN fails to deliver the expected services, it is regarded as
effectively redundant. Having said that, just because users can access the corporate resources
through a VPN, does not mean they are authentically who they are. The corporate network
has become increasingly vulnerable to porous accommodations and outsourcing due to
flexible working. It is imperative to conduct proper governance to provide sophisticated
access control instead of the present free rein granted under VPNs. (Kindervg, Kelley Mak et
al., 2012).
ZERO TRUST NETWORK 13
With the 21st century corporate evolving, cloud infrastructures are replaced with the
ABYOD programs, which are increasingly getting adopted. Now companies need to fully
understand what the endpoints of accessing the corporate resources are. The present
companies cannot implicitly rely on trust indicators. That is the reason why Zero Trust
mentally is necessary to improve corporate resilience, regardless of how misanthropic it
sounds.
The Zero trust concept was first discovered and presented by analyst Forrester
Research Inc. In 2012. Later on, goggle announced the implementation of zero trusty security
to their networks, which aroused the interest of many companies and individual users in
adopting it within the tech community (Kindervg, Kelley Mak et al., 2012).
How is the Zero Security model different from a traditional model?
Convectional security model functions in a way that assumes that the company's
internal network can be relied on. The traditional convectional security model is designed to
shield the threats that get inside the network, that are invisible, uninspected, and free to
morph anywhere to pick or extract sensitive enterprise data. Conversely, Zero trust models
are rooted inside the presupposition of "never trust, always confirm" designed to cope with
lateral hazard motion in the community through leveraging micro-segmentation and granular
perimeters, executed, based on consumers preference, information as well as location (Scott,
2018).
How Zero trust security supports security in a cloud environment?
The Zero-Trust approach employs various existing technologies, along with
governance tactics, to conducts its venture of security the enterprises and its IT environments.
It recommends enterprises to leverage micro-segmentation and granular perimeter, on total
consumers, devices, and locations. It utilizes multifactor authentication IAM, files system
permission, encryption analysts, and scoring to access information. The technique forces
ZERO TRUST NETWORK 14
every connected element, users, software, element, in the remote web took to authenticate
itself on a regular basis. The model can be enabled on software by software-defined
perimeter (SDP) where the get entry rights are controlled via regulations that updated without
problems across premises and cloud environment. Software-defined perimeter SDP
architectures can combine with other devices that provide authentication factors such as the
location of the device in the query (Scott, 2018). Zero trust security intrinsically provides
greater flexibility, is more relaxed than factor-to-factor architectures. This feature enables it
to be among other blessings, and give the possibility of lateral motion on which attackers
mechanically rely on it to explore infiltrated networks.
Zero trusts security micro-segmentation
When we consider Zero Trust security, we think of the micro-segmentation technique.
Micro-segmentation is a technique in zero-trust security where organizations enhance
protection by carving networks into tiny granular zones, to a single application or machine
(Uttarwar, & Kalia, 2019). The technology entails an intricate problem: a control problem to
be precise. Protection regulations explode a micro-segmented world, where several policies
turn into several others, scaling conceivable controls.
Why modern organizations need to adopt Zero trust security technique
Below are the reasons why enterprises display real interests in incorporating platform
approaches they look to reach their security infrastructure.
1. It provides a total breadth of products and services
Enterprises across network, endpoints, and cloud need to guard their businesses
against the advanced threats that arise every day. As soon as the threats are identified,
the orchestrating talents imply the venture by responding to the attacks throughout the
linked devices along with cellular. This nature of the platform is advantageous as it
ZERO TRUST NETWORK 15
can prevent a breach earlier that it can happen, hence minimizing, the catch, and
enabling proper mitigation steps in the location.
2. It arouses an awareness, that, enterprise information may be in many places
Enterprise information does not only exist in traditionally community data centers;
rather, it could be in cloud SaaS apps, Azure, AWS workloads, mobile gadgets, as
well as in IoT devices both company and persona and thumb drives.
3. Provided the increasingly more strict compliance approaches
With the introduction of GDPR, particularly in Europe, most platforms offer
tremendous help where it comes to secure records, enforce identify and control
admission access on gadgets, community, segmented networks, and other workloads.
Zero Trust Architecture
BlackRidge, 2012 defines the term Zero trust architecture as an emerging set of
security network models that shift network defenses from a broad network perimeter and
tailor-make it to fit small groups or resources. The strategy Zero Trust Architecture (ZTA)
applies that no implicit trust is permitted to systems irrespective of their remote or network
location, i.e., Local network and internets. Data accessibility is granted when the resources
and authentication are needed. However, authentication to users, devices, and other resources
is performed before any connections are established. In addition, ZTA is a strategic reaction
to the organization's network trends. These trends include physical internet users, assets, and
cloud-based users within the vicinity of the organization's network (Lefler, 2013). ZTA's
primary focus is to provide full protection to enterprise resources and not network segments
since network locations are not regarded as the prime components to the security state of the
resource (Scott, 2018).
ZERO TRUST NETWORK 16
DeCusatis et al. assert Zero Trust Architecture can be defined as a strategic endpoint
process to network, access management, data security, endpoints, credentials, operations,
hosting locations, as well as their interconnecting infrastructure. The strategic network
approach places its focus on data protection (2017). The primary focus is restricting
resource access to only those authorized and needs to know. The conventional enterprises
have placed focus on perimeter defense, leaving their users to have the autonomy to access to
resources. As such, unauthorized and other lateral movements within the network has been
the root cause of the immense challenges faced by enterprises and federal agencies.
Although the Trusted Internet Connections (TIC) and enterprise conventional perimeter
firewalls resources provide powerful internet openings that help block attackers from
meddling into their internet, they are not suitable when it comes to detecting and obstructing
outside attacks from network.
Nonetheless, Zero Trust Architecture (ZTA) is a combination of concepts and ideas,
architecture components, and associations tailored to curb the uncertainty in implementing
viable decisions in information systems and services access (Moubayed et al., 2019). The
bottom line is to block unauthorized access to data, infrastructure, and services while making
access control enforcement in a granular manner as much as possible. ZTA is about resource
access, such as computer resources, printers, IoT actuators, and not merely data access. The
least privilege rules are minimized as possible. The system ensures the users are
trustworthy, and the request is valid. Zero trust infrastructure technology capabilities allow
closer to resources. The idea to authenticate and authorization flows into the network from
application to data.
Fig- Zero Trust Access
ZERO TRUST NETWORK 17
The above figure shows user/machine access to an enterprise resource. Also, it shows how
access is permitted via an approach called Policy Decision Point (PDP). The system needs to
confirm the user is 'trustworthy" and the request valid.
Zero Trust Microsoft
Implementing Zero Trust Security with Microsoft 365 with zero trust architecture can
be a daunting work to engineering analysts. They have to design a built-in a robust, and
mutually supportive framework of tools to ensure all endpoints of data and resources align
with zero trust methodology. However, the Azure Active Directory (AD) is a base of
executing Zero trust security in Windows Microsoft. The software functions by a strategy
known as restriction access mode where the Azure Directory Identity Protection (ADIP)
conducts dynamic access control decisions. They restriction strategy work on a case by case
analysis of each user, device, resource location, and sessions. Notably, the assessment work
is done per request on each resource (Lefter, 2013). The whole process is done by combining
ZERO TRUST NETWORK 18
confirmed runtime signals on every security state of a windows device. Also, it assesses the
user authenticities, sessions, and respond with a maximum security configuration.
Furthermore, conditional access establishes a set of rules that are tailored to monitor
and regulate every runtime session in which the user attempts to access the enterprise
resources. The level of control is maintained at the heart of the zero-trust security principle.
Azure AD is one component of Microsoft 365 that plays a critical role in establishing a zero-
trust network. Also, Microsoft 365 Windows Defender Advanced Threat Protection has
endpoint protection (EPP) that acts as an additional protective layer, and an Endpoint
Detection Response (EDR) engrained together to form powerful technology hardware called
Windows Defender Advanced Threat Protection (ATP).
How do Zero Trust capabilities work in Microsoft?
ATP is an intelligence-driven protection piece that breach detection that investigates
and provide endpoint response capabilities. It works by combining built-in behavioral
sensors with machine learning. The security analysts work continuously by monitoring the
devices, state, and take precautionary actions if need be. Windows Defender (ATP), work
uniquely by mitigating breaches, through separating compromised machines and users from
additional cloud resource access. One way attackers can conduct a breach is by obtaining
hashed user credentials from a device via the Pass-the-Hash PtH and Pass the Ticket for
Kerberos technology.
Further, the cybercriminals use the credentials to roam about the entire system. In the
case of breaches, Microsoft tools, such as Windows Defender Credential Guard and System
Guard, helps to block these attacks. ATP acts on these attacks via endpoint protection and
detection response by creating a mitigation level for all compromised devices involved.
ZERO TRUST NETWORK 19
After the ATP sheds light on the risks to the machine, the assessment can be used to make the
decision to provide a token or to use other resources (Shaurette & Schleppenbach, 2012).
Zero Trust Networks
Zero Trust Network, work by scrutinizing and verifying everything that attempts to
connect to its systems, be it internal or external. Notably, Zero Trust Network inhibits any
access until the resource is verified or authorized. The concept does not mean the network
refuses access to all machines, but rather, each request to connect is first vetted and approved.
The network utilizes short term and temporary credentials.
Furthermore, credentials are strictly monitored and limited to a particular user's
device attempting to connect to a specific location of the network-specific at a particular
time. Cyber-attacks have become sophisticated, and the high level of the network is carefully
controlled, monitored, and authorized on a case by case basis. Zero Trust Network has been
proved to be more realistic technologies that have evolved that make the network trust
approaches more effective (Uttarwar, & Kalia, 2019).
Zero trust network is more secure because it employs the philosophy of "never trust,"
"verify." All connections are tested, unlike the conventional model, where the network allows
actors to connect application before testing and evaluating the connections. The methodology
of Zero Trust Network works by introducing a protocol test and validation process before any
single packet attempts to engage in its systems. It does this through vetting every connection
attempts, both from internal and external sources. This makes it difficult for bad actors to
attempt through the front, back, or window. It manages any lateral movement or threat
within the network by the use of micro-segmentation technology. The technology is through
enforcing granular perimeters and analyzing users, location, and other data throughout the
process. The modern enterprise should consider the transition into Zero trust philology. It is
ZERO TRUST NETWORK 20
more of an ideal than reality. Despite the urgent need, Zero Trusts should need to be done in
planned caution stages. Enterprises should not rush into the system without rethinking the
strategy.
Methodology adopted
The methodology adopted for this study comprise of the review. The review focus on
assessing available information regarding Zero Trust Network security. The review consider
assessing notes from ZT developers and computer security agencies that will approve the
technology for use. The Federal government of the U.S. has already started using the ZT
network and will provided an adequate source of information for its adoption.
Results-Project findings
Analysis of the ZT Network Security System has established a logical components
that create the entire ZTA. The components include deployment and usage within enterprises
using open network structures. The components operate as within or outside the network
premises and can be used for cloud-based services (Kindervag, 2010). The presentation of the
conceptual framework model for ZTA and infrastructure is presented in Figure 1. The figure
shows basic relationship representation between the components and how they make
interactions. The figure is considered as an ideal model representing the logical interacting
components for network policy engines and policy decision-making interactions.
ZERO TRUST NETWORK 21
Figure 1: Zero Trust Components
The variations existing within the Zero Trust Architecture can be found in several
enterprises that create a main source components of organization’s IT policy management.
Approaches to implementing the tenets of ZT can utilize two primary driver policies
(Kindervag, 2010). These policies include governance driven networks that include logical
micro-architecture presentation and next generation firewalls that are integrated into the
organizational networks. Organizations look forward to existing policy approaches that
modify networks from complex entities to simple ZT philosophy networks (Uttarwar, &
Kalia, 2019). An organization looking forward to develop the ZTA system for its enterprise
will find that the ZT network already has an existing policies management point (Stafford,
n.d). The approach to implementing the new architecture may seem more difficult, but the
solution is viable for current and future security needs of the organization. Organizations
should also understand that deploying the new ZT networks does not that other networks are
not viable, but can be integrated to even though the ZT will dominate over existing networks
(Uttarwar, & Kalia, 2019). Enterprises need to conduct their flow of business and using ZT
now is considered essential for future business flows.
ZERO TRUST NETWORK 22
Within ZT, the enhanced identity governance and approach focus on developing a
system that rely on the identity of its actors. The key component of the policy creation
development for ZTA is to access open networks (Stafford, n.d). The subjects of requesting
access allows the need to create an enterprise resource that has access policies with subject to
enterprise resources. The primary requirement for any network security resource is to gain
access to a platform, but this is based on the available access privileges granted to the users.
Other factors of consideration include the type of device used, the type of asset status, and the
type of environmental that may alter or support access utilization (Uttarwar, & Kalia, 2019).
The organization using ZT should tailor its results in a way of granting full or partial access
to the network location. Individual resources and components of protecting network resource
utilize policy engines that aim at authenticating requests to grant access to networks using
governance-based approaches with a model for enterprise visitors and access to policy
founding (Uttarwar, & Kalia, 2019). The non-enterprise approaches focus create a network,
which is often enhanced with identity-driven in the appropriate portals or devices of
approach. Identity status is critical not only in the current networks, but also in the future ZT
networks.
Going forward identity requests are accomplished at policy engine level while
authentication occurs at granting access level. The ZT network model is also visitors’ friendly
where enterprises initiate activities of identified approach privileges of resource potential
(Uttarwar, & Kalia, 2019). Other network models that are in question include the segmented
protected gateways that provide access to group resource. The gateway devices request
clients develop access to components that provide dynamic pathways while creating an
approach to security components (Uttarwar, & Kalia, 2019). Networks are asset-based.
Therefore, even ZT must allow appropriate access to individuals with privileges as compared
to individuals with other gateway security components of enterprise approach.
ZERO TRUST NETWORK 23
In ZT network system, data access is provided with secondary support elements. The
micro-segmentation allow enterprises to implement their segment networks with protected
segment gateway component. An enterprise has the option of choosing, a network resource to
implement ZT (Uttarwar, & Kalia, 2019). In the ZT approach, the enterprise use the NGFWs
as gateway devices that continue acting on a PEPs protection point for the each of the
deployed group of resources. The gateway devices remain dynamic while granting access to
client’s requests of asset. Depending on the network model, the ZT imbedded gateway occur
as a sole component of multiparty projection of getway assisted client aiming at approaching
a variety of case deployment with models that offer cyber security (Modderkolk, 2018). The
ZT approach has been found to offer variety of cases use and case access while deployment
activity models as aimed at working to protecting device that house next-generation fire
walls. The activities of management devices offer functionalities that rely on components
providing governance programs that shield gateway components with unauthorized access to
discovery components.
The embedded network approach requires an identity governance program that can
fully function without relying on the gateway components that act as the PEP with a shield of
resources working from unauthorized access and/or discovery. The primary necessity to the
PEP approach is that its components use management effects that react and reconfigure
resources with a needed to response that create threats and change the workflow of the
network protocol (Modderkolk, 2018). It remains a possibility that implement features of the
micro-segmented enterprises through the use of less advanced gateway devices having
stateless firewalls. It follows that the administration costs of PEP resources hinders small
organizations from taking advantage of the ZT networks.
The ZTA network infrastructure protocol is straightforward. The ZT implementation
utilize a by layer of the already existing network. Such an approach increase reference to a
ZERO TRUST NETWORK 24
software that define approach parameters with frequent concerns of network acts focusing on
the pact network decision-making processes. In this approach, the PA acts as the network
controlling system that aim at setting and reconfiguring the network-based architecture for
decision-making with a client that continue to address decision requests of managed networks
(Modderkolk, 2018). An approach to component implementation occurs with an application
network by layer that deploy common model agents with of layer infrastructure. An approach
to network implementation occurs through resource agents that establish common channel get
ways to establish communication with client resources. An established resource occurs due to
logical components that provide necessary system access with single asset platforms with
logical components that consist of multiple hardware layers with elements of task with
enterprise resource PKI while providing responsibility for issuing certificate devices for
authentication purposes (Modderkolk, 2018). For example, an enterprise-managed PKI
increase component with responsible certificate of devices that issue a certificate that occur
with a process issued enterprise of root certificate authority that focus on providing available
components of combined architectural layers.
Approximately selected components of architecture focus on enterprise components
that outline enterprise network with a set-up of multiple deployment models of business and
enterprise processes (Modderkolk, 2018). Device gateways opportunities work by deploying
models that divide components into different enterprise processes. Deployment of resources
directly affect installed devices that offer essential services of proxy resource that allow
administration of component device communications that serve proxy needs (Modderkolk,
2018). The gateway connections occur in providing communication gateway that focus on
configured policy with path administrators and resource enterprises for connection devices
and resource access engines.
ZERO TRUST NETWORK 25
Recommendations
The Zero Trust Network Model will replace the traditional network. Enterprises need
to identify appropriate network resources to deploy ZT networks, which will become
mandatory in the near future. The ZT network implementation process occur as an encryption
offering distant and sensitive work areas that provide protocols of activities that provide
access of important speed networks focusing on network security requirement. There is need
to outline and approximate the cost of ZT network so that enterprises can allocate resources
to create the security network. The return on investment for ZT security network needs to be
quantified to provide a reason for investors to attempt investing in this revolutionary
technology.
Conclusion
In a ZT environment, there is revolutionary cyber networking infrastructure that
separate logical cyber security needs with common access to network controlling devices.
The application process occurs with network control platforms focusing data safety with an
inclined process protocol. The components of ZT offer adequate security and communication
flows while using control and configuring a network process while applying communication
protocols and network performance within an organization. There is often broken down
control architecture plane for ZT network control communication process while planar data
application occurs with controlled communication flows using various infrastructural
components. The control planner apply various infrastructure components that can be owned
by the enterprise or third party vendor. Installation of ZT include components that judge and
grant or deny access to assigned resources. The ZT has shown improved protocols of cyber
security while playing as communication network that can replace VPN while offering the
advantage of open, but secure access of the cloud services.
ZERO TRUST NETWORK 26
References
BlackRidge. (2012, August). “Dynamic network segmentation
2http://www.blackridge.us/images/site/page-
content/BlackRidge_Dynamic_Network_Segmentation.pdf (last accessed April 27,
2016).
DeCusatis, C., Liengtiraphan, P., & Sager, A. (2017). Zero Trust Cloud Networks using
Transport Access Control and High Availability Optical Bypass Switching. Advances
in Science, Technology and Engineering Systems Journal, 2(3), 30-35.
https://doi.org/10.25046/aj020305
Kindervag , Kelley Mak, J., Balaouras, S., & Mak, K. (2012, November/December). Build
Security Into Your Network's DNA: The Zero Trust Network Architecture. FOR
SECURITY & RISK PROFESSIONALS.
Kindervag, J. (2010). No more chewy centers: Introducing the zero trust model of
information security. Forrester Research.
Lefler, R. (2013). Aligning Security Services with Business Objectives. Aligning Security
Services with Business Objectives, 1. https://doi.org/10.1016/b978-0-12-417008-
7.00001-5
Mazzagatte, C., Bajo, A., & Rathod, H. (2017). U.S. Patent Application No. 15/603,980.
Modderkolk, M. G. (2018). Zero Trust Maturity Matters: Modeling Cyber Security Focus
Areas and Maturity Levels in the Zero Trust Principle (Master's thesis).
Moubayed, A., Refaey, A., & Shami, A. (2019). Software-Defined Perimeter (SDP): State of
the Art Secure Solution for Modern Networks. IEEE Network, 33(5), 226-233.
https://doi.org/10.1109/mnet.2019.1800324
Scott, B. (2018). How a zero-trust approach can help to secure your AWS environment.
Network Security, 2018(3), 5-8.
ZERO TRUST NETWORK 27
Shaurette, K., & Schleppenbach, T. (2012). A “Zero Trust” Model for Security. Information
Security Management Handbook, Sixth Edition, Volume 6, 175-190.
https://doi.org/10.1201/b11802-21
Stafford, V. A. (n.d.) Zero Trust Architecture. Retrieved on March 26, 2020 from
https://pdfs.semanticscholar.org/fb8e/26de6d6eb7bd700f441a8f9839e48480e8cf.pdf
Uttarwar, V. U., & Kalia, A. A. (2019). Latest Trend in Network Security as Zero Trust
Security Model. National Journal of Computer and Applied Science
