What Is Zero Trust Architecture?
Zero Trust Architecture (ZTA) is an approach to cybersecurity that applies Zero Trust principles to an organization’s infrastructure and workflows. While traditional cybersecurity models assume that everything inside an organization’s network can be trusted, ZTA requires validations at every stage of a digital transaction when granting access to applications and data—whether users are accessing resources inside the organization’s network or remotely.
Components of Zero Trust Architecture
The six primary components of a Zero Trust Architecture are:
1. Users
The first cornerstone of Zero Trust is strong authentication of users, so they can be identified as trusted. While this needs to be continuous to maximize security, it also must be unobtrusive so that users tolerate it.
2. Infrastructure
The second cornerstone of Zero Trust is network access. Network access can no longer be perimeter-based due to the increasing use of cloud workloads, Wi-Fi, and users’ own devices accessing networks via VPN. This necessitates authentication beyond initial access.
3. Devices
Devices must be constantly checked for compromise, including the use of older unpatched software, encryption, and whether strong enough password controls have been implemented.
4. Applications
Access to applications, compute containers, and virtual machines requires more granular control, with multi-factor authentication a critical component.
5. Security Analytics and AI
Recognizing threats as they manifest themselves in real time is key to the Zero Trust approach. This involves leveraging advanced artificial intelligence-based threat identification and prevention.
6. Automation
Zero Trust is more granular and proactive, so automation is a necessity. Automatic and intelligence-based dynamic policy adaptation must be leveraged for cost-effective application.
Zero Trust Architecture Use Cases
Examples of ZTA in the real world.
- An employee accidentally leaves their device in a public place, having recently authenticated it to gain access to corporate resources, such as checking business email. In a traditional security model, internal resources would be exposed. Zero Trust closes this loophole by preventing the implicit trust of the user’s mislaid device.
- An employee brings their own device to work that is insecure or already compromised. In this case, Zero Trust prevents it from causing damage—even if it has been given access to the organization’s network during previous visits.
Implementing the “anytime, anywhere” access of a Zero Trust Architecture is a matter of applying principles incrementally, according to the National Institute of Standards and Technology. This will involve a hybrid of Zero Trust and perimeter-based modes during the transition. The organization will need to identify the applications, services, and workflows it intends to use for its operations, map how components interact, and apply Zero Trust Architecture to each of these—which may involve a partial redesign.
Every security team wants Zero Trust Architecture—nobody gets or keeps access to anything until they prove and continue to prove who they are, that access is authorized, and they are not acting maliciously. That’s why organizations choose BlackBerry® Zero Trust Architecture powered by Cylance® AI to protect their people, data, and networks.
Related Resources:
Data Loss Prevention (DLP)
Endpoint Security
Endpoint Protection Platforms (EPP)
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Identity and Access Management (IAM)
Managed Detection and Response
Managed XDR
MITRE ATT&CK Framework
Mobile Threat Defense (MTD)
User and Entity Behavior Analytics (UEBA)
Zero Trust Architecture
Zero Trust Network Access (ZTNA)
Zero Trust Security
Security Information and Event Management (SIEM)
Secure Access Service Edge (SASE)