I have been thrown into Zero Trust Architecture

--

Press enter or click to view image in full size

I have been privileged to be part of the design, simulation, testing and implementation of IT at an enterprise level over the past couple of years. There have been many ups and downs and of course many lessons.

In my last article, I confessed to needing some clarity on the next step in my career, and like the apple that fell on Isaac Newton’s head, an emergency meeting was called, ZTA kept coming up in this meeting. So for many aspects of our ever-growing infrastructure, we will be implementing ZTA. Of course this is a reaction to recent events in the space.

I have decided to write on what I learned about ZTA and how I would be adopting it on this project.

WHAT IS ZTA?

Press enter or click to view image in full size

Zero Trust Architecture (ZTA) is a modern security framework that eliminates implicit trust and enforces continuous verification across users, devices, and systems. It brings value by strengthening network access, hardening SSH, managing certificates, enforcing strict user and privilege controls, and integrating with SIEM and PAM solutions to reduce attack surfaces.

Zero Trust Architecture (ZTA) represents a fundamental shift from traditional perimeter-based security models to a comprehensive security framework that assumes no implicit trust within enterprise networks.

This implementation approach requires continuous verification of every user, device, and transaction, regardless of location or previous authentication status.

Trust is neither binary nor permanent. It can no longer be assumed that internal entities are trustworthy, that they can be directly managed to reduce security risk, or that checking them one time is enough. The zero-trust model of security prompts you to question your assumptions of trust at every access attempt.

Traditional security approaches assume that anything inside the corporate network can be trusted. The reality is that this assumption no longer holds true, thanks to mobility, BYOD (Bring Your Own Device), IoT (Internet of Things), cloud adoption, increased collaboration, and a focus on business resiliency. A zero-trust model considers all resources to be external and continuously verifies trust before granting only the required access.

The transition involves systematic planning across five core pillars; identity, devices, networks, applications, and data with incremental deployment phases that progressively enhance the security posture while maintaining operational efficiency.

The key to comprehensive Zero Trust is extending security throughout the entire network environment with examples such as:

● Employees accessing sensitive applications, both on and off the enterprise network

● Guests and third-parties using the network infrastructure

● Application to application communications

● Communication between control systems

Understanding Zero Trust Fundamentals

Press enter or click to view image in full size

Zero Trust Architecture operates on three fundamental principles that distinguish it from traditional security models.

The first principle, “Verify explicitly,” this mandates authentication and authorization based on all available data points, rather than relying on network location or previous access grants.

The second principle, “Use least privilege access,” ensures that users receive only the minimum access necessary for their specific tasks through Just-In-Time and Just-Enough-Access controls.

The third principle, “Assume breach,” requires organizations to minimize the blast radius through network segmentation and continuous verification of encrypted communications.

Traditional security architecture is sometimes referred to as the “castle-and-moat” model. Think of the network as a castle and authorized users “cross the moat” to get inside the network perimeter. Even though this approach was useful to defend against external threats, it failed to address threats that already existed within the network.

This traditional perimeter-based security approach only distrusts factors outside the existing network. Once a threat is able to cross the moat and get inside the network, it has free reign to wreak havoc within the castle that is your system. A zero trust security model is based on identity authentication instead of trusting users based on their position relative to your network.

The NIST SP 800–207 standard defines Zero Trust as “a collection of concepts and ideas designed to reduce uncertainty in enforcing accurate, per-request access decisions in information systems and services in the face of a network viewed as compromised”.

This approach fundamentally differs from perimeter-based security by treating every access request as potentially malicious, requiring continuous validation throughout user sessions.

Protection begins by identifying your protect surface, which is based on data, applications, assets, or services, commonly referenced by the acronym DAAS:

1. Data: Which data do you have to protect?
2. Applications: Which applications have sensitive information?
3. Assets: What are your most sensitive assets?
4. Services: Which services can a bad actor exploit in an attempt to interrupt normal IT operation?

Establishing this protect surface helps you hone in on exactly what needs to be protected. This approach is preferable to trying to guard the attack surface, which constantly increases in size and complexity.

A zero trust policy involves regulating traffic around critical data and components by forming micro perimeters. At the edge of a micro perimeter, a zero trust network employs a segmentation gateway, which monitors the entry of people and data. It applies security measures that are designed to thoroughly vet users and data before to granting access using a Layer 7 firewall and the Kipling method.

A Layer 7 rule could involve inspecting the payload of packets to see if they match known types of traffic. If a packet contains data that doesn’t meet the parameters of the Layer 7 rule, access is blocked. The Kipling method challenges the validity of the entry attempt by asking six questions about the entry and who is trying to get in: Who? What? When? Where? Why? How? If the answer to any of the queries raises a flag, access isn’t granted.

5 Core Pillars of the Zero Trust Security Model

Press enter or click to view image in full size

Zero trust is a cybersecurity model that requires continuous verification of all users and devices, regardless of location. Here are five core pillars of the zero trust model that strengthen security:

1. Identity: Zero trust network security authenticates user identities and allows access only to approved users or enterprise resources. Identity and Access Management (IAM) systems, Single Sign-On (SSO), and Multifactor Authentication (MFA) are popular tools that organizations implement for identity verification.

2. Networks: Unlike traditional network segmentation, zero trust supports micro segmentation and separates resources and workloads into smaller, secure zones. This helps organizations contain breaches and prevent lateral movement. Threat actors cannot access resources they are not authorized to use.

3. Devices: All devices, including laptops, mobile phones, servers, IoT devices, printers, and others in the network, must comply with the organization’s zero-trust policies and security controls. Zero trust maintains complete inventories of all authorized endpoint devices and denies network access to unauthorized devices.

4. Applications and workloads: Zero trust doesn’t trust applications and application programming interfaces (APIs). Organizations use ongoing checks to confirm access each time rather than giving permanent access. They also monitor how applications interact to spot any unusual activity.

5. Data: Organizations that implement zero trust categorize their entire data to apply specific access controls and security policies to protect it. Data being transferred, used, or stored is secured with encryption and dynamic authorization. Besides, organizations monitor data activity to detect any signs of a breach or unauthorized access.

Core Implementation Components

Identity and Access Management

Press enter or click to view image in full size

Strong authentication mechanisms form the cornerstone of Zero Trust implementation. You must establish multi-factor authentication (MFA), password less authentication, and single sign-on (SSO) systems to reliably verify user and device identities.

The Authentication, Authorization, and Accounting (AAA) framework would provide a structured approach for maintaining network security throughout the access lifecycle.

Conditional Access policies would enhance identity verification by evaluating contextual factors during authentication attempts. Azure Active Directory Conditional Access exemplifies this approach through policy-based access control that considers device compliance, user attributes, network location, and sign-in risk levels. The following configuration example demonstrates conditional access implementation:

text# Azure AD B2C Conditional Access Policy Template
apiVersion: conditionalAccess/v1
kind: ConditionalAccessPolicy
metadata:
  name: "Block-Risky-SignIn"
spec:
  assignments:
    users:
      include: ["All users"]
      exclude: ["Global Administrators"]
    conditions:
      signInRisk:
        riskLevels: ["high", "medium"]
  accessControls:
    grant:
      controls: ["requireMFA"]
      operator: "AND"

This policy configuration requires multi-factor authentication when sign-in risk reaches medium or high levels, effectively blocking potentially compromised authentication attempts.
Fortinet takes conditional access policies to the next level using requirements such as certificates, or security baselines such as OS version, or antivirus status. If the OS version for example of a device requiring access, the IAM would audit the device for its OS version, and if it meets the policy, grants access to the captive portal or login page.

Zero-Trust Network Access

Zero trust network access (ZTNA) is an element of zero trust access that focuses on controlling access to applications. ZTNA extends the principles of ZTA to verify users and devices before every application session to confirm that they meet the organizations policy to access that application. ZTNA supports multi-factor authentication to retain the highest levels of verification.

A key element of the ZTNA concept is the location independence of the user. The application access policy and verification process is the same whether the user is on the network or off the network. Users on the network have no more trust than users that are off the network.

For users off the network, ZTNA includes a secure, encrypted tunnel for connectivity from the user device to the ZTNA application proxy point. The automatic nature of this tunnel makes it easier to use than traditional VPN tunnels. The improved experience for users is leading many organizations to shift to ZTNA to replace VPN access.

The ZTNA application proxy point provides a benefit beyond just the transparent, secure remote access. By putting applications behind a proxy point, ZTNA hides those applications from the Internet. Only those users who have been verified can gain access to those applications.

For this ZTNA, I am think of implementing a certificate based authentication mechanism for verification of any user that wants to access an application, without the right organization-generated certificate, irrespective of having the credentials to access an application , that user will not be able to access that application.

Multi-Factor Authentication

Press enter or click to view image in full size

Multi-factor authentication (MFA) verifies the identity of a user by requiring them to provide multiple credentials. With traditional password entry methods, a bad actor only has to figure out a username and password, which often are easy for hackers to acquire. With MFA, users must provide multiple methods of identification.

Multi-factor authentication aids a zero-trust network by increasing the number of user-specific credentials required for access. Using MFA can increase the difficulty for hackers by a factor of two, three, four, or more. An integration of a token provider like Forti Token might be an interesting tool to consider, or Microsoft Authenticator as a source of One time password (OTP).

Endpoint verification

Press enter or click to view image in full size

Endpoints need to be verified to make sure each one is being controlled by the right person. Endpoint verification strengthens a zero trust security approach because it requires both the user and the endpoint itself to present credentials to the network. Each endpoint has its own layer of authentication that would necessitate users to prove their credentials before gaining access.

Then, in order for a component or program on the network to allow the endpoint access, it sends a verification out to the endpoint. The user then responds on the device. The data sent from the endpoint is used to check its validity, and a successful receipt and transmission process earns the device the status of “trustworthy.”

Press enter or click to view image in full size

Unified endpoint management (UEM) allows administrators to centralize how they manage IT infrastructures by giving them a single set of tools they can use to verify multiple endpoints. Endpoint detection and response (EDR) verifies the safety and security of the endpoint. EDR works like a multifaceted antivirus. It scans the endpoint, identifies threats, and then takes steps to protect the endpoint, isolate it from the network if necessary and by extension, the rest of the network.

Microsegmentation

Microsegmentation involves creating zones within the network to isolate and secure elements of the network that could contain sensitive information or provide access to malicious actors. A zero trust security approach benefits from microsegmentation because once the secured area has been microsegmented, it’s protected from threats. The firewall or filter that forms a barrier around the zone can also block threats from exiting the zone, which protects the rest of the network.

Least-Privilege Access

Least-privilege access refers to allowing users and devices to access only those resources that are essential to performing their duties. A zero trust security setup benefits from least-privilege access because it limits the number of points of entry to sensitive data or infrastructure. Least-privilege access may also save time and resources because fewer MFA measures have to be employed, which limits the volume of identification credentials that have to be granted and managed.

The Active Directory configuration specifically Role Based Access Control (RBAC) can help with the implementation of least privilege by ensuring roles have only the necessary access to carry out their various responsibilities.

My High Level Implementation Plan

Strategic Planning and Assessment Phase

Press enter or click to view image in full size

A successful Zero Trust Architecture implementation should begin with a comprehensive organizational assessment and the formation of a cross-functional team. This implementation will be cross-cutting across business units such as the networking, cloud, software and cybersecurity and therefore each stakeholder must be ably represented.

Creation of Implementation team

Press enter or click to view image in full size

I plan to create a team comprising management cadre, network unit, cybersecurity unit, infrastructure architects, engineers and software developers to identify our critical assets and map attack surfaces.

This approach will ensure an alignment between business objectives and security requirements, and hopefully facilitate a smooth implementation across our organization’s various business units. It will also promote collaboration and ensure inclusivity.

This assessment process will involve some critical steps for effective implementation.

Step 1 We will identify all users, devices, and applications accessing the network, including their roles and access requirements. Our Access control list(ACL) would provide lots of value here.

Step 2 We will break the implementation into phases, prioritizing the most vulnerable business areas, and critical assets will be considered and given priority. This phased approach is aimed at preventing overwhelming the technical teams while ensuring systematic coverage of the enterprise infrastructure. A high level work plan would be an outcome of this step.

Step 3 We will focus on identifying technological gaps in current infrastructure and investing in necessary security tools. We will need to look at our authentication systems, privileged access management solutions, and our monitoring capabilities. This technological foundation supports subsequent implementation phases while addressing immediate security vulnerabilities.

Some High Level Technical Implementations I’ve Considered

1. Network Access

• Replace VPNs with software-defined perimeters.
• Segment workloads to prevent lateral movement.
• Deploy identity-aware rules on NGFW.

2. SSH Hardening

• Rotate SSH keys regularly and store them in Privileged Access Management (PAM) vaults.
• Apply just-in-time access for administrators.

3. Certificates & PKI

• Use short-lived certificates for devices and services.
• Automate certificate issuance and renewal .

4. Identity & User Management

• Deploy multi-factor authentication (MFA) across all accounts.
• Automate identity lifecycle management (onboarding, offboarding, privilege revocation).

5. Privileged Access Management (PAM)

• Store admin credentials in vaults with audit trails.
• Enforce session recording for privileged activities.
• Apply just-in-time elevation instead of permanent admin rights.

Merits

Implementing zero trust architecture yields numerous advantages that significantly enhance an organization’s security posture and foster a more agile and resilient IT infrastructure. The inherent flexibility of zero trust architecture enables organizations to readily adapt to evolving business needs and embrace modern work models and cloud technologies with confidence. A comprehensive zero trust architecture diagram illustrates these advantages within the context of an organization’s specific network topology.

Press enter or click to view image in full size

User and Device Security User and Device Security provides solutions that establish trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application. With a zero-trust approach to securing users and devices, you can help prevent or mitigate against several different types of attacks that target users and devices in this new perimeter-less world:

The ideal end state of your zero trust for user and device security would allow your enterprise to answer the following:

● Are my users really who they say they are? Verify the identity of every user, regardless of type (contractors, vendors, third-party providers, partners, remote users, employees, temporary workers, etc.)

● What devices are connecting to my applications and data Get visibility into every type of device, both managed or unmanaged (mobile, laptops, and desktops; company-issued, -owned, or -managed; user-owned)

● Who or what is allowed to access my applications and data? By enforcing adaptive access policies, you can limit access to enterprise applications and data based on user role, type of device, security health of user devices, user group, application type, and much more

● How can I enable remote, frictionless access for all users? With a remote-access proxy, you can enable access to multi-cloud environments, web applications, servers, VPNs, and more for employees, remote workers, and contractors. With Single Sign-On (SSO), you can allow users to securely access their cloud and on-premises applications seamlessly by logging in just once.

In an enterprise architecture, the network may span multiple domains, locations, or sites such as main campuses and remote branches, each with multiple devices, services, and policies. A Zero Trust solution should demand an end-to-end architecture that ensures consistency in terms of connectivity, segmentation, and policy across the full spectrum of the network.

Zero Trust for the network and application security enables network administrators to:

● Know who is on the network. To truly secure the network, you need to know what is connecting to it. For managed devices, such as laptops and smartphones, mobile device management (MDM) can be used to determine what the connecting device is what it says it is. For unmanaged devices, such as BYOD or IoT devices, network-based machine learning can be used to identity attributes for categorization, while sensitive workloads can be limited to managed devices controlled by the enterprise

● Define what endpoints can access. Segmentation and access policies should be easily defined for individual devices as well as groups of similar devices. These policies should be defined with least privilege access to help ensure that the devices have only the minimal level of access to minimize the potential for lateral movement of threats

● Provide always-on analysis and enforcement. Security threats are always evolving, so a continuous loop of analysis and enforcement must be administered to stay atop intrusions and vulnerabilities. It is important to understand traffic norms and identity the out-of-policy traffic, enabling device isolation in the case of an event

Application and Data Security

Application and Data Security secures connections for all APIs, microservices, and containers that access applications, whether in the cloud, data center, or other virtualized environment.

Enterprise networks are increasingly becoming more complex as applications move to multi-cloud and leverage containers and microservices, effectively creating new security, reporting, and compliance challenges. With a zero-trust approach to securing applications and data, you can help prevent or mitigate against several different types of attacks that target applications:

Press enter or click to view image in full size

The need for comprehensive visibility of all network traffic down to the individual workload level for effective security policy management and enforcement has never been more important than now. The ideal end state of your zero trust for the workloads solution would allow your enterprise to answer the following:

● Do I have complete visibility of application communication? Achieving comprehensive zero trust and true end-to-end visibility across on-premises and multi-cloud environments requires robust network-based detection and response. It is critical to understand who and what are on the network before any segmentation policies can be applied

● Can I control workloads moving laterally throughout the network? When you have visibility across how the digital business operates, you can create smart segmentation policies to control access to critical resources. This ability is very important to prevent threats from spreading and creating a significant impact.

● Do I understand the posture of my applications and are they compliant with industry best practices? Organizations that have moved resources and workloads to public cloud environments like AWS, Azure, and Google Cloud Platform face a multitude of new security, policy, and compliance-related challenges. Developing robust cloud security posture management (CSPM) capabilities such as monitoring risk exposure levels related to configuration, network segmentation, user, and system events helps guarantee sound policy management and protect against data leakage

Challenges of the Coming Implementation

Press enter or click to view image in full size

With any implementation comes challenges (duh), and as the title states, I was thrown into this, so there will definitely be a number of them, but let’s look at the common challenges anybody would face with such an implementation.

• Complexity: Integrating IAM, SIEM, and PAM requires orchestration and lots of technical know-how. Sometimes the documentation to carry this out is not available, or more they simply do not support such integration.
• Legacy Systems: Older infrastructure may not support Zero Trust controls. In every enterprise you will find legacy system, there’s the saying “if it ain’t broke!” Many of these systems are usually fully functional but in the rat life of life, are ignored for many reasons.
• User Resistance: MFA and strict access policies may face pushback. Human beings are a source of much of my headache, and I already anticipate the feedback I will get from them. Feedback is great, and I strive to create an environment where feedback is freely and honestly given. When you’ve worked with people, you will know that convenience is way more important to them than security.
• Cost: Enterprise-grade SIEM and IAM solutions can be expensive. Bruh like very expensive godammit (forgive my language for I have seen costs). Once again, this should not be an excuse to not acquire them, the ROI is often worth it, avoiding loss of face, regulatory and legal repercussions and loss of data usually costs more in the short and long term so……..

Final Thougts

This article has gone long enough to be honest, but as you know, I use my writing to also arrange my thoughts, this writing has brought me much more clarity.

This whole ZTA thing has been in the works for ages, but it took recent breaches to fast forward it so, I thank the threat actors (Please leave us alone)

I hope you have found value in today’s article, consider subscribing, clapping and following me on my socials. If you have any questions, I am only a DM away.

• LinkedIn: https://www.linkedin.com/in/m49d4ch3lly
• Twitter: https://twitter.com/m9D4ch3lly
• GitHub: https://github.com/UFarouk10
• Gmail: [email protected]