🏰 Zero Trust Architecture
Never trust, always verify — micro-segmentation, continuous authentication, least privilege enforcement, and zero trust network access (ZTNA).
Overview
Zero Trust Architecture (ZTA) is a security model that eliminates implicit trust from the network. Instead of assuming everything inside the perimeter is safe, ZTA treats every access request as potentially hostile. Defined by NIST SP 800-207, it requires continuous verification of identity, device health, and context before granting access — regardless of network location. The three pillars: verify explicitly, use least privilege access, and assume breach.
Core Principles
Verify Explicitly
Always authenticate and authorize based on all available data points — identity, location, device health, service, data classification, and anomalies.
Least Privilege Access
Limit access with just-in-time (JIT) and just-enough-access (JEA). Use risk-based adaptive policies and data protection to secure both data and productivity.
Assume Breach
Minimize blast radius with micro-segmentation. Verify end-to-end encryption. Use analytics for threat detection, visibility, and automated response.
ZTNA (Zero Trust Network Access)
Replaces VPN with identity-aware application proxies. Users authenticate to specific applications, not the network. Hides infrastructure from the internet.
Micro-Segmentation
Software-defined granular network segmentation at the workload level. Controls east-west traffic between applications and services.
Continuous Evaluation
Session trust is re-evaluated continuously — behavioral analytics, device posture checks, and risk scoring during the entire session, not just at login.
Zero Trust Architecture Model
NIST SP 800-207 Zero Trust Architecture
Policy decision point evaluates identity, context, and risk before granting resource-specific access
Interview Preparation
What is Zero Trust and how does it differ from traditional perimeter security?
Traditional perimeter security uses a 'castle and moat' approach — everything inside the network is trusted. Zero Trust eliminates this implicit trust: every request is verified regardless of source. Key differences: 1) Identity-centric vs. network-centric, 2) Micro-segmentation vs. flat internal network, 3) Continuous verification vs. one-time authentication, 4) Application-level access vs. network-level access, 5) Assume breach vs. trust but verify. ZTA is defined in NIST SP 800-207.
How would you implement Zero Trust in an enterprise?
Phased approach: Phase 1) Identify and map all assets, data flows, and users. Strong identity foundation (MFA, SSO). Phase 2) Implement device trust and posture assessment (MDM/UEM). Phase 3) Deploy ZTNA to replace VPN for application access. Phase 4) Micro-segment the network. Phase 5) Implement continuous monitoring and adaptive access policies. Start with high-value assets and crown jewels. Measure with metrics: percentage of apps behind ZTNA, MFA adoption, segment coverage.
Framework Mapping
| Framework | Relevant Controls |
|---|---|
| NIST | SP 800-207 (Zero Trust Architecture), SP 800-53 AC-4 (Information Flow), SC-7 (Boundary Protection) |
| MITRE | T1078 (Valid Accounts), T1021 (Remote Services), T1563 (Remote Service Session Hijacking) |