IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

How to build a zero trust model

Threats are becoming greater and more diverse, but having a zero trust architecture could help your business defend its infrastructure

In the early days of computer networking, cyber security was predominantly focused on the perimeter because it was thought you needed to keep the bad guys out. Within the perimeters was thought to be safe and trusted, while outside the enterprise firewalls danger lurked.

However, this assumes that hackers haven’t already got into the network and started doing damage. Cyber criminals can get a grip within a businesses' infrastructure by exploiting a vulnerable system, stolen credentials, or by exploiting poorly configured wireless connections. To counteract this scenario, many modern enterprises are adopting a zero trust model.

What is a zero trust model?

Related Resource

Identity is key to stopping these five cyber security attacks

Many attacks begin with the same weakness: user accounts

Whitepaper cover with a blurred image of a stack of data chipsFree Download

Zero trust is a relatively new and evolving approach to network design. It means “never trust, always verify”. By default, devices on a network are not trusted, even when connected to a corporate network and even if previously verified.

This model protects the environment by using methods and processes such as network segmentation, strong authentication, preventing lateral network movement, and simplifying “least access” policies.

So how does an organisation go about building, running, and using a zero trust model in the infrastructure?

Network segmentation

The foundation of a zero trust architecture is network segmentation. Systems and devices must be segregated according to the types of data they process and the access they permit. This can then limit the reach of a hacker once they get into the network.

To segment a network, organisations should create a comprehensive roadmap based on business and security aims. They should then map application dependencies so that organisations know how apps communicate to endpoints within the infrastructure. Finally, a network should not be over-segmented as this can lead to over complexity and may prevent employees from doing their jobs properly if they can’t access the systems they need to.

Identity and access management improvement

A strong identity and access management infrastructure is another precondition of a zero-trust model. Multi-factor authentication offers additional reassurance of identity and defends against credential stealing. Implementing role-based access control permits applications to limit access in a way that implements the principle of least privilege.

Deploying least privilege at the firewall

Least privilege not only applies to users, but it also applies to networks. After network segmentation, access between networks should be locked down to only allow traffic between them according to business needs.

Using a next-generation firewall (NGFW) can help organisations to implement what Gartner defines as a  “deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”

Monitoring using AI and machine learning

Related Resource

Identity is key to stopping these five cyber security attacks

Many attacks begin with the same weakness: user accounts

Whitepaper cover with a blurred image of a stack of data chipsFree Download

Machine learning can be used by organisations to speed up the work of detecting and mitigating threats. Usually, security analysts would use security information and event management (SIEM) solutions to gain a comprehensive understanding of security events collected from systems, devices, and applications across an organisation’s network and clouds. Machine learning and artificial intelligence (AI) can help to surface threat indicators that would otherwise be lost in reams of data.

This gives security teams a better way of recognising what activity is taking place and if it is normal activity that machine learning has been trained to identify. If this activity falls outside normal usage patterns, AI can flag this up as suspicious and help enterprises improve their defences from both internal and external threats and deploy a more full-bodied zero trust security model.

Ongoing management and issues

A zero trust model should be thought of as part of an organisation’s overall digital transformation strategy. It should be by design and not simply retrofitted. This means implementing technology to achieve zero trust as more systems move to the cloud and legacy systems are replaced.

Moving to zero trust should involve an ongoing conversation between security and the rest of the organisation to prioritise what moves to a zero-trust model and what can wait.

When up and running, managing zero trust should involve security teams developing and maintaining zero trust models, while network teams manage networks. The security team should also carry out regular audits to ensure that the network adheres to the policies and protocols of zero trust. Critical workloads will need more analysis of users and devices compared to other, less important, workloads.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Ex-Twitter tech lead says platform's infrastructure can sustain engineering layoffs
Infrastructure

Ex-Twitter tech lead says platform's infrastructure can sustain engineering layoffs

23 Nov 2022