What Is Zero Trust Architecture In Network Security & Why It Is Gaining Prominence

Zero Trust

Rooted in the principle of ‘never trust, always verify’, the Zero Trust model, developed by John Kindervag of Palo Alto Networks, is a strategic security initiative that prevents successful data breaches by eliminating the concept of ‘trust’ from an organisation’s network architecture. Meaning, this architecture treats all users as potential threats and accordingly sets its authentication and access restriction mechanisms. The Zero Trust Architecture works upon the flaw of traditional systems, which believe that data needs to be only protected from outside of an organisation.

This architecture implements a network-centric data security approach that gives access only to specific participants by enabling parameters that dictate access. It employs a positive security enforcement model where set conditions must be met before gaining access to resources. 

Active Utilisation in WFH Scenarios

The COVID-19 pandemic and resulting nationwide lockdown in most parts of the world gave way to several months-long work from home arrangements. While some companies are going back to their brick-and-mortar offices in varying capacities, a large number of them still prefer to go the WFH way. In fact, prominent organisations such as Twitter and Square have Ok-ed a permanent WFH set-up for their employees.

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Quite evidently, remote working does have its own set of challenges. Security being the primary concern. Enter Zero Trust in the scenario. Kindervag developed Zero Trust about a decade back; however, the mainstream popularity it has gained in recent years is unprecedented. The migration to a more hybrid multi-cloud system has been a major reason behind this.

The perimeter-less approach of Zero Trust model is what makes it a current favourite in the security circles. It focuses on ensuring proper identification and access. It leverages analytics and response tools to give full visibility to the security operations centre (SOC).

Some of the tools of Zero Trust implementation are:

  • Using multi-factor authentication and session risk detection for minimising the risk of potential identity compromise.
  • Adopting distributed segmentation of networks with micro-perimeters over centralised one.
  • Defining and adopting access policies.
  • Using cloud intelligence and other available resources, including AI, to detect access-breach in real-time.
  • Reducing organisation’s mean time to respond to attacks.
  • Classifying, protecting, and monitoring sensitive data to reduce exposure from intentional or accidental exfiltration.

The Zero Trust Architect identifies a ‘protect surface’ that is made of the network’s most critical data DAAS (data, assets, applications, and services). DAAS, and consequently, the protect surface is unique to every organisation. Once the protect surface is identified, the traffic movement can be monitored, which then helps in determining which users are using what applications and how. Once that is established, ‘microperimeter’ around each of these protect surfaces are created using a segmentation gateway, also known as a next-generation firewall. This microperimeter moves with the protect surface.

The segmentation gateway provides additional layers of inspection and access control through Kipling method-based Layer 7 policy. The Kipling method defines the Zero Trust policy on user context, location, and device posture, among other parameters. This policy then decides who can traverse the microperimeter at any given time and prevents access to protect surface from authorised users. 

Looking Ahead

In the post-COVID world, assuming that traditional security systems are enough for an organisation would be nothing short of wishful thinking. In such traditional systems, once the attacker gains access to the internals of the microservice architecture, the complete defence system is rendered useless. The attacker may then have complete access to all data handled by such a system. Here is where the Zero Trust model gains its advantage from. In fact, a Deloitte study revealed that about 37.4 percent of security professionals say that their organisations have adopted the Zero Trust Model.

All said, there are a few challenges in adopting the Zero Trust Model. The main challenge, however, erupts from the fact there are way too many varied users (in office and remote), devices (mobile, IoT, biotech), applications (intranet and design platforms, and ways to access and store data (drive, cloud, edge). However, despite these challenges, the recent changes in the threat landscape, including recent vulnerabilities in VPNs, may only encourage organisations to adopt it.

Shraddha Goled
I am a technology journalist with AIM. I write stories focused on the AI landscape in India and around the world with a special interest in analysing its long term impact on individuals and societies. Reach out to me at shraddha.goled@analyticsindiamag.com.

Download our Mobile App


AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIM Research

Pioneering advanced AI market research

Request Customised Insights & Surveys for the AI Industry


Strengthen Critical AI Skills with Trusted Corporate AI Training

Our customized corporate training program on Generative AI provides a unique opportunity to empower, retain, and advance your talent.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox