Business and Enterprise
Protect your company from cybercriminals.Start Free Trial
Zero trust is a modern security framework that eliminates implicit trust, requires all human users and devices to be continuously and explicitly validated and strictly limits access to network systems and data. Instead of focusing on where users are logging in from, zero trust concentrates on who they are.
Zero trust is based around three core principles:
Assume breach. Despite the best security defenses, breaches will eventually happen. Any user on your network (human or device) could be compromised right now. Take measures to minimize the "blast radius," such as segmenting networks, ensuring end-to-end encryption and using smart analytics to identify potential threats.
Verify explicitly. All humans and machines must prove that they are who they say they are before they can access your organization's network and all of the systems, apps and data contained therein.
Ensure least privilege. Once logged onto the network, users should have the minimum amount of network access they need to perform their jobs, and no more. A zero-trust deployment always includes role-based access controls (RBAC) with least-privilege access.
Zero trust works by eliminating implicit trust. Historically, network security models implicitly trusted all users and devices inside the network perimeter. This worked well when network components and users were almost exclusively located on-premises. However, thanks to the widespread adoption of cloud computing and – more recently – remote work, the “network perimeter” no longer exists. The overwhelming majority of organizations now use hybrid data environments composed of both on-premise “private” clouds and at least one public cloud, and users connect to organizational resources from anywhere and everywhere.
Even once users are authenticated and allowed onto the network, they’re not given free reign – because any user could be compromised. Identity and device verification are performed as the user moves through the network, and each user can access only the resources they need to perform their jobs.
In a zero-trust security model, least-privilege access and RBAC are supplemented by network segmentation, including the “microsegmentation” of especially sensitive data assets. The idea is that while the network as a whole has no perimeter, it should be separated into smaller segments for specific workloads and data, with each segment having its own ingress and egress controls. A common use case for zero-trust microsegmentation is separating regulated data, such as employee tax data and protected health information, from non-regulated data.
By limiting network access levels, segmenting and microsegmenting networks and strictly controlling the number of privileged users, zero trust limits the ability of threat actors to compromise sensitive systems and data.
Zero trust has a world of benefits, which is why so many organizations are embracing it.
One of the biggest challenges to implementing a zero-trust security strategy is that there are no universal implementation standards. Many organizations turn to the seven-step process laid out in NIST Special Publication 800-207:
This encompasses both human users and non-human identities, such as service accounts. NIST notes that privileged users, including IT administrators and developers, need special scrutiny, as these users may have unfettered access to digital resources. In a zero-trust framework, even privileged accounts should be least-privilege, and account activity must be monitored and logged.
Identifying and managing all assets that connect to the organizational network is key to a successful zero-trust deployment. This includes:
NIST admits that a comprehensive asset inventory may not be possible, so organizations should also ensure they can "quickly identify, categorize, and assess newly discovered assets that are on enterprise-owned infrastructure."
In addition to cataloging assets, this step includes configuration management and monitoring, as the ability to observe the current state of an asset is part of the zero-trust authentication process.
Identify, rank and evaluate the risks of your organization’s business processes and dataflows, including their importance to your organization’s mission. This will help inform which processes are good initial candidates for a zero-trust deployment. NIST recommends starting with processes that depend on cloud-based resources and/or are used by remote workers, as these will generate the most immediate security improvements.
This is a continuation of Step 3. After identifying an asset or workflow to migrate to zero trust, identify all upstream and downstream resources that the asset or workflow uses or affects. This helps finalize initial zero-trust migration "candidates" and ensures that least privilege and other policies applied to them achieve maximum security without hindering workflow.
There are many zero-trust-compatible solutions on the market, but not all of them are suitable for your specific data environment and business needs. NIST recommends taking the following into consideration when choosing zero-trust tools:
Does the solution require that components be installed on the client asset? This could limit business processes.
Does the solution work in cases where business process resources exist on premises? Some solutions assume that requested resources reside in the cloud (so-called north-south traffic) and not within an enterprise perimeter (east-west traffic). This poses a problem in hybrid cloud environments, where legacy line-of-business apps that perform critical functions may be run on-premises because migrating them to the cloud isn’t feasible.
Does the solution provide a means to log interactions for analysis? Zero-trust access decisions depend heavily on the collection and use of data related to process flow.
Does the solution provide broad support for different applications, services and protocols? Some solutions may support a broad range of protocols (SSH, web, etc.) and transports (IPv4 and IPv6), but others may only work only with web or email.
Does the solution require changes to existing workflows? Some solutions may require additional steps to perform a given workflow, which could require the organization to make changes to the workflow.
NIST recommends that enterprises consider initially implementing zero trust in “monitoring mode” so that IT and security teams can ensure that policies and processes are effective and feasible. Additionally, once baseline user and network activity are established, security teams will be better able to identify anomalous behavior down the road.
After the initial rollout of zero trust, it's time to migrate the next set of candidates. This step is continuous; whenever changes occur to the organization’s data environment or workflows, the zero trust architecture must be reevaluated and adjusted accordingly.
Zero trust and zero knowledge are quite different but complementary concepts. If the motto for zero trust is “Trust no one,” the motto for zero knowledge is, "We have no knowledge of your data, because we have no way to access it."
Zero trust ensures that only authenticated users can access network resources and data by continuously monitoring and validating that users and devices have the correct attributes and privileges.
Zero knowledge utilizes a unique encryption and data segregation framework that prevents IT service providers from having any knowledge as to what is stored on their servers. Keeper is a zero-knowledge security provider, and all of our products are built using a zero-knowledge architecture. This means that:
Zero knowledge supports zero trust by limiting the “blast radius” of a remote data breach. In the highly unlikely event that Keeper were ever breached, threat actors would be completely unable to access the contents of our customers' vaults – because even we can’t do that!