Zero Trust Security Architecture

docx

School

London School of Business and Finance *

*We aren’t endorsed by this school

Course

102, 200

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

26

Uploaded by george2550

Report
1 Zero Trust Security Architecture Student Name Course Name Professor Name January 04, 2023
2 Abstract A cybersecurity strategy known as "zero trust" is founded on a set of tenets that direct network lines away from wide, static different networks and toward a more focused attention on topics, business funds (including such devices, network components, applications, electronic and cloud aspects), and personal or small groups of assets. A ZTA uses zero-trust ideas to design for and defend organisational architecture and operations. A ZTA environment is not intended to accept any implicit confidence toward assets and individuals, regardless of their biological or network positions. Therefore, a ZTA will never provide access to assets unless a person, item, or task has been verified through reliable identity and authentication. Conventional network security boundaries are being re-evaluated by organisations. A (ZTA) combats this trend by focusing on protecting resources instead of networking edges as the network position is no longer perceived as the key module of the properly maintained necessary for a service. The goal of this project is to build a ZTA for a conventional, general- purpose commercial information technology (IT) design that comprises users (such as employees, contract workers, guests, and non-person organisations), assets, and business assets. The business or a third-party provider may store and manage resources on-site, in the cloud, at the periphery, or by combining any of these options. Telecommuters, subsidiary or partner sites, and BYOD (bring your own device) usage are further possibilities. Keywords: zero trust architecture (ZTA), zero trust network, zero trust (ZT).
3 Contents Abstract ...................................................................................................................................... 2 Chapter 1 .................................................................................................................................... 4 Background/Introduction ........................................................................................................... 4 Introduction ............................................................................................................................ 4 Problem Statement and Purpose of Research ......................................................................... 6 Relevance and Significance .................................................................................................... 6 Research Questions ................................................................................................................ 7 Barriers and Issues .................................................................................................................. 7 Chapter 2 .................................................................................................................................... 8 Review of the Literature ............................................................................................................. 8 Chapter 3 .................................................................................................................................. 15 Approach/Methodology ........................................................................................................... 15 Chapter 4 .................................................................................................................................. 17 Findings, Analysis, and Summary of Results ........................................................................... 17 Data Analysis ........................................................................................................................ 17 Findings & Discussion ......................................................................................................... 18 Analysis ................................................................................................................................ 19 Summary of Results & Discussion ....................................................................................... 19 Chapter 5 .................................................................................................................................. 21 Conclusion ................................................................................................................................ 21 Conclusion ............................................................................................................................ 21 Implications .......................................................................................................................... 22 Recommendations ................................................................................................................ 23 References ................................................................................................................................ 24
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Zero Trust Security Architecture Chapter 1 Background/Introduction Introduction The Federal Government should constantly modernize its cybersecurity strategy to stay up with today's changing and more complex cyber threat scenario. The strategy for accomplishing this will center on speeding up the motion to safeguard cloud assistance that improves cybersecurity, such as awareness of risk exercise and risk. It will also focus on speeding up the implementation of security best practices, a Zero Trust Architecture (ZTA), and safety industry standards in general. An agency should first choose a protective surface before implementing a ZTA. The only method to decide on and implement a policy that assures secure accessibility to the data is to have a thorough knowledge of the users, the apps they utilize, and how they interact. This examination of the interrelations among the DAAS, infrastructure, applications, and customers will show the agency exactly where controls need to be implemented, leading to the definition of several micro-perimeters for every DAAS. These micro-perimeters would logically follow the defense surface anywhere it moves and will be specified near the shield surface as feasible by construction. The agency will successfully establish micro-perimeters by installing segmented gateway(s) to guarantee that only known approved traffic or genuine apps have entry to the protected surfaces. A hardware or software network system known as a segmented gateway can implement user access at the applications layer with fine-grained control. With a policy based on the Kipling Way, which creates Zero Trust policies depending on who, what, when, where, why, as well as how, the segmented gateway performs as the PEP (Alagappan et al., 2022).
5 To prevent unauthorized access permissions and the data leakage of critical data, this Zero Trust policy establishes who is permitted to cross a micro-perimeter anywhere at a given moment. The agency must keep an eye on and manage in real-time, finetuning the secure surface, different unaccounted-for sorts, and methods to strengthen policy after developing a Zero Trust policy around a safeguard surface. Zero trust (ZT), a growing body of cybersecurity ideas, reorients defences away from immovable, network-based limitations and toward people, goods, and assets. A ZTA is used to plan the company and industrial infrastructure and operations (ZTA). Zero trust adopts that no implied trust is provided to items or user information founded merely on their physically or connecting location (for instance, LAN vs. the internet) or reliant on capital management. Before a connection to an organizational resource is created, verification and permission are separate tasks. With the introduction of wireless users, bring your own device (BYOD), and cloud-based services outside of an enterprise-owned protected network, corporate networks have undergone developments that have prompted the advent of zero trust. Zero trust focuses on safeguarding resources (properties, services, activities, network identifiers, etc.) rather than multiple networks since network location is typically not thought of as the major component in defining the defensive capability of the property. This article offers an abstract notion of (ZTA) in relation to general deployment techniques and usage cases where zero trust may improve an enterprise's overall InfoSec position (Alevizos et al., 2021). Problem Statement and Purpose of Research The concept underpinning the "zero trust" cybersecurity model holds that trust is not ever automatically provided but is instead continually evaluated. Zero trust architecture is a comprehensive approach to protecting corporate assets and data that covers identity (for both human and inhuman objects), passwords, security systems, operations, endpoints, hosting environments, and the underlying infrastructure. Controlling access to resources to those who
6 actually want them and only allowing the basic privileges (including such reading, posting, and erasing) necessary to perform the work should be the top priorities (Alevizos et al., 2021). Relevance and Significance This complicated corporate has created the "zero trust" cybersecurity perception (ZT). A ZT method is chiefly concerned with shielding data and facilities. Still, it can and should also cover all enterprise assets, including devices, infrastructural facilities, software products, digital and cloud elements, enterprise customers, apps, and other nonhuman agencies that have the availability of alternative resources. Except if the section refers to a person and end user, "topic" will be employed throughout this text. In that case, "user" will be utilized rather than the more general "subject." Zero trust security paradigms presuppose that an adversary is present in the ecosystems and that the safety of a company-owned setting is the same as that of a non-company-owned context. In the new method, a company must constantly analyze the risks to its assets and operating capabilities and avoid making implicit trust assertions before putting in place controls to lower those risks. These protections in zero trust typically entail restricting access to assets to only the topics and investments identified as requiring access and continuous authentication and authorizing each access token identity. Research Questions 1. What are the foundational concepts of Zero Trust? 2. What is the zero trust architecture attempting to solve? 3. Do you do more than just Zero Trust Network Access? Barriers and Issues A (ZTA) corporate cybersecurity framework is built on zero trust concepts and formed to stop data theft and restrict inside lateral displacement. This article examines threats,
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7 installation situations, and ZTA's logical elements. Additionally, it analyses pertinent federal regulations that can have an effect on or affect a zero-trust architecture and provides an overall road map for firms desirous to change to a zero-trust design strategy. ZT is a collection of guiding concepts for workflows, systems integration, and management that may be utilized to strengthen the overall security of any categorization or sensitive level. It is not a singular architecture. The transition to ZTA is a process that involves how an organization assesses risk concerning its goal and cannot be completed by merely replacing technology in its entirety. However, many businesses already have parts of a ZTA as part of their corporate infrastructure. Zero trust concepts, process modifications, and technological solutions that safeguard data assets and business operations should be gradually implemented by organizations, depending on the use scenario. Despite continuing to engage in IT modernization programs and enhance organizational business operations, most company architectures will run in a mixed zero trust/perimeter-based manner. For zero trust to work, businesses must adopt thorough information security and resilience procedures. A ZTA may use a managed risk strategy to guard against potential attacks and enhance an organization's overall security when used with current cybersecurity rules, guidelines, authentication and access control, continuous surveillance, and best practices (Alagappan et al., 2022).
8 Chapter 2 Review of the Literature Campbell 2020, stated that Zero trust (ZT) presents a group of perceptions and ideas that are designed to eliminate ambiguity when imposing explicit, least privileged per-request accessible options in data systems and programs in the presence of a network that is thought to have been compromised. ZTA is a company's cybersecurity approach that applies zero trust theories and includes constituent interactions, workflow administration, and access restrictions. So an organisation that has put into practise network infrastructure (both physically and digital) and operational practises as part of a zero-trust architectural design is referred to as a zero-trust business. As part of a planning process informed by zero trust ideas, a company adopts zero trust as its central approach and develops a ZTA. Then, this plan is implemented to establish a zero-trust environment across the whole organisation. To prevent unwanted access to data and applications and pursue the most detailed access control compliance feasibly, this definition concentrates on the core of the difficulty. This may be furthered by changing the word "data" to "resource," making ZT and ZTA more regarding resource availability than just data access. The emphasis is on verification, authorization, and reducing implied trust zones while preserving availability and eliminating temporal latencies in verification techniques to minimize uncertainties (since they cannot be abolished). Access rules are established as precisely as feasible to impose the minor rights necessary to carry out the activity in demand (Campbell, 2020). He et al., 2022 stated that the notion of eliminating wide-area perimeter defenses as a reflection is highlighted in many descriptions and debates of ZT. However, most of these classifications (including micro-segmentation and micro-perimeters) still define themselves concerning boundary lines in a certain way. The development and execution of a zero trust
9 architecture are guided by the underlying zero trust basic principles. All forms of computing and information sources are considered resources. A network may consist of different hardware classes. A network might also contain small-footprint devices (SaaS), programmes that give instructions to controllers, and other activities. The corporation may classify a user's gadget as a resource when it has accessibility to corporate resources. Despite the network's address, every communication is protected. The identical security standards apply to transmission and accessibility requests from every other non-enterprise-owned network as well as assets placed on enterprise-owned networking infrastructure (such as inside a traditional protected network). In other words, trust must not be immediately given just since a device is associated to a corporate network substructure. All interactions should be carried out in the best secure way possible, including source authentication, secrecy, and integrity protection (He et al., 2022). As per Buck et al., 2021, specific enterprise assets are accessible for a set time per session. The trustworthiness of the requester is assessed before entrance is granted. Access must be granted with the least degree of authority necessary to complete the task. This particular transaction may signify "recently" and may not take place right before beginning a session or transferring money with an asset. After proper identification and permission, access around one service may not necessarily grant access to another. All managed and associated assets are monitored by the company, and their security posture and integrity are assessed. No asset may ever be taken for granted. The organisation takes into account the asset's security posture while evaluating a resource need. The trustworthiness of the petitioner is assessed before access is approved. Access must be granted with the minimum degree of authority necessary to complete the task. This particular transaction may signify "recently" and may not take place right before beginning a session or transferring money with an asset. After proper identification and permission, access around one service may not necessarily grant access to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
10 another. All managed and associated assets are monitored by the company, and their security position and integrity are assessed. No asset may ever be taken for granted. The organisation takes into account the asset's defense capabilities while evaluating a resource need. This also needs a strong monitoring and reporting system to offer information that may be used to take appropriate action (Buck et al., 2021). According to Ramezanpour and Jagannath 2022, before access is given, all resource identity and authorisation are carefully monitored and updated. Access should be acquired, threats must be identified and analysed, adjustments must be taken, and trust in ongoing communication must be periodically checked. Every business employing a ZTA should have identification, passwords, access control lists, and effective way systems in place. Access to any or all corporate resources may well be granted via multi-factor authentication (MFA). In order to achieve a compromise between security, reliability, usefulness, and cost-efficiency, ongoing monitoring with possible validation and reauthorize occurs across user interactions as stated and mandated by strategy. Any business using ZTA for network design and implementation must adhere to a few fundamental network connection presumptions. Some of these presumptions relate to the network infrastructure that is owned by the business. In contrast, others apply to business resources that use network infrastructure not controlled by the company (Ramezanpour & Jagannath, 2022). Chen et al., 2020 stated that these presumptions guide the development of a ZTA. A company deploying a ZTA should build its network based on the ZTA mentioned above and the following presumptions. The traditional perimeter-based network security approach is too rigid to keep up with current technology developments. The tenets of the new network security infrastructure dubbed as "zero trust" are never to trust and always to check. To gain access, the accessing subject must be verified, whether it is on the corporate system or the outside network. This article discusses the zero-trust architecture and examines critical
11 technologies, such as identity verification, security systems, and trust assessment (Chen et al., 2020). Dhar and Bose 2020, elaborated that the technological pillars of ZTA are identity verification, security systems, and trust management methods. The trust evaluation method assesses the trusted level of the ZTA item and serves as the primary credentials for identity authenticity and access management. Identity verification primarily comprehends the credentials of the item in the ZTA. The primary areas of ZTA study are its architecture, identity verification, security systems, and trust management algorithm. This research is currently in its early stages. In light of these four factors, this study introduces the present research state of ZTA growth. As a result, this study delivers a summary of the present research state of ZTA growth from such four perspectives, as well as a discussion of their primary challenges and potential future research areas. The ZTA focuses on corporate security by accomplishing business concealing, transmission cryptography, and fine control; it is generally based on identification, assigning an online identity to individuals and devices, and establishing minimal privileges for access topics. The assurance of ongoing trust assessment includes user trust evaluation, environmental danger assessment, and strange behavior identification. Using variable authorization control, such as immediate attribute- based network access, hierarchy access depending on trust level, and variable permissions considering risk (Dhar & Bose, 2020). Zero trust is naturally a type of "endogenous security" since it relies on the security aspects of identification, trust, password protection, rights, and other dimensions. Such security skills are also a crucial component of the information-based corporate structure. It's sort of a spiral condensation of commerce and safety. Security hardware realizes the mutually independent system of enhanced security from the basic business systems to the fulfillment of business goals, merges into a tight connection between safety and business, and then goes to
12 safety and applicability once again. Identity identification, security systems, and trust evaluation are the three leading technologies that the ZTA relies on, and they are all thoroughly examined. The results of this study will serve as a guide for the future transition of perimeter-based cybersecurity structures to ZTA (Dhar & Bose, 2020). The authors Ferretti et al., 2021 stated that trust is the main issue with information security nowadays. The networks may be changed to increase their efficacy, efficiency, and conformity while also making them easier to develop and operate. Zero Trust is based on several key ideas: Our security devices no longer have a trusted or unsafe network, a trustworthy or untested user base, or an unsecured user interaction. Under Zero Trust, Infosec professionals must regard all network communication as untrusted. Although the idea of trust is one that infosec professionals should not attach to packets, network activity, and data, Zero Trust doesn't imply that workers are unreliable. A new trust paradigm is required in the age of the malevolent insider. By altering the trust model, researchers decrease the probability that insiders would exploit or exploit the network and raise our chances of catching cybercrime early on. The InfoSec zero trust paradigm can provide knowledge and skills the assertion they requirement to take bold and operative measures. It will encourage safety and architectural specialists to build security into networks naturally. Current techniques successfully layer more restrictions over already-existing systems to provide what seems to be a secure solution. Since the sector is hesitant to develop technology to meet future demands, these projects typically fail. One needs to be prepared to put aside preconceived preconceptions regarding what the network must be and consider what it may be in order to reinvent it. Scientists can construct a network having zero trust by relating network architecture to the level of trust. Zero Trust should address these three ideas, enabling web security (Ferretti et al., 2021). Chuan et al., 2020 explained that it facilitates the rapid rollout of a Zero Trust Security architecture to protect mission-critical data and applications. It works equally well in both
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
13 cloud and on-premises storage settings. Configuring several firewall connections to enclose the whole network in a safe zone is the standard method of micro-segmentation. Following a methodically laid out plan, users can confidently assess their current situation and plan their next move. In a trustless setting, the right individual must present the proper credentials. Safe user application provisioning requires an adaptive authentication strategy that considers both devices and user groups. Still, passwords are the security system's weakest link. When a cloud computing firm is purchased to keep sensitive data safe, it becomes difficult to delete any data from the cloud without the proper authorization and verification. Since it would be impossible for malicious actors to penetrate such a company, protecting the data would be a breeze. Because of the nature of Zero Trust architecture, the idea of a functional firewall within a specific corporate border is rendered useless. Businesses keep their data in separate locations while keeping their apps in-house. This idea is built on not giving anyone access to private information. To ensure maximum security, we can no longer depend on firewalls to protect us from cybercriminals. The advent of the zero-trust strategy directly results from the shift in how businesses function (Chuan et al., 2020). Mandal et al., 2021 described that a Zero Trust Architecture aims to fortify an existing network by filling in any security holes discovered and information accessed through the web. Zero Trust networks have several benefits and should be used to replace outdated systems. It is assumed that when working in zero-trust network architecture, we are exposed to a wide range of potential dangers and vulnerabilities. As a result, it encrypts all incoming and outgoing information to forestall any shady goings-on. Instead of treating people, devices, and data inside the network as inherently trustworthy, as is the case in typical network architecture, zero-trust establishes a more segmented architecture in which nothing is trusted unless proven reliable. Authentication and authorization-based protocols are the sole means to develop trust. A firewall effectively blocks unwanted traffic. The problem is they
14 are permanently installed and then forgotten about. Firewalls require finetuning and customization for each deployment. This makes them seem untrustworthy to businesses, as they can't be relied on to safeguard their security infrastructure. The basic tenet of Zero Trust is the belief that no user or system, internal or external, can be trusted by the business. There would be many advantages to switching to a Zero Trust Network design. To manage, monitor, and protect the business network infrastructure, extensive preparation is required before the model can be implemented (Mandal et al., 2021).
15 Chapter 3 Approach/Methodology The PEP, PA, and PE all talk to one another over a network that is logically distinct from the rest of the business's infrastructure. Users in the organization need permission to use the parts of the Policy Enforcement Point that control access to company data. The access decision process in a zero-trust network architecture needs a scalable infrastructure to support it. SASE is an innovative framework for today's decentralized, mobile, and cloud-based businesses. Zero trust implements the zero privilege principle by giving each user and device in a network only the permissions they need to perform their specific task. According to this guideline, everyone and everything is a potential security risk, so only the bare minimum of permissions should be granted. It lessens the likelihood of a data breach by restricting user or device access to sensitive information and resources. Role-based access control is a standard method for applying the principle of least privilege because it allows administrators to assign users to specific roles, each of which has a predetermined set of responsibilities. The networking features are built so that any user can connect using any device. The result is a safe access platform that lets the company connect to anyone safely. SASE architecture was developed to allow for the implementation of security measures throughout a network. It also enables consistent security policies for all corporate resources and user actions, regardless of the capabilities of the endpoint or the SaaS provider (García-Teodoro et al., 2022). Measurement of resource availability is achieved through policy. Access to the company's resources and data is also contingent on the client's identification, the application's capabilities, and the surrounding environment. The material, the people involved, and the needed access level all combine to establish the resources available to a given group. Micro-
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
16 segmentation is a virtualization-based method for securing a network's most sensitive areas (National Institute of Standards and Technology). Problems that occur with the use of conventional firewalls. Microsegmentation differs from traditional IP address definition in that it allows users to access the information and services they need based on their unique identities and locations. Restricting potentially harmful relative movements inside a network, the emphasis of security moves to the individual user. Location and system information may be used to finetune these policies, making them dynamic and responsive to the ever-changing threats in a given environment. It's a fundamental part of zero confidence, which holds that no one should be given more power than they need. For Zero trust, the customer's identification might involve the user account and connected characteristics supplied by the business to verify the integrity of the automatic process. Assets' conditions may include a device's software, network position, request date and time, request history, and authorizations. A policy may is defined as the guidelines an organization follows when allocating resources like users, data, and software. The location of the network, time of day, and reports of active assaults all constitute environmental factors. Access and visibility can be limited by adhering to minimal privilege (García-Teodoro et al., 2022).
17 Chapter 4 Findings, Analysis, and Summary of Results Data Analysis Publicly accessible IT security frameworks and standards provide the tools necessary to implement ZTA; however, not all of these frameworks and standards are suitable for every business; therefore, it is essential to familiarize themselves with them before deciding on an approach. Furthermore, the systems are segmented to guarantee they are compatible with the zero-trust strategy. Therefore, they are separated into many parts to prevent outsiders from accessing sensitive data. The firm's members are shielded from internal and external dangers under the zero trust model, which is one of its many benefits. The zero-trust paradigm also has the benefit of stopping an attacker from easily moving all over the business. The rationale is that it will be difficult for an attacker to break into since each section will need its password or identity. Products that are purchased with complete confidence have become more necessary. Stricter regulations regarding data protection and information security and the prevalence of targeted cyber-attacks fuel market growth. Indeed, the proliferation of gadgets and users in homes worldwide has increased the attack surface. With the increasing virtualization and decentralization of IT infrastructure, businesses must adopt a Zero Trust security posture. These four ideas can help reduce the most common security risks inside the company. The zero-trust paradigm also makes all users more visible. As a result, anybody can access the system or data unauthorized. A user's identification is all that's needed to proceed. That makes it easy for the rest of the consumers as well. This improvement outperformed the old approach, which required approval at each stage. Another perk of the zero-trust network architecture is that it makes it hard for sensitive information to leak out of business. Exfiltration describes the process by which information leaves an organization for whatever
18 cause, including malware. The zero-trust network concept assures that companies may trust in a bare-bones yet effective solution to identify and halt data threats. The trust-but-verify philosophy has long been the backbone of network security. Considering the emerging threats and the shifting nature of the modern workplace, businesses of all sizes need to rethink their approach to IT security. This is an example of the zero trust policy (Sarkar et al., 2022). Findings & Discussion At its core, Zero Trust is about enforcing highly high standards of security by isolating critical data behind tiny walls. The objective is to prevent any weakness or lateral movement. If an attacker breaks one connection, they would have more difficulty accessing other sensitive data or applications. It is commonly believed that achieving Zero Trust is both time- consuming and resource-intensive. In contrast, Zero Trust is an overlay that can be applied to an already-existing design without having to scrap any of its current equipment. Data breaches can't be prevented if the business trusts the individuals coming in and out of its perimeter, which is why the zero trust security paradigm was developed. The model must first verify anyone trying to join an organization's network. When someone wishes to connect to the system, the method treats them with a complete lack of trust. Zero Trust is a simple five-step methodology to adopt, implement, and maintain. Without proper verification, the model acts as a barrier to entry. The IP addresses of users trying to access the system are vetted using the zero-trust methodology. Both functional and non- functional zero-trust products exist. Compared to more traditional approaches of isolating and segmenting applications and networks, including virtual local area networks and internal firewalls, segmentation offers a more flexible, up-to-date structure. Due to the inflexibility of alternative security methods, the zero security trust model provides the most effective option. Experts recommend the zero trust paradigm to reduce enterprise data breach risk. Role-based access control is a characteristic of access control applied to enterprise resources. The zero
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
19 trust paradigm is an approach to information security based on the assumption that every employee or external contact might be a security risk. To guarantee that zero-trust standards do not interrupt access or affect the customer experience, government agencies may integrate Zero Truth frameworks with other setting-based technologies, such as ABAC, as data networks evolve. Furthermore, it allows enterprises to create security standards from the level of individual accountability up to the level of customer service software (Shore et al., 2021). Analysis Companies serious about keeping their data safe should use zero-trust security solutions. A ZTA with micro-segmentation greatly minimizes the attack surface by isolating settings and separating capabilities. This dramatically lowers the network's attack surface by preventing data from being transferred from one encrypted job to another. Workloads can be micro- segmented down to individual PCs, people, or applications with more granular levels of security. Because of this new way of thinking, companies no longer hold all of their data in a single repository. At this time, the attackers can easily breach the internal networks. There are various risks for businesses that rely on their personnel implicitly to carry out operations. The model presupposes that danger might strike at any time. Location and security settings, which may or may not be up to date, can also restrict a device's freedom. Compared to more conventional segmentation methods, micro-concentration segmentation on source identities allows for more targeted policymaking. Phishing, social engineering, and similar techniques steal credentials for highly valuable accounts (Bertino, 2021). Summary of Results & Discussion One's definition of value may vary depending on the attacker's motivations. For instance, accounts tied to financial transactions and systems might have as much value as those of an enterprise's administrators, making them a prime target for hackers looking to make a quick buck. If multi-factor authentication is used for access requests, the data associated with a
20 hacked account may be safer. If an attacker obtains valid credentials, they may still be capable to access the assets for which the account has been approved authorization. ZTA is deployed on the network to reduce exposure to danger and stop corrupted data and assets from spreading throughout the system. If their credentials have been stolen, they will be prevented from using a particular service. However, unlike traditional perimeter-based networks, contextual trust procedures are more probable to identify and reply to such an assault. If the contextual TA identifies suspicious behavior, such as an insider threat or a compromised account, access to the restricted resources can be revoked. Micro-segmentation can determine the source of a communication request, be it a user, database, host, or application. The rule of zero trust should be applied while setting up strict access to their information or data. We require Zero Trust Security Models to safeguard our infrastructure against cyber criminals. The system is built on the premise that a company should not rely on other sources. Before allowing any device access to the company's servers, IT must confirm its identification and trustworthiness. It is imperative that the company adopt zero trust as its primary strategy and that it develop a network architecture that adheres to zero trust principles. This tactic fosters a zero-trust setting for the company's benefit. The primary objective is to restrict access to data and services so only authorized users can access them when necessary (Neale et al., 2022). Chapter 5
21 Conclusions Conclusion The network's creators can do amazing and novel things with it if they adopt the Zero Trust model. This is due to the model's consolidated, separated, and parallelized design. Zero Trust is easy to manage because it is partitioned for security and enforcement purposes. Antiquated networking protocols will not function in an authentication environment. As a result, new networks need to be built with security in mind. The Policy Enforcement Point communicates with the Policy Architecture to submit requests and receive policy-related updates. In zero-trust architecture, it is treated as a single logical part. Still, it comprises two parts—the client and the resource side—or a single portal part responsible for securing communication channels. An enterprise public critical infrastructure is a database that stores all certificates a company has issued to its internal services, resources, and applications. Enterprises with non-employee access to complete their work, users, and service providers need granular access to the enterprise's resources. The policy engine and administrator could be hosted in the cloud or a private network in this scenario. For the sake of identity management, it is necessary to create, store, and manage not only corporate logins and authentication files but also unified quasi-associate accounts. The purpose of security information and event management is to collect and store information about security incidents and events to analyze trends and develop more effective responses to protect company assets. Logins to networks and systems are studied extensively to ensure the safety of sensitive company information. The company may use agents or a portal to access external resources. The policy administrator's job is to restrict access to the system's resources from outside sources. Only internet access is permitted for them. The purpose of an identity management system is to generate, store, and control access to a company's user accounts and related data. Information such as names, ages, email addresses, and roles and access attributes
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
22 are stored in this system. User data for this system is typically retrieved from other systems. Companies have relocated their large data sets from central servers to the network's periphery to deal with the increasing demands of edge traffic. This improves the responsiveness and safety of data centers but pushes responsiveness and security concerns to the network's edge, necessitating new approaches. This zero-trust principle has led to the rise of edge security as a current industry trend. Those accounts won't be able to access the resources thanks to the zero trust architecture, provided it's implemented correctly. Therefore, attackers will focus on gaining access to accounts with administrative privileges. Implications The goal of zero-trust cyber security is to eliminate as much potential for error and intrusion as possible by implementing strict policies and procedures. It follows that businesses employ Zero Trust network design. An organization must adhere to the Zero Trust architecture's concepts and guidelines while putting them into practice. Organizations must assume things like the private network within the organization is not a trust zone while working to adopt the concepts of Zero Trust architecture. When implementing a zero-trust paradigm, an organization must already have access control. Zero-trust networking is one of the most common methods of implementing such a system. Micro-segmentation and strong authentication of all devices is critical to the current setup. Micro-segmentation creates virtual networks with their dedicated infrastructure, giving businesses greater command over their internal network infrastructure. Because of the need to prevent an attacker from analyzing other portions of the network, micro-segmentation plays a crucial role in helping a company contain a breach. By implementing granular regulations, zero-trust may be implemented in a networked context (Ferretti et al., 2021).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
23 Recommendations Understand the architecture. It's crucial to map out the business network structure and understand the assets while creating a zero-trust architecture. Users must comprehend their users' demographics, the devices they utilize, and the services and information they are consuming. Pay close attention to the network-using elements. Any system, whether it be a public or a private one, should be regarded as hostile. Also, consider current services that might not be able to protect themselves since they weren't built for a ZTA. Establish a Secure Device Identification; a ZTA relies heavily on device identity. It is the foundation for procedures such as authorization, verification, and many others. It has to be powerful and distinctive. Instead of being tied to the client, the device identification must be. Even if a device is hidden behind a NAT or is not connected to a network, it should still be feasible to identify it. Establish a reliable and secure communication connection since zero-trust architectures require it. They must guard against risks such as message manipulation, replay assaults, and espionage. Any two devices that communicate must guarantee their communications' secrecy, integrity, and validity. For some use scenarios, it could additionally need to provide non-repudiation. Employ network segmentation. Security restrictions between different networks are critical to any zero-trust design. These are employed to prevent unauthorized entry to sensitive information and applications. VLANs, firewalls, as well as other security measures like IDS/IPS, can all be used to implement division. It's crucial to put these security measures into place to safeguard business resources from both inside and external threats.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
24 References Alagappan, A., Venkatachary, S. K., & Andrews, L. J. B. (2022). Augmenting zero trust network architecture to enhance security in virtual power plants. Energy Reports , 8 , 1309–1320. https://doi.org/10.1016/j.egyr.2021.11.272 Alevizos, L., Ta, V. T., & Hashem Eiza, M. (2021). Augmenting zero trust architecture to endpoints using blockchain: A state‐of‐the‐art review. Security and Privacy , 5 (1), e191. https://doi.org/10.1002/spy2.191 Bertino, E. (2021). Zero trust architecture: does it help? IEEE Security & Privacy , 19 (5), 95– 96. https://doi.org/10.1109/msec.2021.3091195 Buck, C., Olenberger, C., Schweizer, A., Völter, F., & Eymann, T. (2021). Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero- trust. Computers & Security , 110 , 102436. https://doi.org/10.1016/j.cose.2021.102436 Campbell, M. (2020). Beyond zero trust: Trust is a vulnerability. Computer , 53 (10), 110–113. https://doi.org/10.1109/mc.2020.3011081 Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., Chen, H., Lu, H., & Zhai, Y. (2020). A security awareness and protection system for 5g smart healthcare based on zero-trust architecture. IEEE Internet of Things Journal , 8 (13), 10248–10263. https://doi.org/10.1109/jiot.2020.3041042 Chuan, T., Lv, Y., Qi, Z., Xie, L., & Guo, W. (2020). An implementation method of zero-trust architecture. Journal of Physics: Conference Series , 1651 , 012010. https://doi.org/10.1088/1742-6596/1651/1/012010 Dhar, S., & Bose, I. (2020). Securing IoT devices using zero trust and blockchain. Journal of Organizational Computing and Electronic Commerce , 31 (1), 1–17. https://doi.org/10.1080/10919392.2020.1831870
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
25 Ferretti, L., Magnanini, F., Andreolini, M., & Colajanni, M. (2021). Survivable zero trust for cloud computing environments. Computers & Security , 110 , 102419. https://doi.org/10.1016/j.cose.2021.102419 García-Teodoro, P., Camacho, J., Maciá-Fernández, G., Gómez-Hernández, J. A., & López- Marín, V. J. (2022). A novel zero-trust network access control scheme based on the security profile of devices and users. Computer Networks , 212 , 109068. https://doi.org/10.1016/j.comnet.2022.109068 He, Y., Huang, D., Chen, L., Ni, Y., & Ma, X. (2022). A survey on zero trust architecture: challenges and future trends. Wireless Communications and Mobile Computing , 2022 , 1–13. https://doi.org/10.1155/2022/6476274 Hireche, O., Benzaïd, C., & Taleb, T. (2022). Deep data plane programming and AI for zero- trust self-driven networking in beyond 5G. Computer Networks , 203 , 108668. https://doi.org/10.1016/j.comnet.2021.108668 Mandal, S., Khan, D. A., & Jain, S. (2021). Cloud-based zero trust access control policy: an approach to support work-from-home driven by covid-19 pandemic. New Generation Computing , 39 (3), 599–622. https://doi.org/10.1007/s00354-021-00130-6 Neale, C., Kennedy, I., Price, B., Yu, Y., & Nuseibeh, B. (2022). The case for Zero Trust Digital Forensics. Forensic Science International: Digital Investigation , 40 , 301352. https://doi.org/10.1016/j.fsidi.2022.301352 Ramezanpour, K., & Jagannath, J. (2022). Intelligent zero trust architecture for 5G/6G networks: Principles, challenges, and the role of machine learning in the context of O- RAN. Computer Networks , 217 , 109358. https://doi.org/10.1016/j.comnet.2022.109358
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
26 Sarkar, S., Choudhary, G., Shandilya, S. K., Hussain, A., & Kim, H. (2022). Security of zero trust networks in cloud computing: a comparative review. Sustainability , 14 (18), 11213. https://doi.org/10.3390/su141811213 Shore, M., Zeadally, S., & Keshariya, A. (2021). Zero trust: The what, how, why, and when. Computer , 54 (11), 26–35. https://doi.org/10.1109/mc.2021.3090018
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

IMG_1529.jpeg
Saved.docx
Audit policy.docx
The content objective related to this assessment was followed.1.edited.docx
Análisis y valuación de puestos Puntos extra 1 autocalificable_ Revisión del intento.pdf
Capture 2.PNG
QFD HOQ.png
Analytics.edited.docx
_wgu_course_c838___managing_cloud_security_exam-230.pdf
BSBINS601 Project Portfolio.docx
1.docx
week 8 reply 2.docx