: What Is Zero Trust and Why Do I Need It?
Focus
Focus

What Is Zero Trust and Why Do I Need It?

Table of Contents

What Is Zero Trust and Why Do I Need It?

A Zero Trust strategy eliminates the vulnerability known as trust from your enterprise and secures your critical data, applications, assets, and services.
Zero Trust is a strategic approach to cybersecurity that eliminates implicit trust and continuously validates every stage of a digital interaction to secure an enterprise. When you implement a Zero Trust strategy, you apply security to users, applications, and infrastructure in the same consistent manner across the entire enterprise.
A Zero Trust architecture leverages network segmentation, layer 7 threat protection, the power and speed of cloud analytics, AI, machine learning, and granular user access controls to protect data, applications, services, users, and infrastructure from malicious activity. Zero Trust architectures protect all attack surfaces and use cases, including headquarters/campus, branch, public and private cloud and on-premises data centers, IoT devices, managed endpoints, remote and mobile users, SaaS applications, etc.—everywhere in the enterprise.
The concept behind Zero Trust is simple: trust is a vulnerability. Trust is a failure point. Trust nothing in the digital environment—packets, identities, devices, or services—and verify everything. There is no such thing as default trust and there should be no implicit trust.
The goal of Zero Trust is to eliminate implicit trust from the enterprise. Eliminating implicit trust helps prevent successful data breaches, simplifies operations through automation and a reduced rulebase, and simplifies regulatory compliance and audits because Zero Trust environments are designed for compliance and easy auditing.
The Palo Alto Networks Zero Trust Framework is based on the three organizational pillars that you need to protect:
  • Users—Control access based on users as well as on applications and infrastructure. The same consistent security policy should follow each user wherever the user goes in the network.
  • Applications—Control access to all applications, both sanctioned (applications that your business needs and uses) and tolerated (applications not required for business that you choose to allow employees to access). Do not allow access to applications that you have not identified as sanctioned or tolerated.
  • Infrastructure—Control access to routers, switches, firewalls, load balancers, IoT devices, supply chain, and software—every attack surface in the enterprise.
For each of the three pillars, you secure each of the following four validation points:
  • Identity—Identity is critical because if you don’t know and validate identity at any stage of activity, then you can’t control access based on identity or apply consistent security policy to that identity. Validate all users with strong authentication. No unknown or unauthorized users should be in your network.
  • Device/Workload—Verify device and workload integrity for managed and unmanaged devices and for all workloads.
  • Access—Allow no access to data, applications, workloads, and infrastructure without passing appropriate security checks. Always apply the principle of least privilege access:
    • Enable access for any given resource (applications, infrastructure, data, etc.) only for users, services, and APIs that require access. Do not overprovision access. For example, if you want to allow employees to access Facebook but you only want marketing users to post on Facebook, then in your Security policy, give access to the facebook-post application only to marketing user groups that you want to have posting privileges.
    • Limit management access for users, services, and APIs to only the areas of each device and the privileges required to perform the management functions. For example, if an administrator controls reporting functions, that administrator does not need access to security policy configuration.
    Palo Alto Networks ZTNA 2.0 using Prisma Access secures access for users, applications, and infrastructure, provides continuous trust verification and security inspection, protects all data, and enables you to create security policy that enforces consistent, least privilege access across all use cases.
  • Transaction—Scan all content for malicious activity and data theft.
The three pillars to protect and the four validation points for each pillar apply to every security use case, including campus, cloud, private data center, SaaS applications, remote workers, mobile users, IoT devices, and managed endpoints. Apply the same protection to every use case to create consistent security policy across the entire enterprise, for all users, applications, and infrastructure:
  • Access all resources in a secure manner regardless of use case and apply the principle of least privilege to all access.
  • Apply consistent security policy across all use cases.
  • Inspect and log all packets at Layer 7 when they access a resource.
  • Manage security and segmentation policy centrally.
  • Accommodate changes as your business changes.
  • Align security with business functions because business functions determine what you need to protect.
Zero Trust strategy is business-specific, so it accommodates what’s important to your business. A Zero Trust architecture protects your business best from the ever-increasing number and type of malicious threats to your enterprise.