Jump to

What is zero-trust security?

Zero trust is a security model used to secure an organization based on the idea that no person or device should be trusted by default, even if they are already inside an organization’s network. A zero-trust approach aims to remove implicit trust by enforcing strict identity authentication and authorization throughout the network, not just at a trusted perimeter. In this model, every request to access resources is treated as if it comes from an untrusted network until it has been inspected, authenticated, and verified. 

Forrester Research analyst John Kindervag first proposed the zero-trust security model in 2010. It marked a shift away from traditional IT security models, which primarily focus on defending access at the network perimeter and assume everything inside can be trusted. 

Unfortunately, the traditional approach offers little defense if attackers gain access to a network. Once in, attackers can move freely and attempt to extend their access to high-value data and assets—a technique known as lateral movement. Today, this is even more problematic in modern IT environments as resources and data are spread out, making it difficult to implement security control over a network from a single point. 

A zero-trust approach can help companies strengthen their IT environment security and help them limit or prevent attacks. 

Learn more about how Google implements its BeyondCorp zero-trust cloud security model to shift access controls from network perimeter to individual users and devices. 

Zero trust defined

Zero trust is a cloud security model designed to secure modern organizations by removing implicit trust and enforcing strict identity authentication and authorization. Under zero trust, every user, device, and component is considered untrusted at all times, regardless of whether they are inside or outside of an organization’s network. 

How does zero trust work?

Zero trust eliminates the idea of a trusted network edge and assumes that any user or service requesting access is a potential threat, regardless of whether they are inside your network or how many times they have connected before. 

While many would simplify zero-trust definitions as “trust no one and nothing” or “never trust, always verify,” these are somewhat limited. Instead, the concept at the core of zero trust is that assuming trust in anyone or anything, even underlying components, in an interconnected system creates significant security risk. Trust needs to be established and continuously validated using dynamic, contextual security policies and various technology mechanisms. 

The approach leverages micro-segmentation using granular policy controls to divide the network into smaller segments and isolated workloads. Policies are context-based, according to identity, location, device, the content being accessed, and the application. Policies are dynamic, so they are re-assessed regularly and adapted as the context changes.

Data and resources are inaccessible by default, and connections are only granted strictly controlled access after they have been authenticated and authorized. This process is applied for any user or connected endpoint, and identity is continuously authenticated. In addition, all network traffic is logged, monitored, and analyzed closely for any signals of a compromise. 

Here is a simpler way to think about it: Imagine your network and infrastructure as a top-secret government facility, and zero trust is the security system. It might include standard perimeter security and alarms and sensors to detect unauthorized access. 

Zero trust adds security to all access points inside of the perimeter. Every wing and each room in the building is also kept locked at all times and the doors are controlled using a biometric access system. Even after you pass through security at the front entrance, you will need to scan your fingerprint to prove your identity at each door and will only be allowed to pass through it if you have the proper security clearance. You are only allowed to enter areas you need to go into and stay for the time needed to complete your business. 

The three zero-trust concepts

The zero-trust model includes multiple implementations today, including zero-trust network access (ZTNA), zero-trust architecture (ZTA), and zero-trust edge (ZTE). However, they are all built on the same core concepts. 

Here are the three zero-trust principles that shape the model: 

  1. Assume all network traffic is a threat, at all times. Zero trust takes the view that every user is hostile and that threats are omnipresent, both inside and outside the network. Therefore, any traffic that does not have explicit permission is automatically denied access. Every device, user, and network flow is authenticated, authorized, and validated when requesting access on an ongoing basis.
  2. Enforce least-privileged access. Zero-trust security approaches grant least-privilege access, the minimum privileges and access to the necessary resources when they are needed without impacting the ability to complete a task. Least-privilege access helps restrict attackers from moving laterally to more critical resources if an account or device is compromised. 
  3. Always monitor. The zero-trust model advocates for continuous monitoring and analyzes and manages activity on the network at all times. This enables real-time understanding of what entities are trying to access resources and helps identify potential threats, active incidents, and any anomalies that should be investigated. 

These zero-trust principles originally outlined by Forrester also align with the zero-trust framework developed by the U.S. National Institute of Standards and Technology (NIST). We highly recommend reading NIST’s framework for guidance on the practical steps needed to implement a zero-trust security model in your own organization. 

Why use a zero-trust model?

Some of today’s most prolific data breaches are not just the result of an attacker finding a way to breach the network perimeter. With the rise of cloud computing and remote workforces, many organizations are struggling to defend increasingly distributed environments and a porous perimeter. Data is now generated, stored, and shared across multiple services, devices, applications, and people, and accessed from anywhere in the world.

Many threat actors have discovered that exploiting network weaknesses and gaps in coverage in hybrid cloud environments is a lucrative business. Increasingly, serious breaches are the result of compromised accounts through social engineering and other sophisticated techniques, accidental or intentional inside threats, and weaker security practices of third-party vendors. 

Security teams now recognize that threats are just as likely to come from inside the network as they are from outside of it. 

Organizations have attempted to implement defense-in-depth layered security measures, which aim to offer redundancies and backup security should one measure fail. However, this approach is often expensive and complex to implement, manage, and maintain—especially with the need to constantly adapt and modify everything as new systems, people, services, and devices are introduced.  

Zero trust incorporates defense-in-depth strategies, but the goal is to minimize the threat surface and build environments that are inherently secure without having to identify and mitigate every single potential threat. The focus is to stop access to mission-critical assets and prevent attackers from moving laterally through the network in real time. Zero trust provides a unified security approach that offers comprehensive, adaptable protection of distributed environments while still allowing secure access.  

Benefits of using the zero-trust model

Increased visibility

Zero-trust security requires businesses to know where assets are located and continuously monitor what identities are accessing resources and how. This improves visibility and context of traffic, asset inventory, and risk management. 

Limit the blast radius of breaches

Since identities are given least-privilege access, zero trust helps to limit the scope of damage if and when a breach does occur. This allows teams to respond and mitigate attacks faster, and minimizes the risk of further exposure. 

Access control in modern IT environments

With zero-trust architecture, security policies are based on identity and associated with specific workloads. This puts security close to the assets being protected, allowing it to travel with the workload, regardless of the environment. 

Consistent, adaptable security

Security policies are centrally managed in zero-trust models and rely on automation to help migrate and update policies according to context. Security becomes more agile and scalable, while also reducing the burden on administrators. 

Reduced attack surface and risk

Zero trust isolates traffic and creates network segments that prevent lateral movement and stop any potential infections from spreading to critical resources. Any suspicious activity can be inspected and identities re-verified again with policies and controls, decreasing the chance of a successful breach. 

Continuous compliance

Under zero trust, all traffic and requests are logged and evaluated. In addition, it locks down access to resources. This not only provides a clear audit trail if a breach does occur, but also makes it easier to prove that you have done everything possible to meet data privacy requirements and standards. 

Challenges of using the zero-trust model

Of course, no approach is without its challenges. Making the shift to zero trust can take years and requires careful planning.

Here are some of the biggest challenges of using zero trust: 

  • Being consistent. Done right, zero trust can provide superior security as advertised. However, it also requires that organizations be consistent with strategy. Most organizations will need to make changes in stages as they shift away from traditional security solutions, but they will also need to ensure no gaps develop along the way. 
  • Inhibiting productivity. Zero trust adds extra security steps to most workflows and can affect productivity if they are implemented incorrectly. The key is finding the right balance in strategy between supporting work and achieving a strong security posture. If processes become too disruptive, individuals may try to circumvent them. 
  • Combating insider threats. While zero trust can help mitigate insider threats through least-privilege access, it is not a silver bullet. Attackers frequently find ways to gain access by stealing credentials using tactics like phishing or scareware to trick people into sharing sensitive information. Or, in worst case scenarios, you may be dealing with a malicious party intent to abuse their privileges. In order for zero trust to be effective against insider threats, you will need to be able to monitor and detect any pattern anomalies throughout your entire organization.
  • Maintaining policies and architecture. Your business is constantly growing and evolving, which means zero-trust policies and permission structures will also need to be constantly updated. Zero-trust models rely on precisely defined policies and effective policy administration, which must also be proactively maintained and configured to prevent breaches. 

Feeling inspired? Let’s solve your challenges together.

New customers get $300 in free credits to spend on Google Cloud.
Get started
Talk to a Google Cloud sales specialist to discuss your unique challenge in more detail.
Contact us

BeyondCorp is Google’s implementation of a zero-trust network architecture to enable secure access from any device or network without the need of a traditional VPN. BeyondCorp uses Google Cloud tools, such as single sign-on, Access Context Manager, and Identity-Aware Proxy, to push the perimeter from the network to individual devices and users. 

BeyondCorp provides a set of access controls that verifies identity through authentication and authorization workflows to grant access to resources, allowing organizations to achieve continuous verification of trust without impacting productivity.