Virtualization Technology News and Information
Creating the Architecture for Zero Trust Security

By Shannon Flynn

Zero trust security is gaining popularity quickly. According to one recent survey, 30% of global organizations have begun implementing these solutions, with another 42% planning to in the future.

As the name implies, these security architectures seek to maximize security by not inherently trusting anything. They verify everything's identity and privileges before allowing it to access anything, then only granting access to what a user or device needs. As cybercrime and insider threats grow, more businesses may want to implement zero trust architecture, but how to do so is less clear.

Companies that want to implement zero trust security can break it down into three steps: separate, authenticate and record. Here's a closer look.


The first step in setting up zero trust architecture is to separate systems and data. The goal here is to eliminate lateral movement, restricting networks so that someone with access to one area can't move into another. Lateral movement is a factor in 70% of all cyberattacks, so this separation is crucial.

Organizations can begin by determining how to divide their network. They should identify and organize data according to its sensitivity and importance, seeking to isolate the most critical data. After they know what should and shouldn't group together, they should segment their networks along those lines.

Teams may find they need to move to the cloud before this segmentation if they haven't already. Cloud environments are ideal for zero trust security as they make it easier to group and segment networks and data.


After separating data and workflows into different sub-networks, security teams need to restrict them. Any user, device or program that tries to access any of these segments must verify their identity first. If they're not authorized for that area or can't authenticate themselves, systems shouldn't allow them in.

Authentication techniques should rely on multi-factor authentication (MFA) instead of more straightforward methods like recognizing IP addresses. By 2025, 75% of the workforce will work remotely, at least part-time, making it harder to verify workers' identities. MFA is the most reliable solution.

It's important to remember that this authentication process should apply to devices, too, not just users. MFA doesn't work with devices, so companies can use cryptographic keys to grant and restrict device access.

Whether or not something or someone has access to a sub-network should be contextual. Users and devices will need some data or programs in some contexts but not others. Consequently, zero trust security must understand what contexts do and don't grant different parties access to various parts of the network.


After segmenting networks and implementing an authentication process, security teams should start recording everything. Continuous monitoring is another core aspect of zero trust security, as it helps identify and respond to unusual occurrences faster.

Companies should log all activities on the network. They should know who tried to access what at what time and from where every time it happens. These logs will provide a baseline for unusual behavior, helping teams identify potential breaches when they arise. Knowing how each user behaves can also help inform contextual access policies and behavioral biometrics.

Since cybersecurity faces a growing labor shortage, according to Gartner, most companies likely can't afford continuous manual monitoring. Thankfully, automated network monitoring tools are readily available today. These technologies will help implement zero trust security without high costs.

Zero Trust Security Could Become a Necessity

When zero trust security first emerged, most organizations saw it as a helpful but not necessary strategy. As more organizations have moved onto the cloud and cybercrime has grown, that's starting to change.

Companies now know that breaches can come from anywhere and that many systems are more vulnerable than they seem initially. As such, zero trust architecture may be more of a necessity than an advantage today. Follow these steps to keep your data as secure as possible.


About the Author

Shannon Flynn 

Shannon Flynn is a tech writer who covers topics like cloud computing, business technology, and data. You can find her work on Hackernoon, Cybint Solutions, Irish Tech News, and Visit ReHack for other trending tech topics covered by Shannon. 
Published Thursday, September 23, 2021 7:33 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2021>