How to Create a Zero Trust Architecture

August 25, 2021

If you’ve made it to part three of our zero trust series, then congratulations you’ve uncovered what zero trust is and have planned your zero trust strategy. With those steps completed, it is time to get to work on how to create a zero trust architecture.

Unfortunately, since every organization has its own environment and nuances, we can’t share a custom architecture for you today. Instead, we’re going to explore the six tenets of a zero trust architecture and how a few recommended solutions are helping customers achieve zero trust. If you would like help creating your own custom solution set, then reach out and our team of security experts can help!

The Six Tenets of a Zero Trust Architecture

Zero trust is achieved by implementing policies through cybersecurity solutions and actions. To guide security teams, NIST developed the following tenets to highlight as integral components of zero trust.

Below is an outline of the tenets including tips and insights into how our client organizations are successfully implementing zero trust.

Tenet 1: Defining devices

Gain an accurate scope of the devices on the network by defining and classifying all devices. This includes devices that send data to aggregators, SaaS and systems sending instructions to actuators.

Brite’s insight: Defining devices has become an essential component of many cybersecurity plans. With zero trust, it’s critical to have a solution with real-time device visibility. Additionally, functionality to classify devices on and off the network ensures devices are defined correctly.

Tenet 2: Securing communications

This set of policies and solutions address network location and communication. A device located on the network does not imply trust. Instead, actions must be taken to secure all communications to protect confidentiality and integrity.

Brite’s insight: Secure communications is not optional. This is necessary no matter where the device or user is. Implement successfully with private access always on and always inspecting.

Tenet 3: Session-based resource access

Now we’re getting into true application of zero trust. The process of evaluating trust and granting access each time a user attempts to access a resource. In addition, access is granted with the least privileges needed to complete the task.

Brite’s insight: Preparation is key. Take the time to clearly map out all applications, users and privileges to have a concrete foundation to build from.

Tenet 4: Attribute-based policy reinforcement

This is a dynamic policy in which resources are protected by defining what resources it has, who its members are and what access to resources those members need. These are checked against the user account, asset state and device characteristics and behavioral attributes.

Brite’s insight: Achieve attribute-based policy reinforcement with a real-time asset discovery tool.

Tenet 5: Dynamic authentication and authorization

To strictly enforce zero trust, it requires a constant cycle of authentication and authorization. This includes obtaining access, scanning and assessing threats, adapting and continually reevaluating trust.

Brite’s insight: Implementing an Identity Access Management (IAM) program is a comprehensive approach to achieving dynamic authentication. Like zero trust, IAM is a program, not a single tool or project. We share tips for implenting a successful program here. As well as Multifactor Authentication (MFA) tools continue to play a powerful role in securing authorization.

Tenet 6: Policy fine-tuning

As we know from other security tools, “set it and forget it” will not stop breaches. Utilize insights to continuously develop and improve policies. This ensures that policies are working and still applicable to ever-changing environments.

Brite’s insight: Assess your team’s workload and responsibilities. If they’re at capacity, then a managed security partner is a viable option to relieve pressure from your team and help maintain and fine-tune policies over time.

To summarize, creating a zero trust architecture doesn’t require a ‘rip and replace’. Instead, it’s reimplementing solutions you’re already using by organizing them into the six tenets of zero trust and redeploying them with a new objective.

 

Continue your zero trust journey…

Zero-Trust-Architecture-11