Zero Trust technology pillars part 1

7 minutes

For a more comprehensive guide on rolling out Zero Trust, the deployment plans provide in-depth guidance.

Unlike the checklist format of the RaMP, deployment solutions weave together resources across products and services.

Work is broken into units of work that can be configured together, helping you create a good foundation that you can build up from.

Visibility, automation, and orchestration with Zero Trust

With each of the other technical pillars of Zero Trust generating their own relevant alerts, we need an integrated capability to manage the resulting influx of data to better defend against threats and validate trust in a transaction.

If an investigation results in actionable learnings, you can take remediation steps. For example, if an investigation uncovers gaps in a zero trust deployment, policies can be modified to address these gaps and prevent future unwanted incidents. Whenever possible it is desirable to automate remediation steps, because it reduces the time it takes for a SOC analyst to address the threat and move onto the next incident.

Visibility, automation, and orchestration Zero Trust deployment objectives

When implementing an end-to-end Zero Trust framework for visibility, automation, and orchestration, we recommend you focus first on these initial deployment objectives:

I. Establish visibility.
II. Enable automation.

After these are completed, focus on these additional deployment objectives:

III. Enable additional protection and detection controls.

Securing identity with Zero Trust

Before an identity attempts to access a resource, organizations must:

Verify the identity with strong authentication.
Ensure access is compliant and typical for that identity.
Follows least privilege access principles.

Once the identity has been verified, we can control that identity's access to resources based on organization policies, on-going risk analysis, and other tools.

Identity Zero Trust deployment objectives

When implementing an end-to-end Zero Trust framework for identity, we recommend you focus first on these initial deployment objectives:

I. Cloud identity federates with on-premises identity systems.
II. Conditional Access policies gate access and provide remediation activities.
III. Analytics improve visibility.

After these are completed, focus on these additional deployment objectives:

IV. Identities and access privileges are managed with identity governance.
V. User, device, location, and behavior is analyzed in real time to determine risk and deliver ongoing protection.
VI. Integrate threat signals from other security solutions to improve detection, protection, and response.

Applications

To get the full benefit of cloud apps and services, organizations must find the right balance of providing access while maintaining control to protect critical data accessed via applications and APIs.

The Zero Trust model helps organizations ensure that apps, and the data they contain, are protected by:

Applying controls and technologies to discover Shadow IT.
Ensuring appropriate in-app permissions.
Limiting access based on real-time analytics.
Monitoring for abnormal behavior.
Controlling user actions.
Validating secure configuration options.

Applications Zero Trust deployment objectives

Before most organizations start the Zero Trust journey, their on-premises apps are accessed through physical networks or VPN, and some critical cloud apps are accessible to users.

When implementing a Zero Trust approach to managing and monitoring applications, we recommend you focus first on these initial deployment objectives:

I. Gain visibility into the activities and data in your applications by connecting them via APIs.
II. Discover and control the use of shadow IT.
III. Protect sensitive information and activities automatically by implementing policies.