How the network can support zero trust

Zero trust architecture calls for granting just enough access to network resources so individuals can accomplish their work tasks – nothing more – and the network itself can help.

micro segmentation security lock binary network 2400x1600
Getty Images

Simply stated, zero trust calls for verifying every user and device that tries to access the network and enforcing strict access-control and identity management that limits authorized users to accessing only those resources they need to do their jobs.

Zero trust is an architecture, so there are many potential solutions available, but this is a look at those that fit in the realm of networking.

Least privilege

One broad principle of zero trust is least privilege, which is granting individuals access to just enough resources to carry out their jobs and nothing more. One way to accomplish this is network segmentation, which breaks the network into unconnected sections based on authentication, trust, user role, and topology. If implemented effectively, it can isolate a host on a segment and minimize its lateral or east–west communications, thereby limiting the "blast radius" of collateral damage if a host is compromised. Because hosts and applications can reach only the limited resources they are authorized to access, segmentation prevents attackers from gaining a foothold into the rest of the network.

Entities are granted access and authorized to access resources based on context: who an individual is, what device is being used to access the network, where it is located, how it is communicating and why access is needed.

To continue reading this article register now