Do you trust your organization's network? Do you think deploying perimeter-based security solutions such as firewalls or VPNs is enough? Do you trust your employees? Do you trust the devices used by them?

If your answer to any of the questions above is yes, then you might want to pause, rethink, and read this blog to gain a new perspective!

With exponential digital transformation taking place each day, the network perimeter is being redefined continuously. It has therefore become imperative for organizations to redefine their defense strategies with new security approaches.

Zero Trust is a security approach that works on the principle of never trust, always verify'. It emphasizes that no user or device or network can be trusted inherently, irrespective of location, i.e., within or outside the corporate walls.

In this blog, we'll introduce you to the basic principles of the Zero Trust model and some of the best practices that you must follow to build your own Zero Trust network.

Zero Trust: The journey towards a secure network

Guidelines for a Zero Trust model

The Zero Trust model aims to strengthen and armor organizations by helping them take a holistic approach towards a strong cybersecurity posture. This can be achieved when organizations follow different techniques and strategies as per their infrastructure's requirement and not just a standalone strategy. Some of the Zero Trust guidelines are as follows:

1. Microsegmentation

Microsegmentation is one of the most important aspects of the Zero Trust model. It is the process of breaking the network perimeter into small, secure zones that are more manageable. These zones are called micro-segments. Micro-segments, in comparison to large networks, are much easier to monitor, implement specific security policies for, and establish granular access and controls for. This, in turn, provides better visibility and access to individual network resources, applications, and data.

Microsegmentation ensures that the attack surface is as small as possible. In this way, it decreases the organization's chances of falling prey to cyberattacks. It prevents the movement of traffic laterally within the network, i.e., server-to-server, application-to-server, etc. There are multiple ways in which organizations can create micro-segments. For instance, organizations can create them based on location, privileged data assets, user identity (employees or third-party users), personally identifiable information, virtual machines, important applications, software, etc.


2. Multi-factor authentication

Provide authenticated and authorized access to all the users and network resources through security methods like multi-factor authentication (MFA). MFA requires users to prove and verify their identity using multiple authentication factors like the usual username-password combination, a fingerprint scan, and a code or one-time password (OTP) sent to their mobile device. Unlike two-factor authentication, MFA should comprise a minimum of three factors for authenticating a user. These three factors could be something the user knows (password), something the user owns (OTP on authenticator app), and something the user is (biometrics such as fingerprint).

However, it's also important for organizations to consider the fact that MFA can be bypassed by cyberattackers, which is why they must have strong MFA methods in place.

3. Single sign-on

Single sign-on (SSO) provides the ability for users to sign on once with their credentials and have access to all of their applications. SSO works through the exchange of an authentication token between the application and the identity provider. Whenever a user signs in, this token is created and remembered to establish the fact that the user is verified. Any application or portal the user will attempt to access will first verify with the identity provider to confirm the user's identity.

SSO enables users to create and remember one strong password for their account instead of multiple ones. The approach also helps in avoiding password fatigue and decreasing the attack surface. It further ensures that no repeated passwords are used by users to access multiple portals and applications. From a security standpoint, SSO provides central visibility into all the user activities from a central location. It allows organizations to implement stronger password policies for the entire organization.

4. Principle of least privilege

The principle of least privilege (POLP) is one of the core fundamentals of Zero Trust. It permits users to access only the data, applications, and services required to perform their jobs. Since users are the weakest link of any organization, this policy makes sure that they are given access to resources only on a need-to-know-basis. Some of the ways to implement POLP are:

  1. Role-based-access control: Each user is permitted or denied access to data or network resources based on their role in the organization. For example, an employee from the finance team would have access to finance-related data only, and would not be able to access information out of their scope.
  2. Just-in-time privileged access management: Access to resources and applications is granted for a predetermined period of time. Once the defined time lapses, the access given to users gets revoked automatically. For example, a user who needs to access a portal only for few days in a week would be given access for those specific days only; they would not get standing access 24/7.
  3. Just-enough access to resources: Users are given only adequate access to those resources or services that are required by them to perform their tasks, and no more than that. For example, a user requires access to a report but has to work only with a part of it. In cases like this, the user gets access to only those parts of the report that are required for their job.
  4. Risk-based access control: Access to users is given based on the risk scores associated with them. Users with higher risk scores are required to meet additional authentication challenges whereas users with lower risk scores will be required to follow the general username/password method. For example, a user logging in with correct credentials but from a new device or from a new location can be made to go through an additional step of security verification.

5. Continuous monitoring and auditing user activities

It is important that all user activities are continuously monitored and audited. A proactive approach of looking out for any potential threat helps in preventing malicious attacks. The log data should be ingested by a SIEM solution, it should be further analyzed, and real-time alerts should be configured in case any unusual activity gets detected.

6. Monitor the devices

Monitoring devices with strict controls is also an integral part of the Zero Trust network. It is important to monitor the number of devices that have access to the network and check if they have been authorized to access the network resources. Organizations should also keep a track of unmanaged and managed devices, and make sure these devices are being regularly patched and updated. For BYOD and guest devices in the network, strict access controls and threat detection methods should be followed to lower the risk of an expanded attack surface.

So how do you start working towards creating a Zero Trust architecture for your own organization? Here are a few of the common yet quintessential practices that must be adopted to build a Zero Trust environment.

Best practices for implementing and adopting a Zero Trust model

  • Identify all critical and sensitive data, network components, and resources, and group them based on priority.
  • Verify all devices, including endpoint devices, to ensure secure access to the organization's resources.
  • Enforce the least privilege policy and minimize and restrict access to data, applications, services, and resources.
  • Identify and disable the user accounts of former employees, as these orphaned and stale accounts could be exploited by malicious insiders to access the organization's sensitive data and resources.
  • Monitor and audit all user activities proactively to keep a track of their whereabouts within the network. Configure real-time alerts for notifying the IT teams of any unusual activity that gets detected.
  • Investigate and validate the traffic from both within and outside the organization network.

It's never too late to secure your network, so get started on your journey towards creating a safe and secure IT network for your organization. Adopt and implement a Zero Trust security approach to ensure restricted and secure access to your network and its components. Doing so will minimize your attack surface, thus reducing your exposure to cyberattacks.

A SIEM solution like ManageEngine Log360 helps organizations in maintaining a Zero Trust environment with its UEBA and CASB capabilities. Schedule a personalized demo and talk to our product experts to learn more about it.

  • Please enter a business email id
  • By clicking 'Read the ebook', you agree to processing of personal data according to the Privacy Policy

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.