What is zero trust architecture in cyber security?

The sentiment is clear. The UK Government’s ‘Cyber security breaches survey’ 2024 reported that 63% of charities saw cybersecurity as a high-priority item to tackle. The survey also reported a disturbing trend – 32% of charities had recently experienced a cyber attack within the last 12 months.   

Protecting operations is critical. There are different strategies to cybersecurity including ‘trust but verify’, the privileged access management-model and zero trust architecture.    

Zero-trust architecture (ZTA) is one of the evolving approaches to designing cybersecurity infrastructure. The premise is that nobody, inside or outside of an organisation, is trusted with access. Focusing on ZTA, we uncover what this strategy looks like and how it is integrated into cybersecurity systems.  

The basics of ZTA 

Imagine a castle with a moat surrounding it. The moat provides a barrier to the riches of the castle. Cybersecurity can be implemented under a similar thought process. Once verified, entry may be granted to the systems and processes of a charity – but when the drawbridge is always down, anyone can enter the castle.   

ZTA operates a ”trust no one” logic and removes trust from the system. In the castle and moat analogy, that means that even if you’re allowed through the moat you can’t roam free around the castle.  

The crux of the ZTA approach is underscored by the National Cyber Security Centre. They say: “Just because you’re connected to a network, doesn’t mean you should be able to access everything on that network. Each request to access data or a service should be authenticated and authorised against an access policy.” 

Pulling together trust and access, ZTA relies first on who should have access to what, and second, what authentication is in place.  

What are the benefits of ZTA? 

Moving from none, or patchy, cybersecurity infrastructure to ZTA has advantages. First, because each access point or user is authenticated, the approach reduces the possibility of attacks. Attacks may come from outside and inside of the network. ZTA at every defined level of security adds an additional layer of protection for important data.  

Digital implications of the ZTA approach 

Given that no one, not even those in the network are trusted, cybersecurity relies on ”authenticating always” and on containing breaches. The assumption is that breaches will happen and it’s a matter of containment.  

Authentication tech is crucial. Multi-factor authentication (MFA) offers solutions. Duo, a Cisco company, has several methods which serve to verify identity. They have a mobile app, which generates a notification to an authority once a correct passcode is entered. There are passcodes and token generators, which produce a one-time entry code which typically is time limited. Biometrics may also be used in any combination of the other methods.  

Steps to implementing ZTA  

Designing ZTA infrastructure is considered under seven pillars. Together, these pillars enforce digital borders and authentication: 

Workforce 

Keystrike, the cybersecurity platform, describes the heart of the matter: “Users must verify their identity to ensure they are who they claim to be.”  

Users, as part of your workforce entering the digital network, should be identified and mapped out. That includes creating and managing digital identities and how to authenticate correct credentials. During this process, have an idea of who needs access to what: not everyone needs access to everything.  

Device  

Devices are the tools for entry. In addition to authenticating users, the device also needs to be up to scratch. Here, ZTA is set up to ensure that each device has updated software and meets security thresholds.  

Workload security 

TechTarget describes this as protecting all the digital processes that make operations work. They say that ZTA cybersecurity is “wrapped around each workload to prevent data collection, unauthorized access, or tampering with sensitive apps and services.” 

Remember, workload security means that any user who wants to use the application or process needs to be authenticated ahead of access. The security procedures don’t have to be the same across each application. 

Network security 

Securing the network means breaking down each part of your digital network into smaller bits. Each bit normally has its own digital access and policies. Focus Group highlights the benefit. They say: “Even if one segment is compromised, the attacker can’t move laterally across the entire network.” 

Data protection 

Data classification and storage is also a key pillar in ZTA. Digital assets are typically categorized. Each category is only accessible to certain user rights on a need-to-know basis. Not only is digital protection important, but there may also be physical barriers to achieve, such as different server locations.  

Visibility and analytics 

Vigilance and analytics together form the basis of the ZTA pillar here. The digital network needs constant monitoring to assess user behaviour and security breaches. Anomalies need to be picked up and learned from.   

Automation and orchestration 

Last, automation and orchestration reduces the legwork for charity IT professionals. TechTarget says it best. They note: “organizations can automate and centrally control the entire zero-trust model on the LAN, WAN, wireless WAN, and public or private data centres.”