Let’s begin the discussion with asking a question which “What is zero trust?”. So let’s understand the strategy of zero trust.
What is Zero Trust Strategy?
An approach of security strategy in designing and executing the set of security principles. Now let’s understand security principles:
Verify Explicitly
Always authenticate and authorize based on all available data points.
User Least Privilege Access
Limit user access with Just-in-time and just-enough-access risk based adaptive policies and data protection.
Assume Breach
Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection and improve defenses.
This is the core of Zero Trust which assumes breach and verifies each request as though it originated from an uncontrolled network.
Zero Trust Strategy Implementation
The implementation can be done based on the infrastructure setup and choices of the technical components. But in generic we can discuss on encryption keys which can be either platform managed or customer mangaged.
Platform Managed Keys
Encryption kyes generated, stored and managed entirely by cloud provider. The keys used data encryption strategies.
Customer Managed Keys
Keys are read, created, deleted, updated and/or administered by customers.
Zero Trust Approach
- Secure identity with zero trust.
- Secure endpoints with zero trust.
- Secure applications with zero trust.
- Secure infrastructure with zero trust.
- Secure networks with zero trust.
- Visibility, automation and orchestration with zero trust.
Zero trust for Microsoft Azure