The zero trust journey: transforming cyber defense

Zero trust is a security model that moves from static, network-based cyber defenses to a continuously validated security configuration across five key pillars.

Zero trust is a security model that moves away from the static, network-centric cyber defense approach to an identity- and data-centric security approach that is continuously validated. Zero trust assumes there is no implicit trust granted to users or devices and therefore enforces the concept of “never trust, always verify.” The goal is to prevent unauthorized access to data and services, enforce least privilege, and provide full visibility across the network to improve rapid threat detection and mitigation.

The Zero Trust Maturity Model from the Cybersecurity & Infrastructure Security Agency (CISA) is one of several federal references that defines five key zero trust pillars: identity, device, network/environment, application workload and data. This model helps guide agencies in designing and implementing their zero trust architecture (ZTA).

Zero trust architecture: how it works

ZTA is a security framework that defines how zero trust services, including network infrastructure (physical and virtual), access workflows and operational policies, are structured to enable a zero trust security model. The ZTA framework combines technologies and capabilities to verify a user identity (human user, service or device), assess context before granting access to resources and remediate anomalous behaviors. These technologies include but are not limited to multifactor authentication (MFA), identity provisioning, endpoint detection and remediation (EDR), and secure access service edge (SASE). With ZTA, every access decision is based on policy checks of real-time user and application contextual data (e.g., identity, credential, location, device security posture, service or workload, data classification).

Once authorized, users are only granted least privilege access for a limited time, eliminating the need for standing privileges. Furthermore, ZTA uses continuous monitoring and analytics to improve real-time threat detection, situational awareness and rapid incident response to anomalous behavior across the network.

Factors driving ZTA adoption

Several factors are driving the need for zero trust solutions in the government and public sector. The advancement of cyber threats (e.g., phishing, malware, ransomware), the sharp increase in supply chain attacks and the widespread compromise of privileged credentials are posing risks to agencies. Federal regulatory requirements are also fueling the need for zero trust to ensure agencies meet compliance requirements and safeguard digital assets. For example, Executive Order (EO) 14028 requires agencies to create a zero trust architecture implementation plan, and M-22-09 requires agencies to follow a prescriptive timeline to achieve specific ZTA security goals by the end of FY2024.

The shift away from the network perimeter is another driving factor for zero trust. Many agencies are adopting cloud technologies, moving to hybrid remote-work environments and increasing mobile access to enterprise applications. These changes require new solutions to enable and secure the evolving workforce, workplace and workloads we support today.