# Introduction to Zero Trust
- Update: 2024
- Duration: 75 minutes

<hr>

## Why Do We Need Zero Trust?



Traditional security measures like firewalls and user ID/password systems were once considered sufficient to protect corporate networks. However, these systems have proven vulnerable to cybercriminals who exploit stolen credentials to gain unauthorized access, leading to data theft, manipulation, or ransomware attacks. The shift towards remote work, personal devices, and cloud services has further complicated the security landscape, making the corporate network perimeter less relevant. Instead, securing individual identities has become paramount.
<!-- ![ml-examples.png](img/ml-examples.png) -->
<center><img src="https://github.com/moaldeen/trustzone/blob/main/traditional.png?raw=true" alt="ml-examples.png" width="55%"></center>


Traditional network security architecture breaks different networks (or pieces of a single network) into zones, contained by one or more firewalls. Each zone is granted some level of trust, which determines the network resources it is permitted to reach. This model provides very strong defensein- depth.


### Security Breaches Example

- Colonial Pipeline:

 Attackers took advantage of the fact that the VPN connection to Colonial Pipeline network was possible using a plain text password without any multi-factor authentication in-place.

- Kudankulam Nuclear Power Plant:

  Malware was discovered on an Indian nuclear power plant employee’s computer that was connected to the administrative network’s internet servers. Once the attackers gained access, they were able to roam within the network due to “trust” that comes with being inside the network.

<div style="display: flex; justify-content: center;">
  <img src="https://github.com/moaldeen/trustzone/blob/main/password.png?raw=true" alt="ml-examples.png" width="30%">
  <img src="https://github.com/moaldeen/trustzone/blob/main/nuclear.png?raw=true" alt="ml-examples.png" width="25%">
</div>

## What Is Zero Trust?



The Zero Trust is model, strategy, and framework that trusts nothing by default "never trust, always verify." It assumes that threats exist both inside and outside the network, and therefore, every access request must be authenticated, authorized, and continuously validated regardless of its origin. For example, involves strong identity verification, validating device compliance before access, and least privilege access to resources.

Zero Trust is not a singular technology, and does not have singular authoritative definition of Zero Trust.

Examples of Zero Trust Definitions:
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <style>
        table {
            width: 100%;
        }
        td {
            vertical-align: top;
            padding-left: 10px;
        }
        .logo {
            width: 50px;
        }
        .text {
            width: 300px;
        }
    </style>
</head>
<body>
    <table>
        <tr>
            <td class="logo">
                <img src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcRU6-ahQYkCqbZQZKMEXDIzYedPx2gNNfX601knCHdBSVb1-9bV" alt="NSA Logo" width="50">
            </td>
            <td class="text">
                Zero Trust is a <strong>security model</strong>,
                a set of <strong>system design principles</strong>,
                and a coordinated cybersecurity approach.<br>
                It aims to prevent unauthorized access to data
                and services regardless of physical or network
                location, emphasizing strict access controls
                and a "trust no one" mentality.
            </td>
        </tr>
        <tr>
            <td class="logo">
                <img src="https://cdn.icon-icons.com/icons2/2699/PNG/512/nist_logo_icon_168078.png" alt="NIST" width="50">
            </td>
            <td class="text">
                Zero trust assumes there is no implicit trust granted  to assets or user accounts based solely on their physical or network location<br> (that is, local area networks versus the internet) or based on asset ownership (enterprise or personally owned).
            </td>
        </tr>
        <tr>
            <td class="logo">
                <img src="https://cf-assets.www.cloudflare.com/slt3lc6tev37/6lqgerXP230AIMluLJZkNZ/ff759aac93876f7bf3646c6f5293c28e/vmware_logo_high_res.png" alt="VMware Logo" width="50">
            </td>
            <td class="text">
                Zero Trust is the name for an approach to IT<
                security that assumes there is <strong>no implicit<br>
                trust</strong> granted to assets or user accounts
                based solely on their network location or asset
                ownership.<br>
                It requires strict identity verification and access
                controls.
            </td>
        </tr>
    </table>
</body>
</html>


 Traditional perimeter-based security is no longer effective as businesses adopt cloud services and remote work. Zero Trust provides a more robust approach by continuously verifying every access request, regardless of location


### **Case Study: Microsoft Zero Trust Solutions**

<center><img src="https://github.com/moaldeen/trustzone/blob/main/image.png?raw=true" alt="ml-examples.png" width="55%"></center>



According to the Forrester Total Economic Impact™ study on Zero Trust solutions from Microsoft, implementing a Zero Trust architecture using Microsoft solutions provides significant financial benefits:


- Return on Investment (ROI): 92%.
- Total Benefits (Present Value): $24.1M

- Net Present Value (NPV): $11.6M.
- Payback Period: Less than 6 months


### Zero Trust Historical Timline

Zero Trust is not a new IT security strategy; it has been around for a while
<center><img src="https://www.microsoft.com/en-us/security/blog//wp-content/uploads/2019/11/Zero-Trust-strategy-what-good-looks-like-2.png" alt="ml-examples.png" width="55%"></center>


<center><img src="https://assets.weforum.org/editor/-k-_ykZv-f0JpyRyrV1Vayo0gZkyx4dLRUl-3c7FrLo.png" alt="ml-examples.png" width="55%"></center>




### **Key Principles of Zero Trust**

- Always Verify.
- Use Least-Privilege Access.
- Assume Breach.

<!-- ![sup-learning.png](img/sup-learning.png) -->
<center><img src="https://github.com/moaldeen/trustzone/blob/main/concepts.jpg?raw=true" alt="sup-learning.png" width="40%"></center>


**A zero trust network is built upon five fundamental assumptions:**
- The network is always assumed to be hostile.
- External and internal threats exist on the network at all times
- Network locality alone is not sufficient for deciding trust in a network.
- Every device, user, and network flow is authenticated and authorized.
- Policies must be dynamic and calculated from as many sources of data
as possible.



<center><img src="https://github.com/moaldeen/trustzone/blob/main/zero-trust-vs-trust-based-network-shadow.png?raw=true" alt="ml-examples.png" width="50%"></center>


**Takeway:** Zero Trust is an improvement on the traditional perimeter security model, which is insufficient in modern IT infrastructure environments.

###**Zero Trust Enterprise**

**Zero Trust:**
A security model, framework, and strategy.


**Zero Trust Architecture :** An organization’s cybersecurity plan that utilizes zero trust concepts and encompasses component
relationships, workflow planning, and access policies.

**Zero Trust Enterprise:** Zero Trust + Zero Trust Architecture

### **NIST Core Tenants of Zero Trust Architecture**

<!-- ![sup-learning.png](img/sup-learning.png) -->
<center><img src="https://github.com/moaldeen/trustzone/blob/main/diagram.PNG?raw=true" alt="sup-learning.png" width="60%"></center>

### **Zero Trust Pillars**
<!-- ![sup-learning.png](img/sup-learning.png) -->
<center><img src="https://github.com/moaldeen/trustzone/blob/main/zero%20trust%20pillars.jpg?raw=true" alt="sup-learning.png" width="60%"></center>

The General Services Administration (GSA) outlines a comprehensive approach to implementing Zero Trust Architecture (ZTA) through its Zero Trust Architecture Buyer’s Guide. The GSA's model incorporates eight unique pillars that agencies should consider for a robust Zero Trust security model:


- **Users:** Focuses on user identification, authentication, and access control policies to verify user attempts to connect to the network using dynamic and contextual data analysis.
- **Device:** Validates user-controlled and autonomous devices to determine their cybersecurity posture and trustworthiness.
- **Network:** Isolates sensitive resources by dynamically defining network access, deploying micro-segmentation techniques, and controlling network flows while encrypting end-to-end traffic.
- **Application:** Secures access at the application layer by integrating user, device, and data components, and wrapping each workload and compute container to prevent unauthorized access or tampering.
- **Data:** Focuses on securing and enforcing access to data based on its categorization and classification, isolating it from everyone except those who need access.
- **Visibility and Analytics:** Provides insight into user and system behavior analytics by observing real-time communications between all Zero Trust components.
- **Orchestration and Automation:** Automates security and network operational processes across the ZTA by orchestrating functions between similar and disparate security systems and applications.

<hr>