Zero Trust

March 18, 2025
Cybersecurity & HackingZero TrustNetworkSecurity

Zero Trust Fundamentals

Traditional firewalls are dead. Trust is the new vulnerability.
In a world where users, apps, and data move freely across borders — only one security model makes sense: Zero Trust.

In this post, we’ll break down what Zero Trust is, why it matters, and how to get started in your own infrastructure.

Zero Trust is like airport security: you don’t just walk through because you look familiar you pass through multiple layers of ID, scans, and behavioral checks.

Zero Trust is not a single tool or product, but a holistic security model and mindset that assumes that no user, device or network is inherently trustworthy.

🔑 “Never Trust, Always Verify”

The basic assumptions are:

🔥 The network is always potentially hostile

🕵️‍♂️ External and internal threats are possible at any time

🌐 Local network affiliation no longer means anything

🛡️ All access is based on dynamic guidelines

👉 There is no single, definitive definition, but various interpretations - similar to ITIL or Agile.

Key message:

💡 Zero Trust is the answer to the weaknesses of the traditional security model in a world full of cloud, home office, BYOD, shadow IT and hybrid architecture

Zero Trust = ZT + ZTA

TermMeaning
Zero Trust (ZT)Security strategy and framework
Zero Trust Architecture (ZTA)Technical implementation in organizations (e.g. workflows, components, access controls)

The 7 basic principles (tenets) of Zero Trust (according to NIST)

📱 Every device and every data source is a resource

🔐 All communication is encrypted - regardless of location

🧭 Access is granted per session, not across the board

🧠 Access is regulated by dynamic, context-dependent policies

🧾 Data integrity is central

🧬 Strong authentication & authorization are mandatory

📊 All activities are recorded & analyzed to improve security

Zero Trust Pillars - The 6 building blocks according to GSA/DoD

👤 Users & Identity - Authentication, MFA, access control

📱 Devices - Checking the security status of devices (EDR, MDM etc.)

🌐 Network & Environment - Microsegmentation, Software Defined Perimeter

⚙️ Applications & Workloads - Monitoring, isolation of workloads

📂 Data - Classification, encryption, DLP

📈 Foundation: Visibility & Automation - AI, SOAR, SIEM for automation

Zero Trust

Why Zero Trust?

🧠 Why traditional security models are no longer enough

🔥 The new reality

Modern IT infrastructures are open, dynamic and distributed:

  • Applications run in cloud, hybrid and on-premises environments

  • Users work from anywhere (remote work, BYOD)

  • Systems are vulnerable to shadow IT and third-party APIs

  • Cyberattacks are becoming more complex, more targeted and faster

In a world without clear boundaries, the classic “moat model” no longer works.

🏰 Why the perimeter is dead

In the past:
🟩 A clear network perimeter (firewall) → Inside = secure, outside = insecure

Today:
🟥 Everything is constantly connected - on a global level. → The “secure interior” no longer exists

❌ Weaknesses of traditional security

ProblemWhy it is critical
Trust in the local networkAttackers move around internally unhindered (lateral movement)
Blanket authorizationsUsers/apps often have too many rights
Rare verificationAuthentication usually only at login
No transparencyHardly any audit and monitoring options

⚠️ Examples of real security incidents

  • SolarWinds (2020): Supply chain attack with far-reaching access

  • Capital One (2019): Misconfiguration in cloud environment

  • Uber (2022): Lateral movement through stolen credentials

  • Verizon DBIR Report:

    • → 80% of all breaches use stolen credentials

🔎 Commonality: In all cases, Zero Trust would have reduced or prevented damage.

🚀 Why Zero Trust is the solution

  • Access is granted dynamically and context-based (user, device, location, behaviour)

  • Strong authentication & authorization per request

  • Transparency through monitoring & logging

  • Minimal authorizations (least privilege) by default

🏗️ Zero Trust Architecture (ZTA) Fundamentals

🔍 Was ist Zero Trust Architecture?

Zero Trust Architecture (ZTA) is the concrete technical implementation of the Zero Trust security model. While “Zero Trust” is the philosophy, ZTA describes the structures, components and processes for implementing this philosophy in the real IT landscape.

ZTA definiert wie Zero Trust praktisch gelebt und umgesetzt wird – nicht nur auf Netzwerkebene, sondern übergreifend für User, Devices, Workloads und Daten.

🧱 What does a Zero Trust Architecture consist of?

A typical ZTA model consists of several core components that work together to check and authorize each access.

📐 Important components:

  1. Policy Enforcement Point (PEP):
    • Performs access controls
    • Example: proxy, gateway, firewall, microservice proxy
  2. Policy Decision Point (PDP):
    • Decides whether access is permitted
    • Refers to policies, user context, device status, etc.
  3. Policy Administrator (PA):
    • Distributes and synchronizes policies
    • Communicates with PDP and PEP
  4. Trust Algorithm / Engine:
    • Calculates trust based on attributes (user, device, context)
  5. Logging & Visibility Layer:
    • Monitors and analyzes all activities
    • Provides input for AI/ML-based reactions
NIST Zero Trust Architecture

NIST Zero Trust Architecture

🧭 ZTA is context-based - not location-based

Earlier: User X is in the office = secure
Today: User X uses an unknown device in an insecure network = context-dependent insecure

ZTA checks:

  • Who are you?
  • With which device?
  • From where?
  • What do you want to access?
  • How are you behaving?

Access will only be granted if all factors comply with the guidelines.

🧠 ZTA is dynamic, not static

  • Classic systems grant access once (e.g. after login)
  • ZTA checks continuously - with every new request
  • Access can be revoked at any time (revoke access)

🔐 Decisions based on trust in ZTA

AttributeExample
UserRole, department, MFA status
DeviceOperating system, patch status, MDM
NetworkGeolocation, VPN, gateway
Session behaviorBehavior analysis (e.g. anomalies)

➡️ These attributes are included in the trust score, which determines whether access is permitted.

💡 Example access decision:

A user with MFA, on a laptop managed by MDM, accesses the HR app from Germany → Access allowed
Same user, but from a private smartphone without MDM, at 2 a.m. → Access denied

🧰 Technologien & Tools in einer ZTA

  • IAM / Identity Layer: Azure AD, Okta, Keycloak
  • Device Posture: Crowdstrike, SentinelOne, Intune
  • Zugriffskontrolle: API Gateway, Envoy, NGINX
  • Richtlinienverwaltung: OPA (Open Policy Agent), HashiCorp Sentinel
  • Beobachtbarkeit: SIEM, EDR, SOAR (z. B. Splunk, Elastic, Sentinel)

🛡️ Summary

Zero Trust Architecture means:

  • Centralized decision logic
  • Dynamic, context-dependent access control
  • Micro-segmentation
  • Control over data, user and device flows
  • Real-time transparency & response

📘 Source This is based on NIST SP 800-207, the official framework for the Zero Trust Architecture.
→ If you want to implement ZTA, this is your technical starting point.

🚀 How to Get Started with Zero Trust

Implementing Zero Trust can seem overwhelming at first — especially because it’s not a tool or single product, but a mindset shift supported by architecture and technology. But here’s the good news:

You don’t need to do everything at once. Zero Trust is a journey, not a checkbox.

🧩 Where to begin?

Zero Trust starts with visibility. You can’t protect what you don’t understand.

🔹 Step 1: Identify your critical assets

  • What are your crown jewels? (e.g., internal apps, production data, credentials)
  • Who accesses them?
  • Where are they stored or hosted?
  • What are the dependencies?

🧠 Tip: Map your application landscape and user flows.

🔹 Step 2: Assess your current access control

  • Are you still using VPN-only perimeter security?
  • Do users have overprivileged access?
  • Is MFA enforced for all users?
  • Are devices validated before accessing resources?

This step shows you where your trust assumptions are.

⚙️ Step-by-Step Implementation Strategy

Here’s a phased approach to building Zero Trust in real environments:

✅ Phase 1: Identity & Access Foundation

  • Enforce strong authentication (MFA, SSO)
  • Implement least privilege access
  • Start user-role mapping and RBAC/ABAC strategies
  • Review third-party access and revoke stale accounts

✅ Phase 2: Device & Endpoint Control

  • Register all devices (bring in MDM if needed)
  • Monitor endpoint posture (updates, compliance)
  • Block access from unknown or unmanaged devices

✅ Phase 3: Network Segmentation & Logging

  • Apply microsegmentation (e.g. per app or business unit)
  • Remove flat network trust
  • Centralize logs and set up SIEM or analytics layer

✅ Phase 4: Contextual Policy Enforcement

  • Implement dynamic policies (user + device + location)
  • Block access based on behavior/anomaly (e.g., login from new country)
  • Automate enforcement via policy engine (e.g. OPA)

✅ Phase 5: Automation & Response

  • Introduce SOAR tools to respond to alerts
  • Build auto-isolation workflows
  • Continuously tune and improve policy decisions

🧠 Key Principles to Remember

  • Start small but with critical assets
  • Trust is earned, not assumed — per session, per context
  • Logging is everything: what you can’t see, you can’t secure
  • Education matters: your team must understand Zero Trust goals

🔄 Zero Trust is continuous

Zero Trust is not a one-time project. It’s a cyclical process:

  1. Discover
  2. Enforce
  3. Monitor
  4. Adapt

🔁 The goal: a resilient, adaptive and transparent security model that fits your org’s dynamic nature.

📘 Sources & Further Reading

  • NIST SP 800-207 – Zero Trust Architecture
  • Microsoft Zero Trust Maturity Model
  • Forrester Zero Trust eXtended (ZTX) Framework