Organizations are rushing to implement zero trust principles and technology in their organization. It is widely understood that zero trust can better protect a modern IT environment, prevent cyber attacks, and limit the damage caused by breaches when they occur. The zero-trust approach not only secures user access on the front end, but also workloads on the back end, ensuring that no connection is allowed without being authenticated and verified.
Zero-trust security policies allow organizations to define how user identities, device security posture, and fine-grained access control interact. They ensure that the principle of least privilege always applies, regardless of the device, location of the user, or location of the service they connect to. Upon successful authentication, end-to-end encryption is established and access is restricted to the user or device explicitly authorized.
A zero trust policy inspects a network request and attempts to answer six questions: who is trying to gain access, what they are trying to access, when the request is occurring, where the resource and user are located, why data is accessed, and how access should be provided. We’ll describe each of these steps in more detail below.
In this article:
Zero trust policies are based on the following key principles:
Zero trust allows an organization to continuously monitor and verify the permissions and attributes of all users and devices. This is in contrast to the traditional approach of automatically trusting users and endpoints within organizational boundaries. Zero trust systems recognize that any resource, even if it resides within a corporate network or perimeter, could be compromised and used to carry out malicious activities.
A key component of zero trust is the least privilege principle—allowing a user or device to connect to a network or service only if specific conditions are met. Enforcing least privilege means that users are granted only the minimal access and privileges, set at the lowest possible level, that allow them to perform their role.
Visibility and control
By adopting zero trust, organizations gain visibility over all the services they use and the number of privileged accounts associated with each service. They can also control which devices are allowed to connect to which services and how. In many zero trust setups, connections from devices to the network are controlled by Network Access Control (NAC). This prevents devices from connecting to the network if they are unknown, unpatched, or do not have minimal security controls such as antivirus software.
Zero trust leverages threat prevention technologies such as strong authentication, behavioral analytics, microsegmentation, endpoint security, and privilege control. All these can be used to identify potential attackers and restrict access when a breach has occurred. These controls can also be highly effective at preventing insider threats and accidental damage by privileged insiders. Zero trust policies can directly access security insights provided by these tools.
Related content: Read our guide to zero trust architecture
A zero trust policy ensures that:
Related content: Read our guide to zero trust security
Technically, a zero trust policy is a set of “allow rules.” Each of these rules specifies conditions, and when these conditions are met, an account will be allowed to access specific resources at a specified time and place.
If a connection is evaluated and does not match a rule, the zero trust access mechanism blocks the traffic. This mechanism could be a next-generation firewall (NGFW) or a zero trust network access (ZTNA) system. This improves security because it focuses security efforts on traffic that was explicitly allowed—instead of a never-ending effort to block all types of unwanted access.
Each zero trust policy rule answers six questions. Let’s look at each of them in more detail.
Zero trust is based on strong user IDs, verified with multi-factor authentication (MFA). It also establishes robust device IDs, with device profiles that provide information about a device’s security posture—for example, whether it has encryption enabled, whether it has up-to-date antivirus, and whether its software has all required security updates.
Based on the verified user ID and device ID, the zero trust policy defines which resources a connection should be allowed to access. In line with the zero trust principle, access is only granted to a resource if a human or service account has a legitimate business reason to access it.
Zero trust systems can identify which application is being used to access a protected resource using information gathered from network layer 7, as well as the port, protocol, and IP used by the connection. This makes it much more difficult for attackers to spoof connections or use malicious applications, such as port scanners, to access corporate resources.
Zero trust policies are sensitive to the time at which a connection occurs. It is possible to apply a fixed schedule for a resource, or use behavioral analysis to identify if the time is “unusual”—for example, if a user is logging in at a time that is outside their regular business hours.
A zero trust policy can take into account both the location of the protected resource and the user. For example, there could be different policies for:
Related content: Read our zero trust network guide
Zero trust policies can leverage data classification to understand if the data being accessed is valuable or sensitive, and at what level. A zero trust policy can enforce different access controls for data that would cause damage if stolen by an attacker, as opposed to data that is publicly available.
A zero trust policy can regulate how entities access a specific resource. For example:
Calico Enterprise and Calico Cloud enable a zero trust environment built on three core capabilities: encryption, least privilege access controls, and identity-aware microsegmentation.
Get updates on blog posts, workshops, certification programs, new releases, and more!