Zero Trust Architecture - 1.2
Summary
Zero Trust Architecture enforces strict access policies across physical, virtual, and cloud environments, using dynamic, context-aware controls to ensure that all users and devices are continuously verified before accessing resources, effectively minimizing the attack surface.
Notes:
Functional Planes of Zero Trust Operations
Zero Trust Architecture is applied across three operational planes: Physical, Virtual, and Cloud environments, ensuring a consistent security posture regardless of where resources are located.
Data Plane
The Data Plane is responsible for the actual transmission and processing of data. It handles all the data movement within the network infrastructure, including packet forwarding.
Example: Physical network ports on a switch or virtual network interfaces in cloud environments.
Control Plane
The Control Plane manages the rules, routing tables, and policies that dictate how the Data Plane handles data flow. It oversees decision-making processes such as routing decisions, access controls, and traffic prioritization.
Policy Components
In a Zero Trust Architecture, the interaction between the user (subject) and the system/resource is governed by specific policies.
The Policy Enforcement Point (PEP) is responsible for enforcing the access control decisions made by the Policy Decision Point (PDP).
The PDP consists of a Policy Engine that evaluates requests against predefined policies and makes decisions on whether access should be allowed or denied.
A Policy Administrator defines and manages the policies used by the Policy Engine during evaluation and decision-making processes.
Controlling Trust in Zero Trust Architecture
Adaptive Identity Management
Adaptive identity management adjusts security measures based on the context and attributes of the user and their request. For example, based on factors like device type, location, and behavior, the system may automatically adjust security controls, requiring additional verification if necessary.
Threat Surface Reduction
Zero Trust reduces the attack surface by limiting how users can access the network. This is achieved by funneling users through controlled, limited entry points and restricting access based on least privilege, thereby minimizing potential vulnerabilities.
Policy-Driven Access Control (PDAC)
PDAC uses adaptive identity data combined with pre-established policies to manage access based on a wide range of contextual factors, such as user identity, environment, time, device type, and more.
- Access decisions are made dynamically and are context-aware, making PDAC highly flexible and effective for controlling access in dynamic environments.
- PDAC is a core aspect of Zero Trust Architectures due to its flexibility and ability to adapt to constantly changing scenarios compared to simpler models like Role-Based Access Control (RBAC).
Compared to RBAC, PDAC is more adaptable since it considers multiple factors in real-time rather than relying on static roles assigned based on job functions.
Security Zones in Zero Trust
Zero Trust Architecture involves defining security zones within the network, applying specific policies to each zone based on the sensitivity of the resources within. This segmentation helps maintain security by isolating network components and enforcing consistent security policies.
Policy Enforcement Point (PEP)
The Policy Enforcement Point acts as a gatekeeper, gathering network traffic information and enforcing access policies based on instructions from the Policy Decision Point. It controls access to the system's resources by verifying compliance with security policies.
Policy Decision Point (PDP)
The Policy Decision Point evaluates information provided by the Policy Enforcement Point using the Policy Engine and guidance from the Policy Administrator. It then makes decisions on whether access should be granted or denied.