Zero Trust Architecture Framework To Secure & Mitigate Organizational Threats

Abstract

Zero Trust has been very hot topic within the industry, specifically because the industry is changing rapidly and there is a lot more remote working happening, so zero trust Architecture is a policy where it’s very important to give least privilege access to all users out there, so verifying all the users, applications & devices on the network before allowing them to any critical assets in organizations. This is becoming increasingly important because of network boundaries have been changing and people are connecting the organization network from various locations, users and applications are spanning multiple products and services across multiple different locations and this why it makes it more and more important to focus on zero trust. Zero trust architecture (ZTA) processes every request and gives the subject a resource without depending on implicit confidence, in contrast to perimeter-based architecture, which assumes that any subject inside the wall (i.e., inside the pre-defined perimeter) is trustworthy. This document introduces the ZT and ZTA concepts based on NIST Special Publication SP800 207. Also, the difficulties, procedures, and factors to think about when switching from the old architecture to ZTA are given and discussed.