The key architectural components of the zero trust model are: an integrated segmentation gateway as the nucleus of the network; parallel, secure network segments; centralized network management; and a data acquisition network to gain network visibility.
“In Zero Trust, all network traffic is untrusted”, commented John Kindervag, the Forrester analyst who developed the model. According to a report on zero trust written by Kindervag:
“Zero Trust mandates that information security pros treat all network traffic as untrusted. Zero Trust doesn’t say that employees are untrustworthy but that trust is a concept that information security pros should not apply to packets, network traffic, and data. The malicious insider reality demands a new trust model. By changing the trust model, we reduce the temptation for insiders to abuse or misuse the network, and we improve our chances of discovering cybercrime before it can succeed.”
The report contains the following recommendations to implement zero trust networking: change how you think about trust because “trust but verify” is no longer an appropriate security mantra; break away from the three-tiered hierarchical networking model; set up recurring meetings with counterparts in networking, such as starting a cross-functional zero trust working group; incentivize network and security vendors to adopt zero trust; and include zero trust architectural requirements in every networking or security request for proposal.