8. Zero Trust Model & Networking
• The zero trust security model, also known as zero trust architecture (ZTA), and sometimes known as perimeterless
security, describes an approach to the strategy, design and implementation of IT systems.
• The main concept behind the zero trust security model is "never trust, always verify," which means that users and
devices should not be trusted by default, even if they are connected to a permissioned network such as a
corporate LAN and even if they were previously verified.
• ZTA is implemented by establishing strong identity verification, validating device compliance prior to granting
access, and ensuring least privilege access to only explicitly authorized resources.
• The zero trust approach advocates mutual authentication, including checking the identity and integrity of users
and devices without respect to location, and providing access to applications and services based on the confidence
of user and device identity and device health in combination with user authentication.
• The principles of zero trust can be applied to data access, and to the management of data. This brings about zero
trust data security where every request to access the data needs to be authenticated dynamically and ensure least
privileged access to resources.
• In order to determine if access can be granted, policies can be applied based on the attributes of the data, who
the user is, and the type of environment using Attribute-Based Access Control (ABAC).
• This zero-trust data security approach can protect access to the data.
9. Underlying Assumptions
• Traditional VPN: Assumes trust once inside the
network.
• Zero Trust Networking: Assumes zero trust, even for
internal users.
10. Access Controls
• Traditional VPN: Broad network access once
connected.
• Zero Trust Networking: Granular access control based
on user identity and least privilege.
– Using enhanced identity governance and policy-
based access controls.
11. Verification & Authentications
• Traditional VPN: Relies on username and password, May multi-
factor authentication.
• Zero Trust Networking: Implements continuous verification, multi-
factor authentication, and strong password policies.
– Single strong source of user identity
– User authentication
– Machine authentication
– Additional context, such as policy compliance and device health
– Authorization policies to access an application
– Access control policies within an application
12. Network Segmentation
• Traditional VPN: Limited segmentation; flat network
structure.
• Zero Trust Networking: Micro-segmentation for
isolating and restricting lateral movement.
– Using micro-segmentation
– Using overlay networks and software-defined
perimeters
13. Trust Model
• Traditional VPN: Trusts users and devices once inside
the network perimeter.
• Zero Trust Networking: Never trusts; always verifies
users and devices, regardless of location.
– Applies to both Internal & External Devices and
Users.
14. Device Security
• Traditional VPN: Assumes device security once
connected.
• Zero Trust Networking: Continuous monitoring of
device security and compliance.
15. Scalability
• Traditional VPN: May face scalability challenges as
the organization grows.
• Zero Trust Networking: Built for scalability and
adaptability to evolving organizational needs.
16. User Experience
• Traditional VPN: May impact user experience with
potential latency.
• Zero Trust Networking: Strives for a seamless user
experience with minimal impact.
17. Implementation Complexity
• Traditional VPN: Generally simpler to set up and
manage.
• Zero Trust Networking: May require a more complex
implementation process.
18. Security Posture
• Traditional VPN: Focuses on securing the network
perimeter.
• Zero Trust Networking: Focuses on securing users,
devices, and data wherever they are.
19. Conclusion
• Paradigm Shift in Security
– In conclusion, the comparison between traditional VPNs and Zero Trust Networking underscores a paradigm
shift in security thinking—from perimeter-based trust to continuous verification and dynamic access control.
• User-Centric vs. Perimeter-Centric
– The fundamental difference lies in the shift from a perimeter-centric approach of traditional VPNs to the
user-centric philosophy of Zero Trust Networking, where trust is never assumed but constantly verified.
• Granular Access Control
– Zero Trust Networking introduces granular access control, ensuring that users and devices have the
minimum necessary access, limiting potential risks associated with broader access provided by traditional
VPNs.
• Adaptability to Modern Threats
– As the threat landscape evolves, the adaptability of Zero Trust Networking shines, providing a more robust
defense against emerging cyber threats compared to the traditional and somewhat static nature of VPNs.
• Choosing the Right Fit
– Organizations must carefully consider their security requirements, scalability needs, and the user experience
when choosing between traditional VPNs and Zero Trust Networking - a decision that can significantly impact
their overall cybersecurity posture.