ZTA: Never Trust, Always Verify

Abstract

Zero Trust Architecture (ZTA) deployments are growing in popularity, widely viewed as a solution to historical enterprise security monitoring that typically finds attackers months after they have gained system access. ZTA design incorporates multiple industry security advisories, including assuming network compromise, using robust identity management, encrypting all traffic, thwarting lateral movement, and other security best practices. Collectively, these features are designed to detect and prevent attackers from successfully persisting in the environment. These features each offer solutions to various ongoing security problems but individually are not comprehensive solutions. When designed for cloud services ZTA holds the promise of outsourcing security monitoring. However, some observations about ZTA suggest that the component solutions themselves have flaws potentially exposing systems to additional undetected vulnerabilities, providing a false sense of security. This paper addresses vulnerable paths using a bottom-to-top approach, listing problem areas and mapping them to attacker goals of deny, deceive, disrupt, deter, and destroy. The paper then addresses residual risk in the architecture. Based on the findings the paper suggests realistic countermeasures, offering insights into additional detection and mitigation techniques.