Zero trust architecture logical components and implementation approaches

DOI: 10.31673/2412-9070.2024.030711

Authors

  • О. Б. Придибайло, (Prydybaylo O. B.) State University of Information and Communication Technologies, Kyiv
  • Р. В. Придибайло, (Prydybaylo R. V.) State University of Information and Communication Technologies, Kyiv
  • В. О. Яскевич, (Yaskevych V. O.) Borys Grinchenko Kyiv Metropolitan University, Kyiv
  • Ю. В. Яскевич, (Yaskevych Yu. V.) Borys Grinchenko Kyiv Metropolitan University, Kyiv

DOI:

https://doi.org/10.31673/2412-9070.2024.030711

Abstract

Zero Trust Architecture (ZTA) is a contemporary cybersecurity approach that challenges the traditional perimeter-based security model. In the zero-trust model, organizations do not automatically trust any user or device, regardless of whether they are inside or outside the corporate network. Instead, it assumes that threats can come from both internal and external sources, and it verifies every user and device attempting to access resources.
Here are the key principles of this software development trend:
• Identity verification: individuals need to authenticate their identity before gaining access to resources. This often includes multifactor authentication and reliable verification methods.
• Least privilege access: users are granted the minimum access required to perform their tasks. Access is limited only to essential elements, reducing the potential impact of a security breach.
• Micro-segmentation: involves segmenting the network at a granular level, allowing isolation and protection of individual resources.
• Data encryption: encryption is applied both during transmission and at rest to safeguard data from unauthorized access.
• No implicit trust: applying the principle of "never trust, always verify," meaning verification is necessary at every stage of access.
The article discusses modern challenges and approaches to cybersecurity amidst the rapid development of cloud technologies. Specifically, it analyzes the shift in container usage in software deployment and its impact on the cybersecurity model. Security approaches based on the concept of Zero Trust Architecture (ZTA) are highlighted in the context of new demands and opportunities.
The article elaborates on key logical components of ZTA, such as policy mechanism and policy administrator, pointing out their interaction in creating a secure environment. It also provides an overview of data sources used for creating access policy rules and their consideration in ZTA mechanisms. Additionally, approaches to implementing ZTA for operational workflows in corporate environments are proposed: enhanced identity management, logical micro-segmentation, and network-based segmentation. Each of these approaches has its advantages and is considered based on the needs of individual organizations.

Keywords: architecture; cybersecurity; enterprise; network security; zero trust; zero trust architecturе; policy; policy mechanisms.

Downloads

Published

2024-06-25

Issue

No. 3 (2024)

Section

Articles