In cybersecurity, "trust" is one of the most misunderstood concepts. Organizations have traditionally relied on perimeter-based defenses, trusting that anything inside their network was legitimate. This approach is no longer sufficient. Most organizations are discovering that policing activity within their networks is the crucial next step.
The Zero Trust model challenges the outdated idea of assumed trust and replaces it with continuous verification. But what does "trust" really mean in cybersecurity, and why is assumed trust so dangerous?
What is Trust in Cybersecurity?
Trust in IT is the assumption that a user, device, application, or service (A.K.A. a “subject”) is:
- Who or what it claims to be
- Allowed access to the resource it is requesting
- Configured and behaving in an expected way
- Free from compromise
- Allowed to take the actions it is currently taking
This is a significant list of assumptions. In a traditional network architecture, a subject is required to authenticate once, and then the above assumptions are held until the session is logged out. This is extremely dangerous, as it allows malicious actors to reside inside corporate networks for weeks or months while they gradually move laterally and expand their privileges.
The Dangers of Assumed Trust
Assumed trust introduces serious vulnerabilities into any network. Some of the most common include:
- Compromised Devices: Even legitimate users are vulnerable to compromise. This is particularly likely if the user is outside the corporate perimeter, is using their personal device (BYOD), or is a partner or customer that is not subject to the same security requirements as an internal user.
- Post-Login Compromise: A device may initially be secure but become compromised while connected to the network. If trust is assumed following a single authentication, there’s no easy way to detect this.
- Stolen Credentials: Perimeter defenses are beatable. Malicious actors can easily defeat a single authentication requirement—often using legitimate credentials. In traditional architectures, it’s common for malicious actors to ‘dwell’ within networks for weeks or months before acting on their objectives.
- Untrusted Environments: Today, many users connect from potentially hostile networks, including infected home networks and public WiFi. As a result, even legitimate users can pose a significant risk to the network.
How Zero Trust Mitigates Assumed Trust
Zero Trust reduces the risks above by forcing subjects to prove their trustworthiness every time they attempt to access a resource.
Under a Zero Trust Architecture, three types of proof are demanded every time a resource is requested:
- User identity—Who is this user, service, or application, and should it have access to this resource?
- Device identity—Is the device or infrastructure this request originates from known and expected?
- Device health—Is this device in the expected state and free from compromise?
As described earlier, policies for establishing the legitimacy of these three proofs are dynamic and constantly updated. The result is an access and authorization architecture that looks like this:
Note that the policy engine is continuously fed with data from many sources, enabling it to assess user identity, device identity, and device health in real-time with a high degree of confidence.
Once proofs are accepted, the subject is allowed precisely the access needed to perform its function, for the minimum necessary period. If the subject needs access to further resources, the process repeats.
The term Zero Trust implies a total removal of trust from the environment. However, in practice, there is still a degree of trust—it’s just not assumed automatically. A legitimate user who behaves normally and can prove their identity and device state is temporarily trusted to access a resource. If the user is compromised—either by an undetectable threat or a real-world situation—this could still backfire.
However, by substantially reducing the level of trust within an IT environment, organizations can similarly reduce the risk of malicious presence and behaviors.
The Missing Components of Zero Trust
Most discussions of Zero Trust focus on identity and access, but that's only a part of the picture. True Zero Trust is dependent on the integrity of an organization's systems and configurations.
Our report, ‘The Missing Components of Zero Trust,’ explores the significant gaps in existing Zero Trust guidance and details the most important concepts and capabilities required to close those gaps.
Download the report to learn:
- The Core Principles and 7 Tenets of Zero Trust.
- How the Zero Trust strategy and architecture eliminate implicit trust.
- How to elevate your security posture and avoid making the most common Zero Trust mistakes.
- The answer to the question, "Does Zero Trust actually work?"
