Maintain the Zero Trust Security Model

Learning Objectives

After completing this unit, you’ll be able to:

Identify challenges to implementing Zero Trust (ZT).
Explain the ongoing work required to maintain ZT.
List methods to measure the effectiveness of your ZT architecture.

Challenges to Implementing Zero Trust

You’ve architected your new Zero Trust cloud infrastructure, developed and implemented ZT policies and controls, and are monitoring your ZT environment. But your work here isn’t done. You need to continue to maintain the security measures you’ve implemented in order for your ZT security model to remain scalable and effective. Let’s take a look at some challenges to implementing ZT, which are useful to be aware of as you continue your ZT security journey in the cloud.

Zero Trust Requires Ongoing Maintenance

Unfortunately, there’s no on switch or one-and-done way to adopt a ZT security approach. Maintaining a ZT security model is a long-term commitment that requires constant attention, time, staff, and financial resources. However, the value of up-to-date security practices and the cyber resilience that often follows is worthwhile in the long run.

ZT is a sweeping initiative with a wide scope, and it requires strategic customization to your environment. It’s a best practice for your organization to implement an incremental roadmap with practical guides to support your ZT journey.

For example, a ZT architecture requires your organization to have real-time awareness and detailed knowledge of its assets (physical and virtual), users, and business processes. This requires a continuous evaluation of assets, users, data flows, and workflows within your cloud environment. If this isn’t present, you need to put it in place before proceeding.

Once this foundational information awareness of your cloud environment is established, it’s a good idea to implement a regular cycle of monitoring, maintenance, and updating. Reassess the current state by performing ongoing security assessments, and address any gaps to validate success. It’s also key to empower resource managers to manage access to their resources more effectively, and help gain traction with those responsible for the funding, prioritization, and implementation of ZT in order for it to be effective.

Implementing Zero Trust Across Disparate Environments

Modern organizations have highly complex and distributed infrastructures. Information technology (IT) leaders face the challenge of creating a ZT strategy that accounts for an environment that can have hundreds of databases, servers, proxies, internal applications, third-party applications, and more.

To further complicate matters, each of these can run in multiple physical and cloud data centers, each with its own network and access policies. What’s more, these various technologies are subject to change, whether through configuration management, upgrades, or decommissioning activities. Your organization’s security architects must be aware of how to implement its enterprise ZT architecture with each cloud provider it utilizes.

Two puzzle pieces being put together, one with a cloud and one with a physical data center

Zero Trust Can Impact User Experience

Another challenge of implementing ZT is locking down access without bringing workflows to a grinding halt. People require access to sensitive data to work, communicate, and collaborate. If individuals face excessive access and authentication control restrictions, their productivity can plummet. You can mitigate this by implementing adaptive controls and single sign-on (SSO) to reduce user password fatigue. For example, you can relax the reverification process for low-risk resources or less sensitive data.

Zero Trust Requires the Right Staff

A lack of relevant expertise and stakeholder buy-in can pose challenges for implementing ZT at your organization. Your IT and operational technology (OT) security teams need time, subject expertise, and skills to implement ZT best practices and stay abreast of new ZT technologies and trends. They also need to be able to demonstrate the benefits of the ZT security model to your organization's leaders. To enable the ZT security approach to be successful at your organization in the long haul, your staff must be knowledgeable in the underlying technologies, such as microsegmentation.

Maintaining the Zero Trust Security Model

There’s no silver bullet solution when it comes to implementing the ZT security model in the cloud. But there are concrete steps you can take to set up your ZT implementation for success. One of the first key steps you can take is to not only develop, but also maintain the policies and resources needed to support ZT, and verify that they’re functioning as intended.

For example, once your organization creates a baseline of each component or device in the infrastructure and applies hardening principles using set standards, it’s a best practice to also remediate failed configurations along the way. In doing so, you update the baseline with each remediated configuration so that it remains up to date. By maintaining an updated baseline of your infrastructure, you strengthen the integrity of your environment, which enables ZT security over time.

The same is true of your access control policies. Once they’re enforced, it’s important to evaluate their effectiveness, adjust as needed, and normalize them within your environment, setting new baselines as necessary. One way to aid in maintenance is to implement automation to help maintain access control lists. For example, if an employee switches roles or leaves the company, there needs to be an automated process that informs the necessary teams within your organization (including your security team) of the change, so they can update or terminate the employee’s access as necessary.

Another aspect of maintaining ZT security is continuously monitoring the network. On an ongoing basis, review logs and identify anomalies in traffic, both at the network level (for example, traffic accessing a prohibited IP address) and at the application level (for example, an application user trying to call a prohibited API). You collect and analyze metrics to compare against established baselines, and set automated alerts for unexpected behaviors or security events to inform the appropriate staff of any anomalies. These steps provide vital insights for evolving your ZT cloud environment and its policies.

Measure the Effectiveness of Your Zero Trust Implementation

To better enable your ability to maintain your ZT security implementation in the cloud, you can collect, analyze, and report on metrics. Metrics can assist you in every step of the ZT security model implementation process, from identifying where to begin to defining key milestones and describing what success looks like.

In implementing ZT, you use tools like security information and event management (SIEM), advanced security analytics platforms, security user behavior analytics, and other analytics systems to help your security team observe in real-time what’s happening within your IT or OT environment so they can orient defenses more intelligently. Focusing on the analysis of cyber-related event data can help your security team develop and adapt proactive security measures before an actual incident occurs.

In the maintenance phase of your ZT implementation, metrics can help you illustrate to your leadership the measurable gains in delaying attackers and containing lateral movement. You can test your ZT implementation’s effectiveness against industry-standard frameworks, such as the MITRE ATT&CK® knowledge base, which can enable you to better measure how well your architecture helps defend you from adversary reconnaissance, execution, defense evasion, and more. Some metrics to aid you in this analysis include:

Number of detectable events and indicators of compromise (IOCs)
Improvements in time to detect an attack by enhancing threat hunting capabilities
Improvements in time to contain an attack (like ransomware)

To aid you in measuring the effectiveness of your ZT implementation, you can leverage your in-house security team to build and analyze data on the performance of security controls, and hire an independent red team specialist to perform the role of an attacker. Wherever possible, you simplify the collection and analysis of metrics and testing using automation. By continually monitoring the operational aspects of your cybersecurity measures, you can further strengthen your ZT implementation in the cloud. These measures are the building blocks to help you synchronize risk management, policy, and practice.

Knowledge Check

Ready to review what you’ve learned? The following knowledge check isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the True/False category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.

Great work!

Sum It Up

In this module, you’ve been introduced to how to implement the ZT security model in the cloud. You’ve also learned about the challenges to implementing ZT, and the ongoing work required to maintain ZT in your cloud environment in the long run.

Along with the information you reviewed in the Zero Trust Security module, you now have a better understanding of what it takes to get started with ZT at your organization. Interested in learning more about cybersecurity roles and hearing from security professionals? Check out the Cybersecurity Learning Hub on Trailhead.