Zero Trust / June 15, 2023

What Is Zero Trust?

Zero Trust is an approach to cybersecurity, not a product or even a specific architecture. The core principle of a Zero Trust approach is not to trust any user or asset on your network and work on the assumption that “an enterprise-owned environment is no different — or no more trustworthy — than any non-enterprise-owned environment” (from the 2020 NIST Special Publication 800-207 “Zero Trust Architecture”).

This apparently simple statement has many implications. At a philosophical level, Zero Trust means moving from an implicit trust-based approach where employees and enterprise-owned assets were assumed to be trustworthy to a posture where no user or asset is assumed to be trustworthy. It also means that trust must be continuously evaluated and verified on a transaction-by-transaction basis to ensure that only authorized people, workloads, or systems are accessing authorized data, devices, and assets. 

To achieve this, organizations must change not only their enterprise architecture but also their thinking and cultural approach to cybersecurity. In network architecture terms, this is often taken to mean that an enterprise should move its security defensive perimeter from the edge of the network to the assets within the network. However, for most organizations, it’s not an either/or situation, as security-conscious organizations are unlikely to abandon their perimeter defenses. Instead, most organizations will augment perimeter-based security with internal controls (for example, network- and host-based controls) as close as possible to the data they need to protect. This “defense in depth” concept is an old one, but it is time-tested and required if an organization is to move to a Zero Trust approach to security.

Zero Trust Is a Journey

It has become a cliché that Zero Trust is a journey, not a destination. This is true, and, as already mentioned, Zero Trust is a cultural journey as much as a technical journey — and it is often a journey imposed on an organization by executive mandate. This blog will look at the technical aspects of this journey. While its cultural aspects are in many ways harder to implement, they must not be overlooked, as it is now widely accepted that user training, behavior, and buy-in are critical to Zero Trust success.

While Zero Trust is a journey, it is a journey for which there are now several roadmaps. These roadmaps or models have been developed by various standards bodies and technology vendors. At first glance, these models may appear very different, but on closer examination, they have more commonalities than differences. Here is one of the typical ways that a Zero Trust model is represented:

Figure 1. CISA Zero Trust Model as defined in the April 2023 Cybersecurity and Infrastructure Security Agency publication Zero Trust Maturity Model.

One of the key things these models have in common is the need for visibility. This is shown as one of the foundation layers in this model. Visibility is critical to Zero Trust because, to close this section with another cliché, you can’t protect what you can’t see. This is why visibility and analytics are built in as one of the foundational layers of the CISA Zero Trust model.

Visibility Enables the Three Key Principles of Zero Trust

Although Zero Trust models often show multiple pillars and foundational layers, at its core, Zero Trust is based on three key principles: Adopt a breach mentality, never trust, and continuously verify. These principles assume that organizations have full visibility of all the hardware and software assets, applications and data assets, users, and devices on their networks. This visibility enables these Zero Trust principles to be effectively implemented.

Adopt a Breach Mentality

With the increased number and sophistication of cyberattacks, organizations implementing a Zero Trust architecture must assume that they have already been breached and will be breached again — on a repeated basis — in the future. As such, they must ensure their architecture enables them to identify attacks and breaches quickly and accurately. Further, the architecture should have controls, such as segmentation, that can limit the impact of these attacks, often called “the blast radius.”

At a practical level, this is achieved by developing a defense-in-depth security posture at all levels of the network, from the perimeter to protecting high-value data assets. 

Never Trust

This is the most easily understood of the Zero Trust principles but one of the hardest to put into practice since most systems within an organization have been traditionally built around an implicit trust model that assumed the trustworthiness of users, devices, and controls.

There is obviously a significant gap, if not outright contradiction, between the philosophy of never trusting any person or device and the teamwork and implicit trust-based cultures that most organizations have spent the last 20 or 30 years cultivating.

However, as difficult as these positions are to reconcile, it must be done, because analysis increasingly shows that a significant number (over 40 percent) of breaches are caused by employees or contractors acting criminally or in bad faith or by human error, such as IT staff making configuration errors or users sharing passwords.

Continuously Verify

The traditional implicit trust model assumed that once trust had been granted, it would — by default — always remain in place. However, this ignores a basic rule of organizational and human behavior — everything changes. For example, attackers get smarter and more patient; employees get careless, or their login credentials become compromised; old devices don’t get patched to the latest security levels, and so on. 

For this reason, Zero Trust is based on the principle that all users, devices, and other assets on the network must be continuously verified against a well-defined set of security policies that themselves must be continuously verified and updated. A key component of a Zero Trust network is a policy engine that has full visibility into all network activity and continuously verifies and enforces activity against these policies.

What Are the Benefits of a Zero Trust Architecture?

Building a Zero Trust architecture and realigning an organization’s policies and security culture to support this architecture is a significant undertaking. Therefore, organizations should be clear on the benefits they expect to achieve before they embark on this project. These might include:

  • Meeting governmental mandates, regulations, or guidelines
  • Reducing the cost of cyber insurance policies
  • Reducing the perceived risk or exposure to GDPR or similar liabilities
  • Standardizing security across disparate operating subsidiaries or divisions
  • Measuring and mitigating business and technology risks
  • Protecting brand reputation and trust

To achieve these benefits, 148 organizations surveyed in Q1 2023 identified the following Zero Trust use cases as their top priorities:

Figure 2. Results of the Pulse Survey “Approaches to Visibility in a Zero Trust” (2023), conducted by Gatepoint Research.

Whatever the expected benefits and priority use cases driving to a Zero Trust architecture, organizations must map out a clear and realistic strategy for their migration to Zero Trust. Gigamon, the industry leader in deep observability, has worked with thought-leader John Kindervag, formerly of Forrester Research and the man who originally coined the term “Zero Trust,” to develop a whitepaper that discusses:

  • Why maintaining high-fidelity visibility is at the heart of a successful approach to Zero Trust
  • How to eradicate blind spots and get true visibility
  • The five steps to building a Zero Trust network

“Gaining complete visibility into the network is like lighting up the whole street. When it comes to implementing Zero Trust, this is the best place to start.”

— John Kindervag, “Zero Trust and the Importance of Network Visibility”

Five Steps to Building a Zero Trust Network

Unless mandated by executive order or regulation, you should choose the ZTA model that best suits your organizational goals. One such model is that proposed by John Kindervag, who has defined the five steps necessary to build a Zero Trust network, which can be summarized as follows:

  1. Define your protect surface
    Defining your protected surface means identifying the data, applications, assets, and services that are important to your organization. Only by identifying these elements can you define and prioritize what needs to be protected as part of your Zero Trust approach.
  2. Map your transaction flows
    Among the key elements that need to be defined as part of the protect surface are the transaction flows that link users, applications, and data. Defining these flows will also help organizations understand where they need to place controls to protect and verify these critical flows of information.
  3. Architect the environment
    Once an organization has defined the protect surface and transaction flow, it is relatively straightforward to architect a Zero Trust network and to determine, for example, where firewalls or other tools that segment the network need to be located. A guiding principle for the design of a Zero Trust network is that these controls should be placed as close as possible to the assets that are being protected.
  4. Create Zero Trust policies
    There is nothing inherently complex about developing Zero Trust policies. In fact, most such policies can be developed by answering basic questions such as: Who should have access to a resource? What applications should they be allowed to access? When and in what circumstances should access be allowed? How will we verify that these policies are being enforced? Ultimately, each policy statement will come down to a simple “allow” or “deny,” but it may take massive amounts of data — and very complex criteria — to make that decision.
  5. Monitor and verify the network
    The final step in the process is to determine how an organization will instrument the network and what telemetry needs to be captured to ensure that Zero Trust policies are being followed and that this can be independently verified. For example, if telemetry is based on log files, what controls are in place to ensure that logs have not been tampered with? As we identified earlier, modern networks are in constant flux, so this process must be based on continuously observing and verifying the behavior of all network assets.

How the Gigamon Deep Observability Pipeline Helps You Build a Zero Trust Architecture

The Gigamon Deep Observability Pipeline provides visibility into all data in motion on the network, and, as identified in this blog, this is critical for implementing and continuously verifying a Zero Trust network.

Gigamon has extensive experience working with our customers to implement Zero Trust networks, especially within the federal government. To learn more about one such project, please read this customer success story about a Zero Trust project within the Department of Defense.

“The Gigamon platform enables us to feed all the different tool sets we have acquired and offers us X-ray capability, not only in the physical world but also in the virtual world.”

—David Jones, Chief architect of Zero Trust Cloud, Department of Defense

To learn more about how Gigamon can help you build a Zero Trust network, please visit the Zero Trust page of our website, or download the John Kindervag whitepaper.

Featured Webinars

Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.


People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today

Back to top