{"id":90507,"date":"2023-08-08T08:32:20","date_gmt":"2023-08-08T14:02:20","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=90507"},"modified":"2024-04-04T10:47:06","modified_gmt":"2024-04-04T05:17:06","slug":"zero-trust-architecture-principles","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/","title":{"rendered":"Guiding Principles of Zero Trust Architecture : AZ-900 Certification"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">These days, we hear a lot about cyber problems like hacking and fake emails. Because more things are connected to the internet, like phones and remote work setups, companies need to make sure their security plans match their business goals.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to Gartner&#8217;s projection, around<strong> 60% of organizations<\/strong> will adopt a zero-trust security strategy by 2025. <\/span><span style=\"font-weight: 400;\">In career prospects, upskilling your knowledge in zero trust can be beneficial in clearing up the <\/span><a href=\"https:\/\/www.whizlabs.com\/microsoft-azure-certification-az-900\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">AZ-900: Microsoft Fundamenta<\/span><span style=\"font-weight: 400;\">ls <\/span><\/a><span style=\"font-weight: 400;\">exam.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This zero-trust architecture article delves deep into the origins of the zero-trust concept, its core principles, how it works, and use cases of the zero-trust model.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s dig in!<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#What_is_Zero_Trust_Architecture\" >What is Zero Trust Architecture?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#Why_the_Zero_Trust_Model\" >Why the Zero Trust Model?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#How_Zero_Trust_Works\" >How Zero Trust Works?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#Core_Principles_of_the_Zero_Trust_Architecture_AZ-900_Certification\" >Core Principles of the Zero Trust Architecture: AZ-900 Certification<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#Use_cases_of_Zero_Trust_Architecture_AZ-900_Certification\" >Use cases of Zero Trust Architecture: AZ-900 Certification<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#FAQs\" >FAQs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/zero-trust-architecture-principles\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"What_is_Zero_Trust_Architecture\"><\/span><span style=\"font-weight: 400;\">What is Zero Trust Architecture?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Zero trust<\/span><span style=\"font-weight: 400;\"> refers to the strategic approach employed in cybersecurity to offer security to an organization by eradicating implicit trust and validation of digital interaction occurs at every stage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Choosing Zero Trust means using smart tools and rules that make things both safe and flexible for the company.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The concept of the <strong>zero-trust security model<\/strong> involves a <\/span><span style=\"font-weight: 400;\">cybersecurity <\/span><span style=\"font-weight: 400;\">strategy where access to an organization&#8217;s digital assets is not assumed and is instead granted selectively based on user and device authentication.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This approach ensures that authorized users and devices have specific access to the necessary applications, data, services, and systems essential for their roles.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The zero trust model follows a \u201c<\/span><b>never trust, always verify policy<\/b><span style=\"font-weight: 400;\">\u201d to allow only trusted individuals to access critical data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Zero trust architecture ensures the security of the network through the following methods:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Robust authentication techniques<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Network segmentation<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prevention of lateral movement<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">\u00a0Layer 7 Threat Prevention<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Usage of least access policies<\/span><\/li>\n<\/ul>\n<blockquote><p>Also Read: Overview of <span data-sheets-root=\"1\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;ARM Template: Azure Resource Manager Template | Overview (whizlabs.com)&quot;}\" data-sheets-userformat=\"{&quot;2&quot;:513,&quot;3&quot;:{&quot;1&quot;:0},&quot;12&quot;:0}\" data-sheets-hyperlink=\"https:\/\/www.whizlabs.com\/blog\/azure-resource-manager-template-overview\/\"><a class=\"in-cell-link\" href=\"https:\/\/www.whizlabs.com\/blog\/azure-resource-manager-template-overview\/\" target=\"_blank\" rel=\"noopener\">ARM Template: Azure Resource Manager Template\u00a0<\/a><\/span><\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Why_the_Zero_Trust_Model\"><\/span><span style=\"font-weight: 400;\">Why the Zero Trust Model?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Adopting <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/zero-trust\" target=\"_blank\" rel=\"noopener\">Zero Trust Model<\/a> means using technology and methods that make businesses flexible and secure. Here&#8217;s why it matters:<\/span><\/p>\n<div class=\"react-scroll-to-bottom--css-ojwkj-1n7m0yu\">\n<div class=\"flex flex-col pb-9 text-sm\">\n<div class=\"w-full text-token-text-primary sm:AIPRM__conversation__response\" data-testid=\"conversation-turn-3\">\n<div class=\"px-4 py-2 justify-center text-base md:gap-6 m-auto\">\n<div class=\"flex flex-1 text-base mx-auto gap-3 md:px-5 lg:px-1 xl:px-5 md:max-w-3xl lg:max-w-[40rem] xl:max-w-[48rem] group final-completion\">\n<div class=\"relative flex w-full flex-col lg:w-[calc(100%-115px)] agent-turn\">\n<div class=\"flex-col gap-1 md:gap-3\">\n<div class=\"flex flex-grow flex-col max-w-full\">\n<div class=\"min-h-[20px] text-message flex flex-col items-start gap-3 whitespace-pre-wrap break-words [.text-message+&amp;]:mt-5 overflow-x-auto\" data-message-author-role=\"assistant\" data-message-id=\"75097c5f-80a3-46dc-8144-892c17a394c9\">\n<div class=\"markdown prose w-full break-words dark:prose-invert light\">\n<ul>\n<li>In 2023, financial organizations faced significant financial implications as they expended an average of <strong>$2.23 million<\/strong> to achieve full recovery after falling victim to ransomware attacks.<\/li>\n<li>According to research conducted by Sophos, a notable <strong><a href=\"https:\/\/invenioit.com\/continuity\/ransomware-attacks-finance\/\" target=\"_blank\" rel=\"nofollow noopener\">55% of the reported attacks<\/a> stemmed from human error<\/strong>, primarily resulting from compromised credentials, phishing incidents, or malicious emails. These findings underscore the critical role that cybersecurity awareness and robust measures play in safeguarding financial institutions against the escalating threat landscape.<\/li>\n<\/ul>\n<p><span style=\"font-size: 16px; font-weight: 400;\">Before a company can use Zero trust architecture, it needs to create special codes for its employees, their devices, and the apps they use. And the most important thing is that all these things work together quickly and smoothly so there are no delays when people use apps or software.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"How_Zero_Trust_Works\"><\/span><span style=\"font-weight: 400;\">How Zero Trust Works?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The main idea of zero trust is pretty straightforward: assume that everything might be a potential threat right from the beginning. This is a big shift from the old way of securing networks, which focused on protecting a central hub and a safe boundary around it.\u00a0<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-94153 \" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust-1024x566.webp\" alt=\"Mocrosoft zero trust\" width=\"724\" height=\"400\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust-1024x566.webp 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust-300x166.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust-768x424.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust-1536x849.webp 1536w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust-150x83.webp 150w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/Mocrosoft-zero-trust.webp 1828w\" sizes=\"(max-width: 724px) 100vw, 724px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">This older approach used things like <\/span><b>approved codes and pathways<\/b><span style=\"font-weight: 400;\"> to decide who&#8217;s allowed in, including people who connect using remote access tools.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But with zero trust, all data is moving around, even if it&#8217;s already inside the safe zone, and it is treated with caution. For instance, computer tasks are not allowed to communicate unless they prove themselves using a unique ID or user details.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This kind of security based on identity makes sure things stay safe no matter where they go\u2014like if they&#8217;re in a cloud, a mix of systems, or even on a personal computer.<\/span><\/p>\n<blockquote><p>Also Read: How to Implement a<a href=\"https:\/\/www.whizlabs.com\/blog\/implementing-zero-trust-architecture\/\" target=\"_blank\" rel=\"noopener\"> Zero Trust Architecture<\/a>: A step by step guide<\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">What&#8217;s cool is that zero trust doesn&#8217;t care where things are. It keeps apps and services safe as they move between different places. Moreover, it doesn&#8217;t need to change how things are set up or follow strict rules.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"> Zero trust architecture makes sure that users, devices, and apps can be connected safely, no matter the network they&#8217;re in and thus achieving digital changes safer and smoother.<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-90512\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network.png\" alt=\"zero trust architecture\" width=\"2100\" height=\"900\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network.png 2100w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network-300x129.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network-1024x439.png 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network-768x329.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network-1536x658.png 1536w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network-2048x878.png 2048w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/how-to-build-zero-trust-network-150x64.png 150w\" sizes=\"(max-width: 2100px) 100vw, 2100px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Core_Principles_of_the_Zero_Trust_Architecture_AZ-900_Certification\"><\/span><span style=\"font-weight: 400;\">Core Principles of the Zero Trust Architecture: AZ-900 Certification<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Zero trust architecture represents more than just user authentication, network segmentation, and secure entrance points. It&#8217;s a comprehensive cybersecurity strategy that lays the foundation for an entire security ecosystem. The zero trust model revolves around three fundamental principles in AZ-900:<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>\u00a01. Continuous Verification:<\/strong> This kind of verification means forsaking trust in specific zones, credentials, or devices, hence the motto will be &#8220;Never Trust, Always Verify.&#8221; To ensure ongoing verification across an expansive array of assets, a few critical components are considered and they are:<\/span><\/p>\n<ul>\n<li><strong>Risk-Based Conditional Access:<\/strong> <span style=\"font-weight: 400;\">This approach guarantees that workflows are only interrupted when risk levels change. This kind of approach allows for perpetual verification without compromising user experience. This means that validation is prompted only when a situation warrants it, maintaining security without causing undue disruptions.<\/span><\/li>\n<li><strong>Swift and Scalable Dynamic Policy Deployment:<\/strong> <span style=\"font-weight: 400;\">With frequent migrations of workloads, data, and users, policies must not solely consider risk, but also accommodate compliance and IT requisites. While Zero Trust doesn&#8217;t exempt organizations from these obligations, its strength lies in adapting policies to the evolving landscape.<\/span><\/li>\n<\/ul>\n<p><b>\u00a02. Limiting Radius of Breaches: <\/b><span style=\"font-weight: 400;\">In the event of a breach, securing the network becomes paramount. Zero Trust serves to restrict an attacker&#8217;s access to credentials or entry points and thus achieving affordability to systems and personnel the opportunity to respond and mitigate the assault.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Identity-Driven Segmentation:<\/strong> Unlike conventional network segmentation, Zero Trust employs segmentation based on identities which can be operationally cumbersome due to frequent fluctuations in workloads, users, data, and credentials, Zero Trust employs segmentation based on identities. This provides a more agile and adaptable means of enforcing boundaries.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Principle of Least Privilege:<\/strong> Whenever credentials are deployed, even for non-human entities like service accounts, it is essential to extend the permissions only to the bare minimum necessary for task execution. Overprivileged service accounts are often targeted in attacks due to under-monitoring and excessive permissions.<\/span><\/li>\n<\/ul>\n<p><b>3. Automated Context Gathering and Response:<\/b><span style=\"font-weight: 400;\"> To make sound decision-making, the availability of comprehensive data is significant, as long as it can be swiftly processed and acted upon in real time. NIST (National Institute of Standards and Technology) offers insights on how to utilize the data from these sources:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>User Credentials:<\/strong> This includes both human and non-human credentials, covering service accounts, non-privileged accounts, and privileged accounts, including Single Sign-On (SSO) credentials.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Workloads:<\/strong> Making use of <a href=\"https:\/\/www.whizlabs.com\/blog\/azure-70-533-creating-virtual-machines\/#:~:text=Virtual%20machines%20(VMs)%20are%20the,premises%20services%20into%20the%20cloud.\">virtual machines (VMs)<\/a>, containers, and hybrid deployments of workloads helps in understanding the operational environment.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Endpoints:<\/strong> All devices employed for accessing data contribute to contextual insights, aiding in informed decisions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Network:<\/strong> The network landscape is a valuable source of information and it helps to know the traffic patterns and potential anomalies.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Data:<\/strong> Understanding data flow and usage is necessary for comprehensive protection.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Additional Sources via APIs:<\/strong> Supplemental information can be gathered from sources like Security Information and Event Management (SIEM) systems, Single Sign-On (SSO) providers, and identity management systems like <a href=\"https:\/\/www.whizlabs.com\/blog\/what-is-azure-active-directory-all-that-you-should-know\/\" target=\"_blank\" rel=\"noopener\">Active Directory (AD)<\/a>.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Threat Intelligence:<\/strong> Relying on external threat intelligence sources further enriches the contextual understanding and enhances response capabilities.<\/span><\/li>\n<\/ul>\n<blockquote><p>Know More : Free <a href=\"https:\/\/www.whizlabs.com\/blog\/az-900-certification-exam-questions\/\" target=\"_blank\" rel=\"noopener\">AZ-900 Exam Questions<\/a> on Microsoft Azure Exam AZ-900 Certification<\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Use_cases_of_Zero_Trust_Architecture_AZ-900_Certification\"><\/span><span style=\"font-weight: 400;\">Use cases of Zero Trust Architecture: AZ-900 Certification<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Zero trust architecture, a comprehensive cybersecurity approach, offers several practical applications:<\/span><\/p>\n<h4><span style=\"font-weight: 400;\">Reducing Business and Organizational Risk<\/span><\/h4>\n<p><span style=\"font-weight: 400;\">\u00a0Zero Trust ensures that applications and services only communicate when their identity attributes are verified when they are aligned with trust principles like authentication and authorization.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By uncovering network assets and monitoring their interactions, a zero trust approach can minimize risks. It establishes baselines and further reduces risk by eliminating unnecessary software and continuously validating the &#8220;credentials&#8221; of every communicating element.<\/span><\/p>\n<h4><span style=\"font-weight: 400;\">Gaining Control in Cloud and Container Settings<\/span><\/h4>\n<p><span style=\"font-weight: 400;\">When dealing with cloud environments, concerns about access management and visibility are common. Zero Trust applies security policies based on the identity of interacting workloads, closely tied to the assets themselves. This proximity to protection remains constant despite changes in the environment, ensuring security is maintained even in cloud scenarios.<\/span><\/p>\n<h4><span style=\"font-weight: 400;\">Mitigating Data Breach Risks<\/span><\/h4>\n<p><span style=\"font-weight: 400;\">Zero Trust follows the principle of least privilege and treats every entity as potentially hostile. Requests are carefully examined, users and devices authenticated, and permissions evaluated before granting any &#8220;trust.&#8221;\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This Zero trust architecture trust is consistently reassessed as contextual factors shift, such as user location or accessed data. This stringent approach blocks attackers from accessing or stealing data and eliminates lateral movement within networks.<\/span><\/p>\n<h4><span style=\"font-weight: 400;\">Assisting Compliance Efforts<\/span><\/h4>\n<p><span style=\"font-weight: 400;\">Zero Trust keeps user and workload connections hidden from the internet to safeguard them from exposure or exploitation. This invisibility streamlines the demonstration of compliance with regulatory standards like PCI DSS and NIST 800-207.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The implementation of Zero Trust micro-segmentation creates boundaries around sensitive data, aiding in separating regulated and non-regulated information. This setup enhances visibility and control, resulting in fewer compliance issues during audits or data breach incidents.<\/span><\/p>\n<blockquote><p>Read More: <span data-sheets-root=\"1\" data-sheets-value=\"{&quot;1&quot;:2,&quot;2&quot;:&quot;Top 7 Expert Tips for Acing the AZ-900 Exam (whizlabs.com)&quot;}\" data-sheets-userformat=\"{&quot;2&quot;:573,&quot;3&quot;:{&quot;1&quot;:0},&quot;5&quot;:{&quot;1&quot;:[{&quot;1&quot;:2,&quot;2&quot;:0,&quot;5&quot;:{&quot;1&quot;:2,&quot;2&quot;:0}},{&quot;1&quot;:0,&quot;2&quot;:0,&quot;3&quot;:3},{&quot;1&quot;:1,&quot;2&quot;:0,&quot;4&quot;:1}]},&quot;6&quot;:{&quot;1&quot;:[{&quot;1&quot;:2,&quot;2&quot;:0,&quot;5&quot;:{&quot;1&quot;:2,&quot;2&quot;:0}},{&quot;1&quot;:0,&quot;2&quot;:0,&quot;3&quot;:3},{&quot;1&quot;:1,&quot;2&quot;:0,&quot;4&quot;:1}]},&quot;7&quot;:{&quot;1&quot;:[{&quot;1&quot;:2,&quot;2&quot;:0,&quot;5&quot;:{&quot;1&quot;:2,&quot;2&quot;:0}},{&quot;1&quot;:0,&quot;2&quot;:0,&quot;3&quot;:3},{&quot;1&quot;:1,&quot;2&quot;:0,&quot;4&quot;:1}]},&quot;8&quot;:{&quot;1&quot;:[{&quot;1&quot;:2,&quot;2&quot;:0,&quot;5&quot;:{&quot;1&quot;:2,&quot;2&quot;:0}},{&quot;1&quot;:0,&quot;2&quot;:0,&quot;3&quot;:3},{&quot;1&quot;:1,&quot;2&quot;:0,&quot;4&quot;:1}]},&quot;12&quot;:0}\" data-sheets-hyperlink=\"https:\/\/www.whizlabs.com\/blog\/pro-tips-az-900-microsoft-azure-fundamentals\/\">Expert Tips for Acing the<a class=\"in-cell-link\" href=\"https:\/\/www.whizlabs.com\/blog\/pro-tips-az-900-microsoft-azure-fundamentals\/\" target=\"_blank\" rel=\"noopener\"> AZ-900 Exam\u00a0<\/a><\/span><\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"FAQs\"><\/span><span style=\"font-weight: 400;\">FAQs<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>What are the 5 pillars of the Zero Trust Model?<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Identity<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Devices<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Network<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Data and Applications<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Workloads<\/span><\/li>\n<\/ul>\n<p><b>Can you give an example of zero trust?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Here are four cases showing how zero trust enhances security:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Third-Party Access: Ensuring external entities meet stringent verification for resource access.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Multi-Cloud Remote Access: Consistent access controls across various cloud platforms.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.whizlabs.com\/blog\/internet-of-things-iot-bane-or-boon\/\" target=\"_blank\" rel=\"noopener\">IoT Security<\/a>: Authenticated and monitored interactions for IoT devices.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Insider Threat Prevention: Detecting unusual user and device behavior early on.<\/span><\/li>\n<\/ul>\n<p><b>What are the components of Zero Trust architecture in AZ-900 Certification?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The core components of zero trust architecture are:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Zero Trust Network Access (ZTNA)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><a href=\"https:\/\/www.whizlabs.com\/blog\/two-factor-authentication\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Multi-Factor Authentication<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Real-Time Monitoring<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Microsegmentation<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Trust Zones and Default Access Controls<\/span><\/li>\n<\/ul>\n<div class=\"ast-oembed-container \" style=\"height: 100%;\"><iframe title=\"6 Tips &amp; Tricks to Pass AZ-900 Certification Exam - Microsoft Azure Fundamentals | Whizlabs #shorts\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/hI-my20Cc7I?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><span style=\"font-weight: 400;\">Conclusion<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Hope this zero trust architecture article covers everything about the core principles of zero-trust architecture AZ:900 and the importance of zero trust in today\u2019s digital transformation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">And also you have gained detailed insights into the Zero trust model, zero trust principles and how the zero trust architecture works, and use cases of zero trust.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To further enrich your understanding of zero trust architecture in practice, try our <a href=\"https:\/\/www.whizlabs.com\/labs\/library\" target=\"_blank\" rel=\"noopener\">Azure <\/a><\/span><span style=\"font-weight: 400;\">hands-on labs<\/span><span style=\"font-weight: 400;\"> and<a href=\"https:\/\/www.whizlabs.com\/labs\/sandbox\" target=\"_blank\" rel=\"noopener\"> Azure <\/a><\/span><span style=\"font-weight: 400;\">sandboxes<\/span><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you have any doubts about this blog post, please feel free to comment to us!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>These days, we hear a lot about cyber problems like hacking and fake emails. Because more things are connected to the internet, like phones and remote work setups, companies need to make sure their security plans match their business goals.\u00a0 According to Gartner&#8217;s projection, around 60% of organizations will adopt a zero-trust security strategy by 2025. In career prospects, upskilling your knowledge in zero trust can be beneficial in clearing up the AZ-900: Microsoft Fundamentals exam. This zero-trust architecture article delves deep into the origins of the zero-trust concept, its core principles, how it works, and use cases of the [&hellip;]<\/p>\n","protected":false},"author":223,"featured_media":90511,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15],"tags":[5041,5030],"class_list":["post-90507","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-azure","tag-az-900","tag-zero-trust-architecture"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",1280,720,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-300x169.webp",300,169,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-768x432.webp",768,432,true],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-1024x576.webp",1024,576,true],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",1280,720,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",1280,720,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",24,14,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",48,27,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",96,54,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",150,84,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture.webp",300,169,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-640x720.webp",640,720,true],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-96x96.webp",96,96,true],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/08\/guiding-principles-of-zero-trust-architecture-150x84.webp",150,84,true]},"uagb_author_info":{"display_name":"Dharmendra Digari","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/dharmendrawhizlabs-com\/"},"uagb_comment_info":2,"uagb_excerpt":"These days, we hear a lot about cyber problems like hacking and fake emails. Because more things are connected to the internet, like phones and remote work setups, companies need to make sure their security plans match their business goals.\u00a0 According to Gartner&#8217;s projection, around 60% of organizations will adopt a zero-trust security strategy by&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/90507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/223"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=90507"}],"version-history":[{"count":22,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/90507\/revisions"}],"predecessor-version":[{"id":94279,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/90507\/revisions\/94279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/90511"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=90507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=90507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=90507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}