Zero Trust
Zero trust is where the device or user is no longer trusted by the network. This is effective in the context of verify explicitly, least privilege, and assume breach. These are the three main concepts of zero trust. There are also six foundational pillars that are Identity, Endpoints, Application, Data, Infrastructure and Networks. This zero-trust model is a foundational security strategy that removes the perimeter-based security to a new model where users are no longer trusted by the network.
Zero Trust Concepts
These are combined into a zero-trust matrix where the user or device must be verified explicitly, meaning that the user should re-authenticate as needed to maintain security. Applying the concept of least privilege also allows the user to only be given permissions to what they need to do their job role. The assume breach concept is when there is an assumption that the attacker has already established a foothold in the network.
By verifying explicitly, you can use the user identity, location metrics and things like device health to verify if a user should be authenticated. With using the least privilege, you can limit a user with just-enough-access in addition to risk-based policies to minimize a compromise. For the assuming breach concept you can design security policies with the mindset that attackers are already in. This could be by encrypting data or using analytics for detecting threats.
Foundational Pillars
Within the Microsoft Zero Trust implementation, it categorizes six foundational pillars. For Identity, there should be strong authentication verification of users, devices and services. Endpoints should comply with the service health metrics before gaining access. With Application make sure that you manage shadow IT and any unauthorized applications.
Data is considered to be zero trust by classifying, labeling and encrypting data to provide security where that data lives. Infrastructure should be monitored to detect anomalies and flag any activity on the severs or VMs that are suspicious. Using network segmentation and micro-segmentation provides an additional layer of security.
Conclusion
Zero trust is often paired with defense in depth where there are controls at different levels and an attacker would need to peel the onion layer by layer in order to breach a network. There are the foundational pillars of zero trust that add to the three core concepts and provide more knowledge of the defense in depth strategy.
I currently hold the SC-900 and the CCST Cybersecurity exams and can relate my knowledge to the concept of Zero Trust. If you are studying for any of these two exams try to remember to look at the exam topics. Try to also run through the topics to see where you are weaker and study them more. It is wise to set up a study plan and attack each exam with consistent study sessions.