What is zero trust?

Zero trust is an approach to designing security architectures based on the premise that every interaction begins in an untrusted state. Past approaches to security started with implicit trust and 1-time authentication. But trends such as cloud adoption, growing reliance on mobile applications, the expansion of AI, and increasing remote work are spurring organizations to abandon traditional perimeter-based security in favor of zero trust. 

In a 2010 Forrester Research report (PDF), John Kindervag introduced the idea of zero trust, stating that the common approach to network security should be updated to a "verify and never trust" strategy. Traditional architectures that relied on a strong security perimeter were extremely vulnerable once an attacker got past that external layer. This castle-and-moat model meant users outside the external perimeter were untrusted, but everyone inside the network was trusted by default. If user credentials were compromised, the trust-by-default approach meant the entire environment was susceptible to attack.

Instead, Kindervag advocated zero trust as a new approach to information security that takes all network traffic to be untrusted, inspects and logs traffic throughout the system, and limits and enforces access control within the system. Previously, cyberattacks could gain access to 1 or more internal endpoints or assets before moving laterally across the network, exploiting weaknesses, exfiltrating controlled information, and launching further attacks. In a zero trust model, organizations continuously verify and authenticate connections between data, users, applications, and devices.

10 ways to simplify zero trust with Red Hat OpenShift

Zero trust security rests on several principles that protect sensitive data and services from vulnerabilities in network-perimeter and implicit-trust architectures, including:

Microsegmentation

Microsegmentation is a granular approach to network structure that divides access and limits user permissions to specific applications and services—restricting lateral movement, reducing attack surfaces, and containing data breaches.

Least-privilege access

When interactions can’t inherit trust based on name or location, every interaction is suspect. Deciding whether to allow any interaction becomes a business decision that must take benefits and risks into account. Least privilege is a security practice where users only get access to the resources they absolutely need. This helps limit the risk of insider threats. Each request for access to a resource is dynamically validated using identity management and risk-based, context-aware access controls.

Deperimeterization

Enterprises are no longer defined by geographic borders. Users operate from a variety of locations and endpoints, accessing resources from cloud, mobile, and edge environments that the organization may not own or control. Deperimeterization supplements traditional measures like firewalls and perimeters with a layered approach to security that includes encryption, data-level security, and reliable multifactor authentication measures. 

Assume breach

“Assume breach” means assuming the defensive perimeter has already been breached and that external-facing security controls are no longer effective. The assume breach principle helps organizations structure their environment so security is controlled redundantly within the system and not overly reliant on the defensive perimeter to mitigate malicious actions or reconnaissance. 

Insufficient security architecture is susceptible to sophisticated cyberattacks, and trust-and-verify security approaches become strained as networks expand to include more endpoints, assets, locations, and AI applications. 

To manage vulnerabilities, many enterprises are transitioning from virtual private networks (VPNs)—which permit secure access to an entire network—to a more granular Zero Trust Network Access (ZTNA), which segments access and limits user permissions to specific applications and services. This microsegmentation approach can help limit attackers’ lateral movement, reduce attack surfaces, and contain the impact of data breaches. 

Implementing a zero trust architecture doesn’t require comprehensively replacing existing networks or acquiring new technologies. Instead, the framework should strengthen existing security practices and tools. Many organizations already have the necessary foundation for a zero trust architecture and use practices that support it in their daily operations.

For instance, these critical components may already be present as part of a conventional security architecture:

• Identity and access management
• Authorization
• Automated policy decisions
• Ensuring resources are patched
• Continuous monitoring with transactions that are logged and analyzed
• Automation of repeatable activities that are prone to human error
• Behavioral analytics and threat intelligence to improve asset security

Zero trust has particular applicability to Kubernetes environments, because Kubernetes clusters assume the applications and containers running on them are trusted and don't require further authentication and authorization. If 2 services are running on the same Kubernetes cluster, they can access each other at a network level by default. This means zero trust for Kubernetes must provide a granular and comprehensive security posture and be able to secure containerized environments across diverse infrastructures to enforce zero trust consistently, regardless of deployment location. 

A critical aspect of achieving a robust zero trust security posture in Kubernetes is integrating a secure software supply chain. Software supply chain security ensures that container images and applications deployed within the cluster are verified, free from known vulnerabilities, and have not been tampered with throughout their lifecycle. By incorporating secure supply chain practices, organizations can extend the principles of zero trust to the very building blocks of their Kubernetes deployments, further reducing the attack surface and mitigating risks associated with compromised software components.

Like zero trust, confidential computing is gaining popularity as organizations increase their reliance on Kubernetes and cloud. Confidential computing adds a crucial layer of security by protecting the most vulnerable state of data—when it's being actively used—addressing concerns such as insider threats, multitenant cloud risks, and stringent regulatory compliance requirements. Confidential computing improves runtime encryption and workload isolation, as well as fine-grained remote attestation, which extends zero trust throughout the infrastructure. 

Because zero trust requires an ability to prove and verify identity for all users—both inside and outside the organization’s security perimeter—it’s necessary to ensure identities are associated with workloads and deployments and access is authorized and granted only when required. For organizations seeking a single identity framework across their hybrid cloud environments, the Secure Production Identity Framework For Everyone (SPIFFE) and SPIFFE Runtime Environment (SPIRE) framework provides a single root of trust that can be associated with workloads across on-premise and cloud platforms. 

SPIFFE is an open standard under the Cloud Native Computing Foundation (CNCF) umbrella that defines how to identify workloads and issue and validate identities without long-lived secret strings—sensitive pieces of identifying information such as passwords or application programming interface (API) keys that are valid for extended periods. SPIRE is an implementation of SPIFFE and provides a production-ready schema for managing identities across organizational deployments according to SPIFFE specifications. 

Find out how to implement a cross-cloud identity framework with SPIFFE/SPIRE

Zero trust is defined by compliance frameworks and industry standards that support organizations in enhancing their security posture, including:

• The National Institute of Standards and Technology (NIST) Special Publication 800-207 on zero trust architecture, published in 2020, outlines a definition of zero trust architecture and deployment models and covers use cases that could benefit from a zero trust approach.
• The U.S. Cybersecurity and Infrastructure Security Agency (CISA)’s Zero Trust Maturity Model is a roadmap for agencies as they transition to zero trust architecture. It includes 5 pillars organizations can consider as they work toward advancing their zero trust architecture: identity, devices, networks, applications and workloads, and data. With each of these pillars, organizations can consider how using visibility and analytics, automation and orchestration, and governance can support their goal of enforcing access to the right resources at the right time without granting excessive access.
• Executive Order 14028, issued in May 2021, mandates security enhancements intended to increase adoption of zero trust architecture. EO 14028 aims to improve software supply chain security, implement cybersecurity standards in the federal government, remove barriers to threat information sharing, establish a cybersafety review board, create a standardized playbook for responding to cybersecurity vulnerabilities and incidents, and improve cybersecurity investigation and remediation. 

Many organizations likely have some elements of zero trust already implemented in their environment. Several use cases lend themselves to a zero trust approach, including:

Reducing attack surfaces

The attack surface is the range of all possible points an attacker could exploit to extract data or gain access to critical systems. The shift to remote and hybrid work models as well as the growth of edge and AI deployments has significantly increased the available attack surface for organizations’ IT. When attack surfaces expand and evolve, potential vulnerabilities also increase. A zero trust model focuses on the critical data, applications, assets, and services (DAAS) that must be protected—the protect surface—and implements strict controls and monitoring to secure them. 

Identity and access management

Access and endpoint hygiene includes the measures an organization takes to maintain security and protect all assets within the network. Machine or workload identities are becoming more common as organizations adopt cloud-native ecosystems and advanced AI workflows. Workloads that span multiple cloud platforms cross identity domains, making zero trust principles critical. In the zero trust model, proving and verifying identity is a foundational element of security. A least-privilege approach to access management based on zero trust lets administrators define custom roles and grant specific, fine-grained permissions to ensure users have the minimum access necessary to accomplish their tasks, reducing threat potential. 

Securing the software supply chain

Bad actors seeking to infiltrate the software supply chain can compromise the security of open source components and dependencies early in the development lifecycle, leading to cyberattacks and delayed application releases. A zero trust approach is critical to securing the software supply chain and detecting issues early on when they’re less expensive to fix.

Creating a secure software supply chain involves ensuring the integrity and security of software from its inception through development, testing, deployment, and ongoing maintenance. This includes verifying the origin and authenticity of code, using secure build processes, scanning for vulnerabilities, and implementing controls to prevent tampering. By establishing trust and transparency throughout the software supply chain, organizations can reduce the risk of malicious code injection and other attacks that could compromise their systems and data.

Organizations can minimize the risk of supply chain attacks with: 

• Security-enhanced open source code.
• Building security into container images.
• Strengthening the continuous integration and continuous delivery/deployment (CI/CD) pipeline.
• Monitoring applications at runtime.
• Shifting security left—incorporating security testing into the software development lifecycle as early as possible. 

Digital sovereignty

Digital sovereignty is a nation or organization's ability to independently control and protect its critical digital infrastructure in alignment with its policies, values, and strategic objectives. It ensures that critical services are secure and governed internally, following compliance with data residency, privacy, and legal boundaries. Organizations that want to assert digital sovereignty can use zero trust principles to strengthen security, maintain control over their data, free time for internal innovation, and reduce reliance on external technology providers. 

Multicloud and hybrid cloud enterprise deployments

Multicloud deployments and cloud-to-cloud architectures necessitate zero trust security because cloud providers handle security for their infrastructure—but enterprises are responsible for securing the application layer and protecting sensitive data. Threat detection and incident response across cloud and on-premise environments is paramount for organizations operating in multicloud and hybrid environments. 

Preventing AI-based attacks

Cyberattacks that use AI are increasing and make detecting and preventing attacks even more complex than in the past. At the same time, organizations can use AI to automate threat response and mitigation, bolstering a zero trust posture. The momentum surrounding AI demonstrates that zero trust approaches must be dynamic, adaptive, and capable of detecting novel threats while minimizing operational disruption if they’re to remain resilient for organizations into the future. 

Achieve zero trust and sovereignty with Red Hat OpenShift

Many organizations still have difficulty implementing zero trust. Zero trust often requires a change of mindset for both leadership and security professionals. Leaders need to consider the risk involved in maintaining outdated security architectures. IT and operational technology (OT) professionals need to recognize where they can take advantage of existing investments to reduce the cost to implement zero trust and where to prioritize new investments. However, some protocols and devices will never achieve zero trust, so leaders have to decide whether to replace or maintain them. If certain systems can’t fully embrace a zero trust approach, OT professionals should consider whether they can apply alternative security controls to further reduce exposure.

The basic tenet of zero trust is to "deny by default" or "always verify." This requires teams to commit to implementing and maintaining the system over time and to ensure no departments bypass the security architecture by creating shadow IT.

Red Hat is committed to helping enterprises adopt zero trust measures into their security posture. 

Red Hat® Enterprise Linux® is a foundational element for a robust zero trust architecture (ZTA). It integrates key features supporting ZTA maturity, including:

• Centralized identity management with multifactor authentication and integration with external identity providers.
• Secure boot and remote attestation for device and network integrity.
• Security-Enhanced Linux (SELinux), application allowlisting, and confidential computing.
• Image mode and system roles for automating zero trust policies.

Red Hat Enterprise Linux 10 strengthens supply chain security through security-focused build processes; digitally signed packages; and management of software bills of materials (SBOMs), common vulnerabilities, and exposures. Through these capabilities, Red Hat Enterprise Linux helps organizations build, deploy, and maintain systems that continuously adapt to evolving threats and regulatory mandates, progressing them towards higher ZTA maturity levels.

Red Hat OpenShift® enhances zero trust through integrated security controls, SELinux-based runtime isolation, image signing and policy enforcement through Red Hat OpenShift Pipelines, and native role-based access control (RBAC) for platform and workload governance. Red Hat OpenShift provides the basis for consistent, declarative deployment, integration with structured authentication principles, microsegmentation and network policies, and auditability and compliance. With Red Hat OpenShift, you can be sure your applications, data, and AI models remain compliant, trusted, and in your control, regardless of where they run.

Red Hat Advanced Cluster Security for Kubernetes offers a trusted, Kubernetes-native security solution that integrates into your hybrid cloud environments, providing a consistent and comprehensive approach to security. Red Hat Advanced Cluster Security includes capabilities for: 

• Least privilege and identity and access management.
• Continuous verification and monitoring.
• Runtime security controls and threat detection.
• Policy-as-code and automation.
• Vulnerability management.
• Supply chain security, compliance, and auditability. 

The zero trust workload identity manager empowers organizations with security capabilities to manage workload identities across various cloud infrastructures. Based on SPIFFE/SPIRE, the zero trust workload identity manager delivers enterprise integration with Red Hat OpenShift that lets you implement centralized, scalable identity management across cloud platforms.

Red Hat Trusted Software Supply Chain offers software supply chain security for cloud-native applications so you can mitigate and reduce risks in software delivery, while allowing development and security teams to instantly adopt zero trust security practices with low effort and cost.

Red Hat Ansible® Automation Platform can serve as an integration layer between security teams, tools, and processes, and can support zero trust in your environment. Ansible Automation Platform lets you:

• Connect your security systems, tools, and teams.
• Collect information from systems and direct it to predefined systems and locations efficiently and without manual intervention.
• Change and propagate configurations from centralized interfaces.
• Create, maintain, and access custom security automation content.
• Trigger automated actions across multiple security tools when a threat is detected. 

Red Hat can help get you started with zero trust adoption and implement zero trust practices throughout your environment.