research-article

Zero Trust: The What, How, Why, and When

Authors:

Sherali Zeadally,

Astha KeshariyaAuthors Info & Claims

Computer, Volume 54, Issue 11

Pages 26 - 35

https://doi.org/10.1109/MC.2021.3090018

Published: 01 November 2021 Publication History

Abstract

Trust is a critical characteristic of computer systems, but the traditional approach of evaluating systems has failed to deliver the required levels of confidence. We review the emerging zero trust paradigm and propose a new set of zero trust tenets and an enhanced zero trust model.

References

[1]

I. Ahmed, T. Nahar, S. Urmi, and A. Taher, “Protection of sensitive data in zero trust model,” in Proc. Int. Conf. Comput. Adv., Jan. 2020, pp. 1–6, Art. no. 63.

[2]

“Zero trust security,”Akamai, Cambridge, MA. Accessed: Jan.15, 2021. [Online]. Available: https://www.akamai.com/us/en/solutions/security/zero-trust-securit-model.jsp

[3]

C. Allen, “Haskell and Rust,”FPCOMPLETE.com. Accessed: June30, 2020. [Online]. Available: https://www.fpcomplete.com/blog/2018/11/haskell-and-rust

[4]

S. Behere and B. Liljevquist, “Towards autonomous architectures. An automotive perspective,”Dept. of Marine Design, Royal Inst. of Technol., Stockholm, Sweden, Tech. Rep. ISSN 1400 1179.

[5]

Information Technology – Systems Trustworthiness Part 1: Governance and Management Specification, BS 10754-1: 2018, 2018.

[6]

“National Cyber Security Strategy 2016–2021 progress report,”Cabinet Office, U.K. Government. Accessed: June30, 2020. [Online]. Available: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021-progress-so-far

[7]

Common Criteria for Information Technology Security Evaluation. Accessed: June 30, 2020. [Online]. Available: https://www.commoncriteriaportal.org/cc/

[8]

Chinese Academy of Sciences, Cyberspace Administration of China, Ministry of Education of the People’s Republic of China, Ministry of Science and Technology of the People’s Republic of China, Chinese Academy of Social Sciences, National Natural Science Foundation of China and Chinese Academy of Agricultural Sciences, China’s eScience Blue Book 2018.Singapore: Springer-Verlag, Jan.9, 2021.

[9]

M. Croxford and R. Chapman, “Correctness by construction: A manifesto for high-integrity software,”J. Defense Softw. Eng., vol. 18, no. 12, pp. 5–8, Dec.2005.

[10]

“National Security Presidential Directive 54/Homeland Security Presidential Directive 23,”DHS, Comprehensive National Cybersecurity Initiative (CNCI), NSPD-54/HSPD-23, Washington D.C., Jan.2008.

[11]

“Trusted computer system evaluation criteria,”U. S. Dept. of Defense (US DoD), CSC-STD-00l-83, Aug.15, 1983. Accessed: June30, 2020. [Online]. Available: https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/dod85.pdf

[12]

“Information technology security evaluation criteria,”U.K. Dept. of Trade and Industry (UKDTI), June1991. Accessed: June30, 2020. [Online]. Available: http://www.iwar.org.uk/comsec/resources/standards/itsec.htm

[13]

P. Francis, “Security think tank: Zero trust strategies must start small, then grow,”ComputerWeekly.com, Feb.18, 2020. Accessed: July1, 2020. [Online]. Available: https://www.computerweekly.com/opinion/Security-Think-Tank-Zero-trust-strategies-must-star-small-then-grow

[14]

“The Forrester Wave: zero trust eXtended (ZTX) ecosystem providers,”Forrester, Q4 2018. Forrester Research, Cambridge, MA, Rep., Nov.2018.

[15]

S. Hunter, “The five business benefits of a zero trust approach to security,”securitybrief.com, Aug.19, 2020. Accessed: Jan.15, 2021. [Online]. Available: https://securitybrief.com.au/story/the-five-business-benefits-of-a-zero-trust-approach-to-security

[16]

B. Jayaswal and P. Patton, Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software, 1st ed. Englewood Cliffs, NJ; Prentice-Hall, 2006.

[17]

S. Keeriyattil, “Microsegmentation and zero trust: Introduction,” in Zero Trust Networks with VMware NSX. New York: Apress, 2019.

[18]

J. Kindervag, “Applying zero trust to the extended enterprise,”Forrester Research, Cambridge, MA, Rep., Aug.2011.

[19]

S. Li, “Zero trust based Internet of Things,”EAI Endorsed Trans. Internet Things, vol. 5, no. 20, June 2020.

[20]

S. Marwaha and P. S. Seshadri, “Convenience vs security in online shopping,”Entrepreneur India, Aug.26, 2020. Accessed: Jan.23, 2021. [Online]. Available: https://www.entrepreneur.com/article/355333

[21]

“Enable a remote workforce by embracing zero trust security,”Microsoft Corp., Redmond, WA. Accessed: Jan.15, 2021. [Online]. Available: https://www.microsoft.com/en-nz/security/business/zero-trust

[22]

“The NCSC and the common criteria scheme,”NCSC. Accessed: June30, 2021. [Online]. Available: https://www.ncsc.gov.uk/information/common-criteria-0

[23]

Special Publication 800-162 - Guide to Attribute Based Access Control (ABAC) Definition and Considerations.National Institute of Standards and Technology, Gaithersburg, MD.

[24]

“Zero trust architecture,”NIST Gaithersburg, MD. Accessed: Jan.15, 2021. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

[25]

“NITRD tailored trustworthy spaces program suggests avenues for research,”NITRD. Accessed: June30, 2021. [Online]. Available: https://www.securityarchitecture.com/nitrd-tailored-trustworthy-spaces-program-suggests-avenues-for-research/

[26]

NITRD, “Tailored trustworthy spaces: Solutions for the smart grid,” in Proc. NITRD Workshop, Arlington, TX, July 2011. Accessed: June30, 2021. [Online]. Available: https://www.nitrd.gov/pubs/NITRD_TTS-SmartGrid_Workshop_2011.pdf

[27]

“Zero trust deployment at Palo Alto Networks.”Palo Alto, Santa Clara, CA. Accessed: Jan.15, 2021. [Online]. Available: https://www.paloaltonetworks.com/resources/use-case/zero-trust-deployment-at-palo-alto-networks

[28]

K. Panetta, “The Gartner IT security approach for the digital age smarter with Gartner,”Gartner, Stamford, CT, June 2017. Accessed: June30, 2021. [Online]. Available: https://www.gartner.com/smarterwithgartner/the-gartner-it-security-approach-for-the-digital-age/

[29]

M. K. Pratt, “Zero-trust model case study: One CISO’s experience,”TechTarget. Accessed: Jan.15, 2021. [Online]. Available: https://searchsecurity.techtarget.com/feature/Even-with-a-roadmap-zero-trust-model-an-ongoing-process

[30]

D. Schalm, “Zero Networks launches industry’s first autonomous network access orchestrator,”securityboulevard.com, Feb.20, 2020. Accessed: Jan.15, 2021. [Online]. Available: https://securityboulevard.com/2020/02/zero-networks-launches-industrys-first-autonomous-network-access-orchestrator-announces-4-65-million-in-funding/

[31]

R. Vanickis, P. Jacob, S. Dehghanzadeh, and B. Lee, “Access control policy enforcement for zero-trust-networking,” in Proc. 29th Irish Signals Syst. Conf., June 2018, pp. 1–6.

[32]

J. Vijayan, “How Akamai implemented a zero trust model,”CSOOnline.com, May 2019. Accessed: June30, 2021. [Online]. Available: https://www.csoonline.com/article/3392820/how-akamai-implemented-a-zero-trust-model.html

[33]

R. Ward and B. Beyer, BeyondCorp: A New Approach Enterprise Security, vol. 39, no. 6, 2014. Accessed: Jan.15, 2021. [Online]. Available: https://research.google/pubs/pub43231/

[34]

“The National Strategy to secure cyberspace,”U.S. Government, Feb.2003. Accessed: Sept.12, 2021. [Online]. Available: https://us-cert.cisa.gov/sites/default/files/publications/cyberspace_strategy.pdf

[35]

“Executive order improving critical infrastructure cybersecurity,”U.S. Government, Feb.2013. [Online]. Available: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity

[36]

“National cyber strategy of the United States of America,”U.S. Government, Sept.2018. Accessed: Jan.15, 2021. [Online]. Available: https://www.whitehouse.gov/wp-content/uploads/2018/09/National-Cyber-Strategy.pdf

Cited By

Thool ABrown C(2024)Securing Agile: Assessing the Impact of Security Activities on Agile DevelopmentProceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering10.1145/3661167.3661280(668-678)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3661167.3661280
Abdalla AMoore JAdhikari NMarojevic V(2024)ZTRAN: Prototyping Zero Trust Security xApps for Open Radio Access Network DeploymentsIEEE Wireless Communications10.1109/MWC.001.230041931:2(66-73)Online publication date: 11-Apr-2024
https://dl.acm.org/doi/10.1109/MWC.001.2300419
SumanPrakash PRamana KCosmePecho RJanardhan MArellano MMahalakshmi JBhavsingh MSamunnisa K(2024)Learning-driven Continuous Diagnostics and Mitigation program for secure edge management through Zero-Trust ArchitectureComputer Communications10.1016/j.comcom.2024.04.007220:C(94-107)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.04.007
Show More Cited By

Index Terms

Zero Trust: The What, How, Why, and When

Index terms have been assigned to the content through auto-classification.

Recommendations

Benevolence trust: a key determinant of user continuance use of online social networks

Online social networking (OSN) has attracted increased attention and growing membership in recent years. In this paper, we propose and test an extended and unified theory of acceptance and use of technology (UTAUT) model, including the additional areas ...
Does Technology Trust Substitute Interpersonal Trust?: Examining Technology Trust's Influence on Individual Decision-Making

While an increasing number of trust studies examine technological artifacts as trust recipients, there is still a lack of basic understanding of how technology trust relates to traditional trust and its role within the broader nomological net ...
Zero Trust Networks: Building Secure Systems in Untrusted Networks

Comments

Information & Contributors

Information

Published In

0018-9162 © 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 November 2021

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Thool ABrown C(2024)Securing Agile: Assessing the Impact of Security Activities on Agile DevelopmentProceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering10.1145/3661167.3661280(668-678)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3661167.3661280
Abdalla AMoore JAdhikari NMarojevic V(2024)ZTRAN: Prototyping Zero Trust Security xApps for Open Radio Access Network DeploymentsIEEE Wireless Communications10.1109/MWC.001.230041931:2(66-73)Online publication date: 11-Apr-2024
https://dl.acm.org/doi/10.1109/MWC.001.2300419
SumanPrakash PRamana KCosmePecho RJanardhan MArellano MMahalakshmi JBhavsingh MSamunnisa K(2024)Learning-driven Continuous Diagnostics and Mitigation program for secure edge management through Zero-Trust ArchitectureComputer Communications10.1016/j.comcom.2024.04.007220:C(94-107)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.04.007
Both AKastner TYeboah DBraun CSchraudner DSchmid SKäfer THarth A(2024)AuthApp – Portable, Reusable Solid App for GDPR-Compliant Access GrantingWeb Engineering10.1007/978-3-031-62362-2_14(199-214)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-62362-2_14
Wang XMansour SEl-Said M(2022)Introducing Zero Trust in a Cybersecurity CourseProceedings of the 23rd Annual Conference on Information Technology Education10.1145/3537674.3555779(118-120)Online publication date: 21-Sep-2022
https://dl.acm.org/doi/10.1145/3537674.3555779
García-Teodoro PCamacho JMaciá-Fernández GGómez-Hernández JLópez-Marín V(2022)A novel zero-trust network access control scheme based on the security profile of devices and usersComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109068212:COnline publication date: 27-Jun-2022
https://dl.acm.org/doi/10.1016/j.comnet.2022.109068

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents