hey welcome back as more and more business data is being accessed from location outside of the traditional corporate network security has become a dominant concern organizations need to understand how they can best protect their data regardless of where it's been accessed from and whether it sits on their corporate network or in the cloud in this lesson you will learn about a vital security methodology called zero trust model so without wasting any more time let's get into it [Music] all right so let me start with helping you understand what is the zero trust methodology xero trust assumes everything is an open and untrusted network even resources behind the firewalls of the corporate network the zero trust model operates on the principle of trust no one and verify everything the attacker's ability to bypass conventional access control is ending by illusion that traditional security strategies are sufficient by no longer trusting the integrity of the corporate network security is strengthened in practice this means that we no longer assume that a password is sufficient to validate a user so we add multi-factor authentication to provide additional checks instead of granting access to all devices on the corporate network users are allowed to access only to the specific application or data that they need now let's understand the zero trust guiding principles the zero truss model has three principles which guide and underpin how security is implemented these are verify explicitly using least privileged access all the time and assume breach let me explain you one by one so what does it mean by verify explicitly you should always authenticate and authorize based on the available data points including user identity location device security or workload data classification and any other anomalies the second principle is least privileged access this means that you should limit user access with just in time and just enough access which is usually known as jit or jea other ways you can limit the privileged access is by implementing risk-based adaptive policies and data protection to protect both data and productivity and the final guiding principle is assume breach all the time so you should segment access by network user devices and applications and you should use encryption to protect data and use analytics to gain visibility and detect threats and improve your security posture this topic is very important for you to understand in the xero truss model all elements work together to provide end-to-end security these six elements are the foundational pillars of the xero truss model which includes identities devices and endpoints data applications infrastructure and your network let us look into identities these identities may be users services or devices when an identity attempts to access a resource it must be verified with strong authentication and follow least privileged access principles the next one is devices these devices and workloads create a large attack surface as data flows from devices to on-premises workloads and the cloud monitoring devices for health and compliance is an important aspect of security let's understand data data should be classified labeled and encrypted based on its attributes security efforts are ultimately about protecting data and ensuring it remains safe when it leaves devices applications infrastructure and networks that the organization controls application are the way that data is consumed this includes discovering all applications being used sometimes called shadow i.t because not all applications are managed centrally this pillar also includes managing permissions and access let's look into infrastructure to improve security you access for version configuration and just in time access and use telemetry to detect attacks and the anomalies this allows you to automatically block or flag risky behavior and take proactive actions and the sixth foundational pillar for the zero trust model is network networks should be segmented including deeper in-network micro segmentation also real-time threat protection end-to-end encryption monitoring and analytics should be employed as well these six foundational pillars work together with the zero trust model to enforce organizational security policies organizations that operate with zero trust mentality are more resilient consistent and responsive to new attacks a true end to end zero trust strategy not only makes it harder for attackers to get into the network but also minimizes potential blast radius by preventing any lateral movement that's why xero truss methodology is very important and you should always think about when you design solution in the cloud in the next lesson we will learn about the shared responsibility model i will see you on the next one until then take care [Music] you