The New Shape of Zero Trust
Security no longer starts and ends at the network edge. This infographic outlines how a modern Zero Trust approach replaces perimeter-based thinking with continuous verification, least-privileged access, and an assume breach mindset. View the infographic to learn the basics of Zero Trust.
What is Zero Trust in the AI age?
Zero Trust is a cybersecurity philosophy that starts from one core assumption: treat everything as a potential threat. In a world where data is spread across clouds, devices, apps, and AI systems, there is no single perimeter to defend anymore.
Instead of trusting users, devices, or apps just because they are “inside” your network, Zero Trust requires you to:
- Continuously verify who or what is requesting access.
- Limit access to only what is needed, when it’s needed.
- Operate as if a breach has already happened and design controls accordingly.
This mindset is becoming more important as attacks grow in volume and sophistication. For example, organizations are seeing a sharp jump in password attacks per day since 2021 and a notable increase in human-operated ransomware attacks from 2022 to 2023. These trends are also driving a projected cost increase for total attacks by 2028.
In the AI age, Zero Trust also means using AI to identify threats and risks faster, adapt in real time, and dynamically adjust security policies and controls across identities, endpoints, networks, data, apps, and infrastructure.
What are the core principles of Zero Trust?
Zero Trust is built on three simple principles that guide how you design and operate security:
- Verify explicitly
Continuously authenticate and authorize every access request, using all available signals (identity, device health, location, behavior, and more). This is where tools like multifactor authentication (MFA) and single sign-on (SSO) come in. Organizations that apply this principle see better protection for customer data, stronger access and authentication security, and safer remote work.
- Use least-privileged access
Give users and workloads only the access they need, and only for as long as they need it. Techniques like just-in-time (JIT) and just-enough-access (JEA) help reduce the impact if an account is compromised and limit lateral movement inside your environment.
- Assume a breach
Design your environment as if attackers are already inside. This means segmenting networks, tightening controls around sensitive data, and planning for rapid detection, investigation, and response. It also means continuously monitoring and improving your security posture.
Together, these principles help organizations rethink how they secure identities, devices, networks, data, and applications in a boundary-less, AI-driven environment.
How do we start applying Zero Trust across our environment?
Zero Trust is not a single product or tool. It is not:
- Not a product
- Not a single technology
- Not just a process
It is a framework and approach that you apply across your digital estate. A practical way to get started is to focus on these areas:
- Identities (human and non-human)
Strengthen authentication with MFA and SSO. Use AI-enhanced policy optimization to continuously refine access rules. Incorporate governance, compliance, and security posture assessment to keep identities aligned with business and regulatory needs.
- Endpoints (corporate and personal devices)
Manage and monitor all devices that access your data. Apply Zero Trust policy evaluation and enforcement, device compliance checks, and risk assessment. Use traffic filtering and segmentation to limit exposure if a device is compromised.
- Network (public and private)
Reduce reliance on broad, perimeter-based controls like traditional VPNs. Instead, segment traffic and apply adaptive access controls. Use AI-enhanced cyberthreat protection, continuous assessment, threat intelligence, forensics, and response automation.
- Data (emails, documents, structured data)
Classify, label, and protect data at rest, in motion, and in use. Use AI to better classify, label, and encrypt sensitive information so that protection follows the data wherever it goes.
- Applications (SaaS, on-premises, internal sites)
Simplify and secure access to cloud, mobile, and on-premises apps for all authorized users. Apply runtime controls, JIT access, and version control to reduce risk.
- Infrastructure (on-premises, cloud, hybrid)
Automate protection and security management across IaaS, PaaS, containers, and serverless. Use telemetry analytics and adaptive access to continuously improve defenses.
Microsoft provides a Zero Trust architecture that brings these elements together, along with tools like Microsoft Copilot for Security (generally available April 1, 2024) to help you use AI for faster detection, investigation, and response. The key is to start with your highest-risk areas, apply the three Zero Trust principles, and then expand coverage across identities, endpoints, networks, data, apps, and infrastructure.
The New Shape of Zero Trust
published by Brightside IT
At Brightside IT, we combine the power of technology with personalized human interaction to provide effective and personable solutions. Our range of services includes IT support to minimize downtime, hardware upgrades for optimal performance, server migrations to the cloud, security reviews, IT hardware provision, and application development. With a goal to help small and medium businesses succeed, we ensure reliable IT procurement, infrastructure, networks, and security solutions, empowering clients to thrive in today's digital landscape.
Sign in with LinkedIn