Zero-Trust Model: Never Trust, Always Verify

November 14, 2017

“Never trust, always verify” is the lingo floating around in the security world. It succeeds the traditional belief of “trust, but verify,” which places a fair amount of trust in the people and devices accessing resources within a protected network. Surely, with massive data breaches happening regularly, we know that network perimeters are not as robust as we once thought. Attackers use weak or stolen credentials to gain access a network as a legitimate user. When an attacker has breached the network perimeter, we also know they are able to move laterally to more valuable assets and data that are not as well protected.


The notion of “never trust, always verify”, assumes internal networks can no longer be relied upon as a way of protecting enterprise resources. It also assumes that users and devices within a network are no more trust worthy than users and devices outside of the network. In a zero-trust model, enterprise resources are secured based on the identity of the user, device posture and other conditions such as location, date and time. If a user can confirm their identity, say via a successful multi-factor authentication (MFA) challenge on a trusted corporate laptop, they may be granted access to an application. If they attempt to access the same application from an untrusted device, an unauthorized location or other pre-defined condition, the user may be challenged with MFA or access to the resource may be blocked entirely.

How Does Zero Trust Work?

Here is an example of how it works: When I joined Centrify, the first thing I tried to enable was email access on my personal mobile phone. I started with the native iOS mail client, entered my corporate email address and password, and found I was denied access to my inbox. I tried downloading the Microsoft Outlook mobile app, entered my email address and password, and found I was still denied access to my inbox. Wondering if there was an issue with my device, I opened a browser (Chrome and Safari), navigated to the 0365 login page, entered my email address and password, and again, found I was denied access to my mail box.


Feeling defeated, I asked IT what I was doing wrong. The short answer was Centrify restricted email access, as well as other enterprise applications, to trusted devices only. This meant I was only able to access my email from my corporate issued laptop or trusted mobile device that was enrolled. If I tried to access email or other corporate applications from an untrusted device, unknown location or outside a pre-defined day/time, I was either challenged with MFA or access was blocked.

The rationale for these restrictions come from a big challenge organizations face -- ensuring only authorized employees are accessing corporate resources, especially those that are hosted and maintained by third party service providers. Assuming network perimeters can no longer be relied upon, the only thing protecting an application is a simple username and password. Even then, users have to manage so many passwords that it’s easy for IT to confuse an authorized user from an intruder. If all that is protecting an application is a username/password, then authentication mechanisms must be smarter so that an intruder using a legitimate username/password is denied access to the application. Authentication mechanisms must assume every user is untrusted until they verify their identity. Beyond identity, they must factor conditions like the device used to access the application, the location of the user, the day/time the application is being accessed and others to truly verify a user is who they say they are. If there is uncertainty, authentication mechanisms can consistently challenge the user with MFA  to gain certainty or block access to the application entirely.

With growing mobile workforces and organizations displacing legacy applications with cloud services, network perimeters can no longer be relied upon to prevent breaches. “Never trust, always verify” shifts trust in networks to zero trust in networks, users and devices. A zero-trust model makes it harder for intruders to gain access to corporate resources using a compromised credential. It significantly reduces an organizations exposure while giving the organization more control over their sensitive data and assets in a perimeter-less world.

Interested in learning more about Centrify’s approach to zero trust and conditional access? Learn more about Centrify’s Zero Trust Security Model.

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.