2.5.6. 💡 First Principle: Zero Trust and Defense-in-Depth
First Principle: Zero Trust and Defense-in-Depth are complementary security philosophies that assume breach and layer protections. Zero Trust eliminates implicit trust—"never trust, always verify"—while Defense-in-Depth ensures that if one layer fails, others continue protecting your assets.
Traditional security relied on a secure perimeter: once inside the corporate network, you were trusted. Modern threats have made this approach obsolete. Attackers breach networks, credentials get stolen, and insiders can be malicious. Zero Trust and Defense-in-Depth address this reality.
Zero Trust Model:
The Zero Trust model is built on three guiding principles:
- Verify explicitly: Always authenticate and authorize based on all available data points (user identity, location, device health, service or workload, data classification, anomalies).
- Use least privilege access: Limit user access with Just-In-Time (JIT) and Just-Enough-Access (JEA), risk-based adaptive policies, and data protection.
- Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption. Use analytics to detect and respond to threats.
Defense-in-Depth:
Defense-in-Depth uses multiple layers of security to protect assets. If one layer is breached, others remain to slow attackers and provide detection opportunities.
| Layer | Examples | Purpose |
|---|---|---|
| Physical | Datacenter security, biometrics | Prevent physical access |
| Identity | Entra ID, MFA, Conditional Access | Verify who is accessing |
| Perimeter | DDoS protection, firewalls | Stop network-level attacks |
| Network | NSGs, network segmentation | Limit lateral movement |
| Compute | Endpoint protection, patching | Protect VMs and workloads |
| Application | Secure coding, WAF | Prevent application exploits |
| Data | Encryption, access controls | Protect data even if breached |
How They Work Together:
- Zero Trust is the philosophy—assume no implicit trust, verify everything.
- Defense-in-Depth is the architecture—implement multiple independent layers of control.
- Conditional Access is an implementation—the policy engine that enforces Zero Trust decisions.
Scenario: A company's employee laptop is stolen. With traditional perimeter security, once the attacker connects via VPN with stolen credentials, they have broad network access. With Zero Trust and Defense-in-Depth, what additional barriers would the attacker face?
Reflection Question: How does the combination of Zero Trust (verify explicitly, assume breach) and Defense-in-Depth (layered security) reduce the potential damage from a stolen credential compared to perimeter-based security?
💡 Tip: For the AZ-900 exam, remember: Zero Trust = "never trust, always verify." Defense-in-Depth = multiple security layers like an onion. Both assume attackers will breach some defenses—the goal is to limit damage and detect quickly.
