Zero Trust Architecture-Based IT Environment Design and Deployment

Security architecture for dynamic and decentralized IT-environments

Modern digitalized businesses embraced decentralization as the de facto mode of operation: your users access corporate resources from various locations and devices, and these resources are also highly dynamic and dispersed across your private IT environment as well as hybrid or public cloud(s).

This might be convenient for your users and the business, but the hecticness in the IT environment is also a blessing for hackers and cyber criminals. Therefore, what can and should organizations do to provide smooth business operations and great user experience, while minimizing the cybersecurity risks?

One of the most effective approaches is to introduce the Zero Trust Architecture (ZTA) in your IT environment. This does not mean rebuilding your IT systems and replacing the existing technology, but rather redesigning it based on the assumption that trust is a cyber risk and, therefore, a vulnerability.

This can be a challenging and expensive exercise because modern IT environments are also very complex. At NIL, we understand the nature of modern businesses and IT systems that support them, so we developed our own nondisruptive, clear, cost-effective, and manageable methodology for implementing Zero Trust Architecture in complex, multivendor environments.

What is Zero Trust Architecture?

Network, server, and file access controls do not end when a user’s connection to the organization’s internal network is authenticated or when an authenticated encrypted VPN connection is established. Access rights to data and network segments in modern environments are granted dynamically, depending on the context of access to the desired information. ZTA describes the security model in perimeterless environments, where the users, data, and workloads are spread between on-premises, hybrid, and multi-cloud environments.

ZTA is based on the least-privilege principle, specifying that the exact amount of access to the required resource is granted when accessing a protected resource, based on the context of the request. This applies to the main areas of modern IT environments: workforce, workplace and workloads. ZTA also specifies that, while the authorized parties are trusted with the exact amount of access to required resources, the authorization should be continuously verified, and access should be immediately revoked if the trust is broken.

Vendor-neutral and proven approach to building Zero Trust Architecture

In order to help customers transform their existing IT environments with ZTA in mind, or to build ZTA-based deployments from scratch, NIL leverages its extensive infrastructure, security and consulting experience by using a best-of-breed vendor-neutral approach to approach each of the areas.
It is important to realize that addressing the ZTA challenges does not have to be an all-or-nothing approach. Having a good workplace policy is a great start, by allowing on-premises network access only to authorized assets, and revoking access to those devices whose profile changes. In a similar fashion, understanding the contracts between workloads in a public cloud, maintaining and verifying the actual data flows between the containers, and automatically blocking unusual behavior enables an enterprise to maintain a robust, yet flexible security policy.
NIL helps customers determine the appropriate areas of ZTA implementation, assists in methodology, tool, and approach selection and provides the consulting services required to achieve the required ZTA outcomes.

Solution Modules

Deploying ZTA in the customer’s environment can be broken down into multiple solution modules, which can be combined in a service package matching the customer environment.

Architecture area Description Proposed solutions
Workforce User identity verification

Device trustworthiness verification

Risk-based adaptive policies enforcement

Cisco DUO

Microsoft Intune, Azure AD

Workplace Device discovery and classification

Context-based network access policy

Continuous device health monitoring

Cisco ISE

SD-Access with DNA Center

Microsoft NPS

Workload Visibility and Behavior Modeling

Per-workload micro-segmentation

Real-time workload security posture

Cisco Tetration

Cisco StealthWatch Cloud


The solutions mentioned above only represent the main area-specific building blocks. The final solution architecture is determined upon customer environment and requirements analysis, and can also include technologies from other vendors.

Engagement Process

NIL follows a managed engagement process involving the NIL Project Management Office and a dedicated Project Manager. Our engagement process typically involves the following sequence of events:

  1. Kickoff workshop and the creation of a Customer Requirements Document.
  2. Detailed analysis of all the available customer network infrastructure (architecture, implementation, testing, compliance, policy) documentation.
  3. Detailed scoping of the custom-tailored solution.
  4. Gathering of information from the target infrastructure. This step is typically highly automated, non-intrusive and does not impact network performance.
  5. Analysis of the gathered data, execution of specific tests, and deeper inquiries (if required).
  6. Compilation of prioritized recommendations in both an executive and a technical report.
  7. Presentation of findings and suggestions for their remediation.
Read more
Read less

A Trusted Partner

From the cybersecurity perspective, a trust is an issue in modern IT environments, but in order to successfully address it with ZTA, you should rely on a trusted partner. NIL is building its trustworthiness on the following core strengths.

Expertise and experience

NIL’s extensive expertise with building and securing the world’s most complex IT environments gives us an edge when it comes to understanding customers’ current and future environment expansion plans, their security requirements and processes that are required to implement the tools, and the solutions required to protect the various IT environment aspects with ZTA in mind.

Nondisruptive approach, transparency, and reliability

NIL’s ZTA implementation approach gives organizations ease of mind when tackling a complex multi-platform security implementation project while providing full transparency and a wealth of knowledge when dealing with the world’s most advanced IT solutions.

Cost-effectiveness and speed

By reusing proven designs and methodologies, we shortened the time to introduce ZTA in a new customer environment, which also contributes to cost optimization.