_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Zero Trust Architecture — The End of the Perimeter

08. 03. 2021 3 min read CORE SYSTEMSsecurity
Zero Trust Architecture — The End of the Perimeter

The year 2020 brought a massive shift to remote work, and with it the definitive end of the illusion that corporate network = secure network. VPN isn’t enough, a perimeter firewall won’t stop an attacker who’s already inside. Zero Trust is not a buzzword — it’s a necessity. Here are our experiences from implementation at Czech enterprise clients.

Why Perimeter Security Doesn’t Work

The traditional security model works like a castle with a moat — a solid wall around the network, with everyone inside trusted. The problem? Modern infrastructure has no clear perimeter. Employees work from home, applications run in the cloud, partners access systems via APIs. An attacker who breaches the VPN (phishing, stolen credentials) has free movement across the entire network.

The SolarWinds attack in late 2020 showed how devastating lateral movement inside a “trusted” network can be. The attacker got in through a legitimate software update and moved undetected for months.

Zero Trust Principles

Zero Trust is built on a simple principle: never trust, always verify. It doesn’t matter whether a request comes from the internal network or the internet — every access is verified with equal rigor.

  1. Verify explicitly — authentication and authorization based on all available signals: identity, device, location, behavior
  2. Least privilege access — minimum permissions for the shortest time. Just-in-time, just-enough access.
  3. Assume breach — design your system assuming the attacker is already inside. Microsegmentation, monitoring, rapid detection.

Implementation Pillars

Zero Trust is not a product you buy. It’s an architectural approach covering six areas:

  • Identity: Azure AD / Okta as the central identity provider. MFA everywhere, conditional access policies. Passwordless authentication where possible.
  • Devices: Device compliance — only managed devices with current patching access corporate resources. Intune / Jamf for MDM.
  • Network: Microsegmentation — instead of a flat L2 segment, isolated zones. East-west firewalling. Software-defined perimeter.
  • Applications: Applications verify identity on every call. OAuth 2.0 + OIDC. API Gateway as the enforcement point.
  • Data: Data classification, encryption at-rest and in-transit. DLP policies. Data access based on sensitivity.
  • Visibility: Central logging, SIEM (Sentinel / Splunk), UEBA for anomalous behavior detection.

How We Implemented It

For a mid-sized financial institution (800 employees), we implemented Zero Trust over 9 months. Key steps:

  1. Assessment (months 1–2): Audit of identity infrastructure, network topology, application portfolio. Identification of crown jewels — critical systems and data.
  2. Identity first (months 2–4): Migration to Azure AD, MFA deployment for all users, conditional access. This delivered 60% of the value.
  3. Device compliance (months 4–6): Intune enrollment, compliance policies, conditional access based on device state.
  4. Microsegmentation (months 6–9): Network segmentation into zones, east-west firewalling, isolation of legacy systems.

What We Learned

A Zero Trust transformation is not just a technical project — it’s a shift in mindset. The biggest challenges:

  • Legacy systems: Older applications don’t support modern authentication. Solution: application proxy, reverse proxy with pre-authentication.
  • User experience: MFA and conditional access add friction. If you overdo it, users find workarounds. Balance is key.
  • Management resistance: “Why do I need MFA when I’m in the office?” — educating people on why the perimeter isn’t enough takes time.
  • Gradual implementation: Big bang doesn’t work. Deploy pillar by pillar, measure impact, iterate.

Results After 6 Months

After deploying Zero Trust, we observed:

  • 95% reduction in successful phishing attacks (MFA + conditional access)
  • Elimination of lateral movement — microsegmentation stopped a simulated red team attack
  • 80% faster anomaly detection thanks to centralized SIEM
  • Compliance audit (Czech National Bank) passed without findings for the first time in the company’s history

Zero Trust Is Not a Destination — It’s a Journey

You’ll never be “done” with Zero Trust. It’s a continuous process of evaluating risks and tightening controls. But even the first steps — MFA and conditional access — dramatically improve your security posture. Start with identity, continue with devices, segment the network. In 2021, the question isn’t “whether” but “how fast.”

securityzero trustarchitectureenterprise
Share:

CORE SYSTEMS

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Need help with implementation?

Our experts can help with design, implementation, and operations. From architecture to production.

Contact us

Related articles

Zero Trust Architecture — Never Trust, Always Verify

Zero trust principles, implementation, micro-segmentation, identity-based access.

Zero Trust Architecture in Practice — A Complete Implementation Guide 2026

A practical guide to implementing Zero Trust Architecture following NIST 800-207. Identity-centric security,...

Zero Trust — The End of Perimeter Security

VPN and firewalls aren't enough. The Zero Trust model assumes the attacker is already inside the network. How we're...