Zero Trust Architecture

Zero Trust is an architectural model — not a product. WNCYBER provides the identity foundation that makes Zero Trust operational: continuous identity verification, dynamic least-privilege enforcement, and a complete audit trail across all identity types.

Zero Trust Principles in WNCYBER

Never Trust, Always Verify

WNCYBER evaluates every access request against current context — not just credential validity. The policy engine considers:

• Identity verification — is the requestor who they claim to be?
• Device posture — is the requesting device compliant and up to date?
• Behavioural context — does this request match the identity’s established patterns?
• Risk score — what is the current risk level of this identity, based on recent activity and threat intelligence?

Configure contextual evaluation under Policies → Access Policies → Context Rules.

Assume Breach

WNCYBER is designed for the assumption that some identities in your environment are already compromised. Key capabilities that operationalise this assumption:

• Continuous monitoring — all identity activity is monitored in real time, not just at login
• Lateral movement detection — unusual access patterns that suggest an attacker pivoting across systems trigger automatic investigation
• Blast radius limitation — least-privilege enforcement ensures a compromised identity can only access a narrow set of resources

Verify Explicitly

Access decisions are made on a per-request basis using all available signals. Configure the signals WNCYBER evaluates under Settings → Contextual Signals:

• Microsoft Entra Conditional Access signals
• Endpoint compliance data (via MDM/EDR integration)
• IP reputation and geolocation
• UEBA (User and Entity Behaviour Analytics) scores

Configuring Zero Trust Policies

Step 1 — Inventory All Identities

A Zero Trust model cannot function without a complete identity inventory. Run a full discovery across all connected sources and review the results in Identities → All Identities.

Pay particular attention to:

• Machine identities with broad permissions
• Human identities with dormant access
• AI agents without formal registration

Step 2 — Define Resource Sensitivity Tiers

Classify your resources by sensitivity to determine appropriate verification requirements:

Tier	Examples	Verification Requirements
Tier 1 — Critical	Production databases, financial systems, customer PII	MFA + device compliance + manager approval
Tier 2 — Sensitive	Internal applications, dev environments, analytics platforms	MFA + device compliance
Tier 3 — Standard	Collaboration tools, informational resources	Standard authentication

Configure tiers under Resources → Sensitivity Classification.

Step 3 — Enable Least-Privilege Enforcement

Activate the Continuous Right-Sizing feature under Policies → Privilege Management. WNCYBER analyses access usage and automatically flags identities with significantly more permission than they use.

Set a remediation cadence — weekly for high-risk identities, monthly for standard — to systematically reduce the privilege landscape.

Step 4 — Deploy Session Brokering for Tier 1 Access

All Tier 1 access should be brokered through WNCYBER:

1. Configure the target systems in PAM → Protected Resources
2. Require session approval for first-time access to Tier 1 resources
3. Enable session recording for all Tier 1 sessions
4. Set automatic session termination after inactivity (default: 30 minutes)

Monitoring Zero Trust Compliance

Zero Trust Score

WNCYBER calculates an organisational Zero Trust score based on:

• Coverage (what percentage of identities are under WNCYBER governance)
• Privilege hygiene (average gap between assigned and used permissions)
• Session monitoring coverage (percentage of privileged access sessions that are recorded)
• Certification currency (percentage of access rights certified within the last 90 days)

View your score under Dashboard → Zero Trust Score.