Every organization has certain assets that are far more critical, and far more sensitive than the rest. A breach of these assets can have catastrophic consequences, such as total system takeover, regulatory penalties and operational paralysis. In cybersecurity terms, these high-value assets are classified as Tier zero (Tier 0).
Tier 0 includes all the core systems and identities that have the highest level of access and control across the IT environment. Examples can include: Active Directory (AD) domain controllers, identity management systems, RBAC tools and cloud admin accounts. Because these assets sit at the very top of the trust hierarchy, they demand the highest level of protection.
Tier 0 assets hold the keys to everything in your ecosystem. Here’s why you must have a formal Tier 0 security policy:
Next, here’s a step-by-step guide on how to implement Tier 0:
Then, isolate your Tier 0 systems and accounts from lower-tier systems. Here are some tips in this regard:
Use identity governance tools and policies to:
Zero trust and Tier 0 are not the same thing, but they can work well together.
Zero trust mandates that no one is trusted by default, even if they’re inside the network. Tier 0 is about inventorying your most important systems and protecting them at the highest level. When you combine the two, you’re not only locking down your most critical assets, but also making sure that every request to access them is verified, justified, logged and controlled.
For example, before anyone accesses a domain controller (a Tier 0 system), they must go through MFA, device checks and possibly just-in-time access approval. This setup makes it much harder for attackers to carry out a Tier 0 attack, even if they get inside your network.
Ideally, every organization should have a Tier 0 model in place. No matter the size, there are always some assets, like admin accounts, identity providers or core systems, that are too important to be treated the same as everyone else.
That said, certain types of organizations stand to benefit even more from implementing Tier 0:
Static, isolationist security controls for Tier 0 assets can lead to challenges such as operational friction, false confidence and blind spots. Adaptive security can solve these challenges by adjusting defenses based on context and risk, instead of applying the same rules to every situation.
Here are some adaptive security measures to consider:
As threats grow more advanced, Tier 0 will likely become a central part of how organizations manage cyber risk. Here’s what we can expect to see in the future: