Have you ever heard about Zero Trust models in cybersecurity and InfoSec? The advancement of technologies and changes in the way we work means that cybersecurity threats also advance, and we’re facing new threats every day. They can come from outside the organization, as well as from within – if, for instance, an employee opens a phishing email or leaves their laptop open without locking and someone without authorization accesses it. To combat the vulnerabilities that can come from both inside and outside the organization, companies embrace the Zero Trust security model.
Trust no one
The essence of the Zero Trust (ZT) approach is just that – trust no one, even if it’s an employee. Every time someone tries to access your network, you must verify that they’re trustworthy via real-time information from multiple sources before granting them access, irrespective of their location. The assumption is that the threats exist inside and outside traditional network boundaries, and a breach is either inevitable or has already taken place.
This “assumed breach” ZT model requires users to prove they’re not attackers. If applied correctly, it permeates all aspects of the organization’s infrastructure and allows such restricted access approach to be applied to every access decision. To allow or deny access to specific resources, the questions who, what, when, where, and how must be answered. This is known as the Kipling method and ensures that only legitimate traffic is allowed through your network.
The National Institute of Standards and Technology of the USA (NIST) provides several principles, or tenets, of an ideal Zero Trust model. They are:
- All data sources and computing services are resources. This could encompass your work laptops, your work phones, and your personal devices if the organization adopted the BYOD principle.
- Regardless of a network’s location, all communications are secured. Even if you’re inside the network infrastructure, you’re subject to the same security checks as other devices.
- Access to individual enterprise resources is granted on a per-session basis. You’ll be granted access to a resource only for the time necessary to complete a task and only with specific privileges. Authorization to use one resource won’t give you access to another by default.
- Access to resources is determined by policy, taking into account behavioral attributes. A policy defines resources, members, and their access to these resources, as well as attributes assigned to them.
- The enterprise ensures all owned, and associated systems are in the most secure state possible and monitors systems to ensure that they remain so. Each asset is risk-assessed, and the enterprise continuously runs diagnostics and risk mitigation processes, thanks to a monitoring system in place.
- All resource authentication and authorization are dynamic and strictly enforced
before access is allowed. Identity, Credential, and Access Management (ICAM) and asset management systems are in place, which helps establish authentification levels to access specific resources.
- The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture. Data collection helps gain insights to improve policy creation and enforcement.
Design, not Product
Zero Trust is not an IT solution that can be provided by a single vendor on the market. Rather, it’s a system of design principles that combine several IT security measures based on the specific tenets we refer to above. NIST’s publication stipulates that these principles are tech-agnostic, e.g., User ID could “include several factors such as username/password, certificates, and onetime password.”
Also interesting: InfoSec Risk – Every USB Giveaway Could Be Your Peril
Each responsible person in an organization must understand how ZT works and be committed to it. ZT should permeate every aspect of its operations, especially those related to data. There are several strategies that can be used to implement ZT, depending on the size, structure of the organization, and the sensitivity of the data it handles, amongst other factors.
Benefits of a Zero Trust model
If a business implements a ZT model, it might be able to detect the threats it hasn’t considered before. That will help it design the responses to the relevant threats, whether they come from data flow, unauthorized access, or outdated software.ZT can also help prevent data breaches and enable better control of data flows. In the age of GDPR, this is particularly important. Continuous security monitoring in a ZT environment can help respond to signs of leaks or compromise immediately.
If a user’s credentials have been compromised and the malicious actor is using them on a foreign device, the ZT environment will be able to catch this device as unauthorized and deny access. In cases of multi-cloud enterprises, specific clouds might be outside the company’s LAN. ZT’s principles ensure that there’s no distinction between the company’s owned and operated network infrastructure and that of another provider. NIST’s ZT guidelines recommend placing policy enforcement points (PEPs) at the access points of each application/service and data source. That way, users can access the cloud safely, even if it’s outside LAN.
Further reading and additional references
The National Security Agency of the US (NSA) recommends the ZT model for critical networks like the Department of Defense (DoD). If you want to learn more, you can also watch the video by Cisco below to see how you can approach a ZT security model.
Next to that, you can also have a look at these books for more complex guide information:
- Zero Trust Security: An Enterprise Guide (Jason Garbis, Jerry W. Chapman)
- Zero Trust Networks: Building Secure Systems in Untrusted Networks (Evan Gilman, Doug Barth)
- Zero-Trust: From Aspirational to Overdue (John C. Checco)
YouTube: How to approach a Zero Trust security model (Jamey Heary)