Zero Trust – What is it

As I reflect back on the previous 10 years, I’m reminded of how resistant organizations were to adopting the cloud. It was the same for virtualization back in the circa 2006 timeframe. Look at where we are now. Organizations everywhere have embraced some form of cloud strategy, and in many cases, adopted a multi-cloud deployment model. In today’s world, data is nows spread across on-premises data centers, edge locations like branch offices, and in the cloud. This has led to mass data fragmentation. On top of this, we have a workforce that is multi-connected to corporate networks and data that seems to reside everywhere. The COVID-19 pandemic further accelerated the shift towards remote work, making it necessary for people to work from home. With this evolving IT landscape, traditional security measures are ill-equipped to handle the more sophisticated threat landscape we face today. It’s evident that a new security strategy is needed to meet and defeat today’s cyber threats. So, what can organizations do to bolster their security posture? Queue the hero music… enter Zero Trust! Zero trust is better suited for today’s modern IT landscape and to help mitigate against today’s sophisticated attacks. Let’s explore what zero trust is and how it can be leveraged to ensure better security.

What is Zero Trust

Zero Trust is a security framework that aims to eliminate implicit trust by requiring all users, whether inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to data and resources.

The definition focuses on the heart of the issue, which is to prevent unauthorized access to data, services, and assets. The core concept of Zero Trust is simple: assume everything is a threat. It follows the mantra of “never trust, always verify”.

The concept of Zero Trust has existed for some now. It was originally coined in 1994 by Stephen Paul Marsh in his doctoral thesis on computer security at the University of Stirling , but it was popularized by John Kindervag in 2010 while he was a principal analyst at Forrester Research. Since then, Zero Trust has gone through several iterations as the IT landscape has changed. The National Institute of Standards and Technology (NIST) has taken up the mantle for Zero Trust standards and have release a publication on Zero Trust Architecture NIST 800-207

Zero Trust was created based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be implicitly trusted. This implicit trust allows users (and malicious actors) to freely move laterally and access resources and data that can lead to data exfiltration and other cyber threats, like today’s ransomware.

Why Zero Trust

Traditional approaches to cybersecurity are no longer effective for protecting modern cyber threats. The old perimeter-based network security model assumed that any user already authenticated to be on the network is trusted. Today, that is no longer an effective means to secure corporate networks as the digital landscape continues to evolve.

The digital landscape has changed dramatically. Today’s workforce is highly distributed. In 2020, the pandemic forced people to work from home (WFH). Many have not come back and are continuing to work from home as a precaution. In addition, data is being accessed by various means. Users are connecting to data via their personal mobile phones, tablets, and laptops from home networks. They also access data via SaaS-based applications. Many organizations have adopted a hybrid or multi-cloud strategy and now have data that resides within the cloud, their on-premises data centers, and at edge locations such as branch offices. Organizations must also have to contend with vendors and contractors that connect back to their corporate networks. These silos of data have led to the proliferation of mass data fragmentation, making it challenging to manage, protect, and secure data. This is what has necessitated the need for Zero Trust. There are 7 pillars of zero trust. These pillars help define what a strong zero trust defense is. Let’s explore what these are.

The 7 Core Pillars of Zero Trust

There are 7 core pillars of Zero Trust. These pillars are necessary to properly deploy zero trust security across your digital estate.

 

  1. Device SecurityThe primary goal of the device security pillar is to identify and authorize devices attempting to connect to enterprise resources. This can come in the form of a user’s mobile phone, tablets, and laptops. This pillar treats all devices connected to the corporate network as hostile, untrusted, and a potential threat. Employing a Mobile Device Management solution will give you visibility to when, where, and what devices are connecting to, but also allow you to disconnect and remove these devices if foul play is detected.
  2. Workforce SecurityThe workforce security pillar is really about people and it centers around the use of security tools such as authentication and access control policies. It employs mechanisms like Least Access Privilege that provides minimal access for a user to be able to perform their duties. It does this through the use of role-based access controls (RBAC) and helps to limit lateral movement across the corporate environment and limit access to corporate resources that users are not authorized for. Least privilege servers to minimize the attack surface for cyber threats. This also employs Multi-factor authentication (MFA). MFA means requiring more than one piece of evidence to authenticate a user. In other words, users that have MFA enabled, must also enter a code sent to another device, such as a user’s mobile phone, thus providing a secondary piece of evidence to prove who they claim to be. This will help to drastically reduce data breaches due to compromised credentials.
  3. Workload SecurityThe workload security pillar refers to applications and resources that require access to data, but also manages data. These can include workloads like containers, functions, and virtual machines that are attractive targets for cybercriminals. As such, the hosts that run these workloads must be hardened. Also, ensure your servers have the most up to date security patches to help avoid unnecessary vulnerabilities that can leave weak entry points for threat actors.
  4. Network SecurityThe network security pillar is focused on preventing lateral movement within the corporate network. It employs micro-segmentation. Micro-segmentation is the practice of breaking up larger network segments into smaller zones with more granular control to help reduce the attack surface. This strategy will allow your IT staff to quickly disconnect or close off a compromised network and help recover more quickly.
  5. Data SecurityThe data security pillar revolves around ensuring data is protected, secured, and accounted for. It requires an organization to have knowledge of where all sensitive and regulated data resides. It also requires for data to be categorized. Once categorized, the data can be isolated into a trusted zone where strict polices limit access to data and only allows authorized users. This can help reduce data exfiltration which is one method threat actors like to use today. This pillar suggests employing classification tools that will discover data on your network and then classify and tag sensitive data so that it can be isolated and protected.
  6. Visibility and AnalyticsThis pillar is based on making informed decisions based on actionable intelligence. This requires deep visibility into all activities performed on corporate assets, data, and network. This pillar advocates the use of tools that provide real-time monitoring that can correlate data from multiple security sources. It also recommends the use of enhanced technologies such as Artificial Intelligence (AI) and Machine Learning (ML) to provide advanced threat detection and help detect anomalous behavior with both users and data. This gives organizations actionable intelligence to help them detect and investigate earlier so that they can recover more quickly if a threat exists.
  7. Automation and OrchestrationThis pillar is centered around removing risks associated with the human element that can lead to costly outages. People are prone to error so automation tools can help mitigate this risk.It can also help accelerate and support rapid recovery, Employing automation and orchestration tools can also aid in improving an organization’s workforce productivity by removing repetitive and tedious tasks. It also aids in preventing configuration and compliance drift that can take systems out of an organization’s hardened compliance policy.

Today’s current IT landscape are attractive to threat actors looking to steal, destroy, or ransom business-critical data. Cybercriminals continue to evolve and change their threat tactics, targets, and procedures. The zero trust security model is the most effective way to secure today’s IT landscape. Zero trust will help reduce the blast radius of an attack, proactively provide threat analytics, and help to provide for a better security posture overall.