Zero Trust is a new security model originally developed in 2010 by John Kinderwag of Forrester Research. The zero trust model, as the name suggests, assumes that any connection, endpoint or user is a threat and that the network must be protected from both internal and external threats.
Although this may sound a bit confusing, it is exactly what organizations want in a world where IT is highly distributed, with systems distributed in the cloud and at the edge, millions of IoT devices, and many employees working from home or on mobile devices. The old "network perimeter" concept is dying and being replaced by the zero trust network concept.
In practice, this is how the zero-trust security model works in an enterprise network.
- Zero Trust uses least privileged access to ensure that users only have access to resources on a limited basis.
- Zero Trust validates and authorizes each connection and ensures that the connection meets all requirements set by the organization's security policy.
- Authenticate and authorize each device, connection, and network flow based on dynamic requirements using context from multiple data sources.
These security best practices ensure that if a user or device accesses network resources in an unusual or unauthorized manner, the service will be suspended and the security team will be notified immediately. This process creates strong protection against the most complex threats, even if they are already in the network.
Why is zero faith becoming popular?
The demand for trust-supporting products is constantly increasing. The global zero trust market is expected to double in five years to reach over $50 billion by 2026. The main drivers of this market are the frequency of targeted cyber attacks, new data protection regulations and data security standards.
Many organizations take a centralized approach to identity and access management (IAM), a key component of a zero-trust architecture. Enterprises are increasingly adopting IAM technologies and control measures such as multi-factor authentication (MFA) and single sign-on (SSO).
Another trend in zero-trust adoption started with the pandemic: many organizations switched to zero-trust network access (ZTNA) instead of relying on virtual private networks (VPNs).
Zero-Trust helps security organizations protect against sophisticated attackers and modernize their cybersecurity infrastructure. It also improves user access to cloud applications. A zero-trust approach includes advanced security technologies focused on data protection, with existing identity management systems and endpoint protection.
Principles of Zero Trust Architecture
The modern web is a very dynamic and complex environment with no fixed perimeter for security. Bring your own device (BYOD) telecommunications and bring your own device (BYOD) templates allow employees and third parties to occasionally connect to the network to access resources. A supply chain consists of many partners and suppliers that can be integrated into the network to provide services.
The user can be an employee or an API partner who connects to the network as needed and sees multiple connections from different locations and devices around the world. As a result, there is no defined perimeter, and it can be difficult to distinguish legitimate communications from malicious senders.
End point risk
Additional threats to the modern web include accidental data loss and malicious software (malware) downloads by legitimate users and data theft by insider threats or attackers. Phishing techniques have become commonplace as cybercriminals realize they can trick employees at all levels into networks.
Unlike the traditional security scenario that protects against external threats in the network, the zero-trust security model protects against both internal and external threats. Assuming that something in the network is untrusted, the model can implement safeguards that prevent cybercriminals from using endpoints to compromise the network.
Zero trust policy
A zero trust model treats all connections and devices as untrusted to block threats but still allow access. Architecture helps protect assets by adhering to National Institute of Standards and Technology (NIST) zero-trust principles. Here are the main details:
- A resource architecture considers all computing services and data sources as resources.
- Communication: Protects all communications regardless of network environment, all networks are aggressive and untrustworthy.
- Session. A zero-trust architecture ensures session-based access to all enterprise resources.
- Policies: Use dynamic policies to enforce access to resources. Policies can include observed identities, applications, device and network conditions, and behavioral attributes.
- Monitoring: A company must monitor its assets to ensure they are in a safe condition.
- Flexible: Facility authentication and authorization is always flexible and strictly enforced before granting access.
- Information: Organizations must gather sufficient information about the current state of communication and network infrastructure, using this information to continuously improve the organization's security posture.
There is no trust in technology
Zero Trust is not just a concept, but a set of technologies designed to help organizations implement the principles. Following are the key technologies that can help an organization implement zero trust.
Secure Perimeter Access Service (SASE)
SASE is a cloud architecture model that combines networking and security as a service function into a single cloud service. It enables organizations to consolidate all network and security tools into a single management console, providing a simple network and security tool independent of workstations and resources.
Zero Trust Network Access (ZTNA)
ZTNA is a remote access security solution that enforces application-specific rights. Provides policy-based general access while a remote worker responds to requests for organizational resources. The solution evaluates each request individually, including context and authentication details such as role-based access control (RBAC) policies, IP addresses, locations, time limits, and user roles or groups.
ZTNA is most useful when the network security stack is deployed as part of a SASE solution in combination with network optimization features (SD-WAN). Implementing SASE allows organizations to replace traditional perimeter-based approaches with a zero-trust security model.
Next Generation Firewall (NGFW)
NGFW is a third-generation firewall technology that can be implemented in software or hardware. This technology applies security policies to detect and block sophisticated attacks at the port, protocol, and application levels. Here are the general features of NGFW:
- Integrated Intrusion Prevention System (IPS).
- Application awareness.
- Identity authentication with user and group control.
- Using external data sources.
- Bridge and turn mode.
Most NGFW products combine at least three key features: enterprise firewall, application control, and IPS. NGFWs provide additional context for making firewall decisions. This technology allows the firewall to analyze web traffic details and block suspicious traffic.
Identity and access management
Identity and access management (IAM) is a framework that uses business processes, policies, and technologies to facilitate digital or electronic identity management. Allows IT staff to control user access to data.
Common IAM features include single sign-on (SSO), two-factor authentication (2FA), multi-factor authentication (MFA), and special access management. These technologies allow you to securely store identity and profile data and implement data management features to manage communications.
Microsection
Microsegmentation helps divide the network into logical and secure blocks using policies to determine access to data and applications. You can implement network microsectioning in cloud environments and data centers.
Organizations can improve security by dividing the network into smaller segments and limiting the types of traffic that cross the network horizontally. Security groups allow applications to determine how they interact within the system, the direction of exchange, and the necessary security and authentication mechanisms.
How zero trust can change security
The modern workplace does not require all employees to work in one place. Remote work has enabled companies to employ geographically dispersed people and collaborate with partners in different countries. Physical proximity is not a factor in security planning.
Neither belief makes the user's physical environment irrelevant. It provides continuous authentication regardless of location or network, increasing organizational security with universal access control.
To reduce conflict with the security team
Development teams see security teams as a problem because they block certain tools or add security measures to workflows. Zero Trust reduces this friction by removing security restrictions and authenticating each user when accessing applications remotely. Employees can use their own devices without a firewall or VPN.
As a result, DevOps teams trust the security team and are more willing to collaborate.
Meet the organization's security needs
Zero Trust helps maintain visibility of all network endpoints by allowing security teams to verify endpoints before granting access. Increased transparency allows teams to proactively defend against cyber attacks.
Initially, most businesses relied on VPNs when transitioning to a remote work model. However, VPNs cannot always handle traffic from large numbers of remote workers. In the future, hybrid business models may become the norm, with no trust the only viable long-term security option.
Featured Image Credit: Photo by CottonBrow; pixels; thank you!
What is Post Zero Trust and will it change security forever? ReadWrite appeared first.