cyber security

What Is Zero Trust Architecture?

by Josh Biggs in Tech on 26th November 2019

When you’re thinking about network security, confidentiality isn’t all there is to think about. It’s complex, and you also have to think about service availability and performance and the comparison of options like DNS over HTTPS.

A term increasingly being used with network security and cybersecurity, in general, is called Zero Trust. architecture. If it’s not a term you’re familiar with, the following are things to know about the Zero Trust model.

First, The Basics

To start, what are the basics of Zero Trust architecture? Zero Trust is an initiative that has become a major buzzword in cybersecurity, but that can create misunderstandings as to what it is and what it’s not.

Zero Trust architecture is a means of preventing data breaches because it takes away the trust concept from your network architecture altogether.

Zero Trust uses different components to protect modern environments. These components can include network segmentation, the prevention of lateral movement, and simplified user-access control.

The creator of Zero Trust is John Kindervag, who served as vice president and principal analyst for Forrester Research.

During his time in that role, he realized that with traditional security models, there is the assumption that anything within a network should be trusted.

The underlying assumption in even simpler terms is that someone on the network doesn’t have a compromised identity. It also works under the belief that all users can be trusted and behave responsibly.

The Zero Trust model takes away that assumption of trust, as is implied by the name.

It’s estimated that around 80% of all data breaches are due to the abuse or misuse of privileged credentials.

If you were to shrink it all down to a digestible takeaway, Zero Trust is a security concept that’s build on the premise you shouldn’t automatically trust anything inside or outside perimeters. Everything has to be verified before access is made available.

There’s no access to machines or IP addresses until they’re known and authorized.

The Zero Trust framework is offered in contrast to the castle-and-moat approach, which is the traditional type of cybersecurity many networks utilize. With the castle-and-moat security framework, it’s challenging to gain access to the network if you’re on the outside, but if you’re on the inside, you have inherent trust.

The big, glaring problem with the castle-and-moat security approach is that once someone gains access to the network, they can essentially do whatever they want.

Along with this big problem, the castle-and-moat approach also fails to take into consideration the needs of modern organizations, which have data in multiple locations.

The implementation of Zero Trust security methodologies has been shown to reduce data breaches, and it’s quickly catching on among many diverse organizations.

What is the Technology On Which Zero Trust is Built?

The Zero Trust approach uses existing technology and processes.

Enterprises have to take advantage of micro-segmentation and what is described by CSO as “granular perimeter enforcement,” based on users, locations, and other relevant data. Then, there is a determination as to whether or not to trust an application, machine or user trying to access the network.

To start, most of the time there is an identification of a protected surface, which are the most critical elements of a network, such as certain data and assets.

The protected surface is much smaller than the general attack surface.

Then, once you’ve identified that, you can start looking at how traffic flows otherwise. You can get more of an understanding of who users are, what applications these users are accessing and how they’re connecting.

Once all of these things are identified and understood, it’s possible to create a perimeter around that surface that moves with it.

There aren’t any products you can buy that are going to give you Zero Trust on their own, although certain platforms may work better in this architecture than others. Instead, it’s more about following a set of processes and then finding the products that will work within that process.

You will need an advanced firewall with encryption to put Zero Trust into place, and visibility is one of the most important aspects of this architecture. You will need to integrate two-factor authentication and other methods of verification, as well.

Zero Trust Is Dynamic

Zero Trust is constantly evolving and changing, which is so important in modern cybersecurity practices.

Zero Trust has to work across the entirety of your environment, and there is ongoing control and enforcement even when users are accessing applications remotely.

Categories: Tech