Zero Trust: What It Is and Why It Matters
As organisations embark on their Zero Trust journeys, there will be countless vendors eager to provide their assistance and expertise. However, before engaging with prospective vendors, there are several things you should consider doing.
Before anything else, it’s important to understand that Zero Trust is not a solution that can be purchased or installed, or a simple task that can be checked off a to-do list. It is rather an ongoing project or a journey with no expiration date; and a change in mindset on how you wish to operate your business in a secure way.
In this blog post, we will have a look at Zero Trust: What it is, key principles, benefits and how to create a Zero Trust network.
What Is Zero Trust Security?
Traditional perimeter-based security strategies have become ineffective in modern environments. The “Zero Trust network” or “Zero Trust security model” was introduced to solve this issue by offering a comprehensive approach to secure complete environments.
The main concept of the Zero Trust security model is that nothing is trusted by default. This rule applies to all assets like users, systems and services, both internally and externally. Moreover, it enforces verification for granting access to systems.
This approach is ideal for cloud and distributed environments as there might not be a set perimeter as with user identity, applications, and data located at varying locations.
The primary disadvantage of traditional security models is that they are targeted at protecting the network from external attacks. While it is perfectly acceptable for a traditional network, simply protecting your perimeter is inadequate with the ever-evolving threat surfaces in the modern sense. This model ensures minimum impact on the overall network even if the perimeter is breached, as all entities and resources are considered untrusted by default.
But… where did the term “Zero Trust” come from? And most importantly, how can it be effectively implemented to enhance the security posture of an organisation?
The Origin of “Zero Trust”
Simply put, Zero Trust is about eliminating the level of trust from an organisation’s architecture. A term first coined in 2010 by then-Forrester Research analyst John Kindervag, Zero Trust follows the motto of “never trust, always verify,” instead of the traditional mantra of “trust, but verify.”
While Zero Trust can often get lost in marketing jargon, it's a critical framework that has the power to not only reduce the known security risks of the past, but also reduce the new and evolving security risks of the future—if and when put into practice correctly.
In many ways, Zero Trust can be viewed as a natural expansion and evolution of the least-privilege approach, where users are only given the level of access needed to fulfil their job role and responsibilities.
6 Principles of the Zero Trust Security Model
The Zero Trust security model is based on the following core principles.
1. Preventing Lateral Movement
When a network is compromised, the traditional security model allows an attacker to move within that network freely. Even if the attacker's entry point is discovered and patched, they can create a new undiscovered entry point in a separate section of the network.
However, the scope of the attack can be greatly reduced by preventing this lateral movement. When network controls are coupled with enforced verification, the movement of attackers within the network is restricted and confined to a specific location.
This approach allows users to easily quarantine the network and focus on patching the entry point; so even if an attacker created a new entry point, it can be discovered relatively easily as the scope is vastly reduced. It is especially important with distributed architectures like hybrid-cloud and multi-cloud environments where resources across different platforms are connected together.
With Zero Trust safeguards, even when a user has already been authenticated once, an organisation may have additional authentication requirements in place and block them from any applications or services for which they do not have permission. This helps eliminate the risk of lateral movement by any attackers who successfully enter an organisation’s network.
2. Multi-Factor Authentication (MFA)
MFA ensures that there are multiple requirements for user authentication and granting access to the network. An attacker will therefore not be able to gain access to the network even if a single authentication factor like a password is compromised. A good example of multifactor authentication is the two-factor authentication (2FA) implemented in most modern applications. It requires users to enter a password with a code generated via an authentication application or a message sent to a separate device.
Enforcing MFA will provide an additional layer of security to users as well as the organisation as there is a tendency of users not updating their passwords regularly and storing passwords insecurely.
3. Least Privilege Access
The principle of “least privilege” limits what users can access by providing only the necessary permissions for the resource they need to access. It minimises exposure to different parts of the network.
It can also be crucial to limit the scope of a breach as only the accessible resources will be compromised. Most attacks are targeted towards compromising user accounts. Therefore defining specific roles and policies helps verify which resources within the network a user has access to and what actions can be performed on those resources. It is essential when dealing with user or application data as they can be the primary targets of most attacks.
These access controls should not be limited to users and apply to all the other resources. They ensure that the scope of the affected resources within the environment is minimised regardless of the compromised entity.
When it comes to repelling an attack, proper access controllers enable security professionals to easily narrow down the scope of the investigations by focusing on the resources the compromised entity had access to. Additionally, controlling actions help reduce the damage an attacker can do to the system even if it is compromised.
4. Continuous Monitoring And Validation
Since all the aspects of the network are considered untrusted, continuous monitoring of the network traffic, authentication requests, failed connection attempts, etc., is crucial for identifying any anomalies within the network. Continuous validation with timeouts ensures that users and devices are continuously re-verified and no connection is kept open accidentally.
System administrators can have a top-down view of the entire network by implementing monitoring across the environment covering all resources and user activity—allowing them to track the activity of both internal and external entities across environments.
Monitoring must be combined with pre-configured alerts through different channels so that administrators can further automate the monitoring workload and implement around-the-clock monitoring. Continuous validation enables you to quickly restrict any rogue resources from accessing the network and send alerts via continuous monitoring mechanisms. Continuous monitoring has to be used not only as a security tool but also as a troubleshooting tool to fix issues within the infrastructure and the application.
All the data gathered by monitoring and validation are invaluable for auditing as well as security incident postmortems to identify the root cause behind an attack and fix any security gaps within the environment.
5. Device Access Control
Zero Trust requires access controls to be implemented at the device level by only allowing authorised devices to access resources. This principle limits device compromises, and the device can be locked out of the environment once a compromise is detected.
From the user's perspective, device access controls can prevent users from accessing internal resources using unauthorised or insecure devices. At the system level, it prevents unauthorised devices from connecting to the network or the application. This way, device access controls help to reduce the attack surface of the environment further.
6. Assume Breach
Always assume that there will be a breach in the system and configure the system to limit the damage. Access controls, network segmentation, device controls, and continuous monitoring are invaluable for reducing the impact of breaches.
The CTO's Crisis Survival Guide: How to Adapt Your Transformation Program to Unforeseeable Disruption
We asked some of our clients, including VPs of Technology and CIOs at major financial services organizations, to comment on how they are adapting to the Covid-19 crisis and what it means for their organization.
This guide summarises their key insights!
12 Benefits of the Zero Trust Model
- Improves the overall security posture of the organisation and reduces the attack surface of the environment. It will minimise or outright prevent intrusions to the environment regardless of the origin or the type of attack.
- A simpler approach to security compared to a traditional layered approach with separately managed components or layers. This model leads to the seamless integration of security to all aspects of the environment.
- Increased control over your environment from on-premise to cloud with each user, system, or resource controlled via tight access control. Thus, everything can be secured from the start even when there are multiple different environments or resources spread across different platforms.
- This model requires administrators to keep track of all the entities within an environment. It leads to the creation of resource inventories that can be managed as a part of the overall security workflow. These resource inventories can be used for troubleshooting as well as eliminating shadow IT.
- Easily facilitate system migrations. Centralised control over the application, user, and data policies allows securely migrating systems between platforms, regions, etc., without recreating policies or configuration from scratch.
- Reduce the risk of data breaches across the environment. With reduced lateral movements, segmentation, etc., the attacker will only have access to a limited number of resources even if compromised.
- Least privileged access vastly reduces the risk of accidental data exposure as users are restricted from accessing unintended resources.
- The security by default approach and seamless integration allows organisations to comply and adapt any compliance or regulatory requirements easily.
- Continuous monitoring covering the entire environment will provide increased observability to identify and troubleshoot issues quickly and efficiently.
- The ability to implement Zero Trust Network Access to provide external parties access to internal resources or facilitate a remote workforce more securely than similar VPN configurations.
- Can help prevent security breaches due to human errors like mismanaged passwords and shadow IT resources using technologies like MFA and continuous monitoring practices.
- This model enables security professionals to work more efficiently as they can have a complete overview of the environment without manually looking through all the entities in the network. The saved time can be utilised for a more productive task.
Zero Trust Challenges and Common Mistakes
The major challenge associated with Zero Trust is the time and resources required to implement it e.g. separating networks, implementing user and device access controls, defining proper scopes, and setting up monitoring are time-consuming and complex tasks.
Another common obstacle to implementing a successful Zero Trust cybersecurity model is the need for continuous maintenance, monitoring and management. Zero Trust models all rely on a vast range of permissions, but businesses are ever-changing. Employees can have different/new responsibilities, for example.
To make sure that data is only accessed by the people who should be accessing it, all access restrictions must be constantly reviewed and, if needed, updated.
As Zero Trust is a mentality, it needs to be continuously managed to ensure proper measures are in place. It is important to integrate regular or scheduled maintenance tasks and make sure that operations are considered to be Business As Usual.
The most common mistake is assuming that Zero Trust is the be-all and end-all solution for security. While Zero Trust can undoubtedly improve the overall security posture, it is not a turn-key solution. Zero Trust combined with endpoint security, network policies, regular updates, and an educated user base is the key to properly securing your environment.
How Do You Create a Zero Trust Network?
Adhering to the Zero Trust principles and planning the environment with a security-first mindset is the basis for creating a secure network. Consider all the systems, users, and devices within the environment and separate them into specific network sections. Then configure user and device controls with the least privilege model. Finally, configure a comprehensive monitoring solution to observe the entire network.
Implementing Zero Trust is very much about how you practice security within the organisation and about having zero assumptions—not vendor solutions. Organisations do not become a Zero Trust shop, they practice a Zero Trust mindset.
It’s also critical to remember that every organisation’s Zero Trust journey will be different, addressing unique and specific business risks that will vary depending on size of the organisation and the industry it operates within.
Personally, I’m not a big fan of the name “Zero Trust” and prefer to think of it as continuous verification or making zero assumptions—but the security approach of the Zero Trust mindset is a solid baseline on how organisations should put into practice to reduce the risks from cyberattacks.
Don’t Worry About Vendors
The first step should be creating a detailed inventory of all the devices, users and systems that exist within the network, which will help identify where security gaps may exist. From there, organisations can then develop a list of clear security goals that they would like to achieve on their Zero Trust journey.
For example, what security controls in the organisation should be enhanced and by when? This will help dictate the steps required to achieve such outcomes. It is only after the completion of a full inventory of assets, coupled with a strategy with clear outcomes defined to address specific cybersecurity goals, that discussions with legitimate vendors should commence.
Vendor partners can help develop supplemental and unique plans moving forward. Most vendors provide features that will help put in place Zero Trust security controls to help you on your journey and it is important to map out the risks that you want to apply a Zero Trust framework and mindset to.
Culture Change and Zero-Trust Accountability
Organisations must also recognise that Zero Trust is a collective, collaborative and cross-functional effort within an organisation. While IT and security teams will play a significant role in the development and implementation of Zero Trust frameworks, their work alone will not be highly effective.
Executive and senior leadership support and buy-in is another important, often overlooked component of successful initiatives. Executives should be actively involved when creating Zero Trust plans to ensure implementation into existing and future organisational strategies.
As for execution and delivery, there should be a clear blueprint as to who is responsible for various parts of a Zero Trust framework. Security and non-security focused teams must work together to address and remediate issues, while keeping expectations realistic. Zero-trust is a journey with multiple phases and multiple steps to maturity, wherein the short-term return on investment may be difficult to convey and measure.
Zero-trust represents a significant change in organisational culture and mindset. It is an approach where every activity and user are considered privileged, and therefore require continuous verification; an approach that can help organisations establish a baseline for security controls that need to be repeated and force cybercriminals into taking more risks.
Finally, it is a philosophy that ultimately gives cyber-defenders and security teams a stronger chance of detecting attackers early and preventing catastrophic cyber-incidents. Zero-trust is all about reducing the risks and making it more difficult for cybercriminals to be successful.
After all, the more we force cybercriminals to take more risks, the more noise they’ll make—thus giving the cyber-defenders a better chance at detecting them early enough to prevent serious security incidents from occurring.
Zero Trust improves the overall security posture of an environment. It can be used to implement access controls at the resource level with monitoring across the environment to detect and remedy any network breaches quickly. Zero Trust is an ideal way to reduce the risk of network compromise in an increasingly interconnected world regardless of the environment.
If you want to learn more about Zero Trust, get in touch with our team.