What is Zero Trust Architecture?
In simple words it is "Never Trust, Always Verify". It assumes that no user or application should be inherently trusted.
Zero trust is a cybersecurity strategy wherein security policy is applied based not on assumed trust, but on context established through least-privileged access controls and strict user authentication. A well-tuned zero trust architecture leads to simpler overall network infrastructure, a better user experience, and ultimately improved protection against cyber threats.
Zero trust securely connects users, devices, and applications using business policies over any network.
In the old model, users outside the secure perimeter used VPNs to establish remote access to the internal network, and they were trusted once inside. In contrast, the zero trust approach treats all traffic, including traffic already inside the perimeter, as hostile.
Over the last decade, companies have started to decentralize their data, assets, applications, and services, across multiple environments and cloud infrastructure providers. This decentralization has made the traditional security strategy ineffective, as network security can no longer be confined to a single location, set of devices, or users. The zero trust framework was developed to help modern companies secure their most valuable assets in this distributed cloud-native environment.
Zero trust is based on the idea that there is no traditional network edge, requiring you to design a system that assumes that all users and services are a potential threat, even if they’re within your network. Your system would require access requests to be continuously evaluated before connecting to any of your applications and services. Logins, connections, and API tokens would be short-lived and users and devices would continuously authenticate their identities and privileges.
Why do we need zero trust?
When we have Zero Trust security in place, we can provide security to anywhere and everywhere on whatever device our colleagues choose to use. We can strengthen security further by including access management as the core of the Zero Trust architecture to create a Zero Trust extended ecosystem.
Organizations that shift from traditional perimeter security to a zero-trust model increase their level of continuous verification capable of detecting the following methods faster and often stopping them before intrusion occurs:
- Phishing emails targeting employees
- Lateral movement through corporate network
- Redirecting a shell to a service to compromise a corporate machine
- Stolen developer password
- Stolen application database credentials
- Exfiltration of database via compromised application host
- Compromising application host via privileged workstation
- Using developer password to elevate application host privileges
- Accessing privileged workstation
- Installing keylogger via local privilege escalation on workstation
What are the zero trust principles?
The zero trust framework is based on four fundamental principles:
Never trust, always verify
Your system should continually ask users and services to verify their identities, devices, locations, and other data attributes to ensure that only privileged users and services are accessing a sensitive resource. Tokens, sessions, and connections should be short-lived and users and services should be prompted to re-authenticate in order to continue accessing your sensitive resources.
Continuous monitoring and observability
Continuous monitoring and observability enables you to have a real-time understanding of which users are attempting to access which resources and the outcome of that evaluation. Additionally, it provides your network and security teams with real-time information about potential threats, anomalous behaviours, and active security incidents. This enables them to act quickly to resolve any incidents and limit the blast radius of a potential breach.
Ensuring that your users only have access to the bare minimum of necessary resources is a core tenet of the zero trust framework. It’s important for you to understand exactly which of your users need access to which resources and what they need to do with those resources in order to limit unauthorized access.
The Foundations of Zero Trust
Zero trust is not simply about a single technology such as user identity, remote user access, or network segmentation. Zero trust is a strategy, a foundation upon which to build a cybersecurity ecosystem. At its core are three tenets:
- Terminate every connection: Many technologies, such as firewalls, use a “passthrough” approach, which means that files are sent to their recipients at the same time they’re being inspected. If a malicious file is detected, an alert is sent, but it can often be too late. In contrast, zero trust terminates every connection so it can hold and inspect unknown files before they reach the endpoint. Built on a proxy architecture, zero trust operates inline and inspects all traffic at line speed, including encrypted traffic, executing deep data and threat analysis.
- Protect data using granular policies based on context: Zero trust applies user identity and device posture to verify access rights, and it uses granular business policies based upon context, including user, device, the application being requested, as well as the type of content. Policies are adaptive, which means that as context changes, such as the user’s location or device, the user access privileges are continually reassessed.
- Reduce risk by eliminating the attack surface: Zero trust connects users directly to the applications and resources they need, and never connects them to networks. By enabling one-to-one connections (user-to-app and app-to-app), zero trust eliminates the risk of lateral movement and prevents a compromised device from infecting other network resources. With zero trust, users and applications are invisible to the internet, so they can’t be discovered or attacked.
Benefits of Zero Trust
Reduces business and organizational risk
Zero trust assumes that all applications and services are malicious and are disallowed from communicating until they can be positively verified by their identity attributes. Zero trust, therefore, reduces risk because it uncovers what’s on the network and how those assets are communicating. Further, as baselines are created, a zero trust strategy reduces risk by eliminating over-provisioned software and services and continuously checking the “credentials” of every communicating asset.
Provides access control over cloud and container environments
With a zero trust security architecture, security policies are applied based on the identity of communicating workloads and are tied directly to the workload itself. In this way, security stays as close as possible to the assets that require protection and is not affected by network constructs such as IP addresses, ports, and protocols. As a result, protection not only travels with the workload where it tries to communicate but remains unchanged even as the environment changes.
Helps reduce the risk of a data breach
Because zero trust is based on the principle of least privilege, every request is inspected, users and devices are authenticated, and permissions are assessed before "trust" is granted, and this "trust" is continually reassessed as any context changes. If an attacker should gain a foothold in the network or cloud instance through a compromised device or other vulnerability, that attacker will have no ability to access or steal data as a result of being untrusted. And there is no ability to move laterally due to the zero trust model of creating a "secure segment of one," which means there is nowhere an attacker can go.
Supports compliance initiatives
Zero trust shields all user and workload connections from the internet, so they cannot be exposed or exploited. This invisibility makes it simpler to demonstrate compliance with privacy standards and other regulations, and results in fewer findings in audits.
How do you deploy a Zero Trust?
Building a Zero Trust architecture is much simpler than it appears. Because Zero Trust is an augmentation of your existing architecture, it does not require a complete technology overhaul. Rather, it can be deployed iteratively while allowing you to take advantage of the tools and technologies you already have.
Implementation of Zero Trust Architecture in a five-step model:
Define the protect surface
Working tirelessly to reduce the attack surface is not viable in today’s evolving threat landscape. The attack surface is always expanding, making it difficult to define, shrink or defend against. However, with Zero Trust, rather than focusing on the macro level of the attack surface, you determine your protect surface. The protect surface encompasses the critical data, application, assets and services—DAAS—most valuable for your company to protect.
- Here are some examples of DAAS you might include in your protect surface:
- Data: Credit card information (PCI), protected health information (PHI), personally identifiable information (PII) and intellectual property (IP)
- Applications: Off-the-shelf or custom software
- Assets: SCADA controls, point-of-sale terminals, medical equipment, manufacturing assets and IoT devices
- Services: DNS, DHCP and Active Directory
Once defined, you can move your controls as close as possible to that protect surface to create a micro-perimeter with policy statements that are limited, precise and understandable.
Map the transaction flows
The way traffic moves across a network determines how it should be protected. Thus, it’s imperative to gain contextual insight around the inter-dependencies of your DAAS. Documenting how specific resources interact allows you to properly enforce controls and provides valuable context to ensure the controls help protect your data, rather than hindering your business.
Architect a Zero Trust network
Zero Trust networks are completely customized, not derived from a single, universal design. Instead, the architecture is constructed around the protect surface. Once you’ve defined the protect surface and mapped flows relative to the needs of your business, you can map out the Zero Trust architecture, starting with a next-generation firewall. The next-generation firewall acts as a segmentation gateway, creating a micro-perimeter around the protect surface. With a segmentation gateway, you can enforce additional layers of inspection and access control, all the way to Layer 7, for anything trying to access resources within the protect surface.
Create the Zero Trust policy
Once the network is architected, you will need to create Zero Trust policies using the “Kipling Method” to whitelist which resources should have access to others. Kipling, well known to novelists, put forth the concept of “who, what, when, where, why and how” in his poem “Six Serving Men.” Using this method, we are able to define the following:
- Who should be accessing a resource?
- What application is being used to access a resource inside the protect surface?
- When is the resource being accessed?
- Where is the packet destination?
- Why is this packet trying to access this resource within the protect surface?
- How is the packet accessing the protect surface via a specific application?
With this level of granular policy enforcement, you can be sure that only known allowed traffic or legitimate application communication is permitted.
Monitor and maintain the network.
This final step includes reviewing all logs, internal and external, all the way through Layer 7, focusing on the operational aspects of Zero Trust. Since Zero Trust is an iterative process, inspecting and logging all traffic will provide valuable insights into how to improve the network overtime.
Once you have completed the five-step methodology for implementing a Zero Trust network for your first protect surface, you can expand to iteratively move other data, applications, assets or services from your legacy network to a Zero Trust network in a way that is cost-effective and non-disruptive.
Zero Trust application in Platform models:
With the platform models taking over existing work models and defining the "Future of Work", Zero trust plays a central role in defining the security structure. Zero Trust architecture becomes a prerequisite for organizations to be able to leverage platforms as the people who access the systems in this model are complete strangers from an organization standpoint.
Organizations need to follow the given below steps for applying Zero Trust Architecture in platform models:
- Tested and matured Zero Trust Model for internal employees
- Pooled, reserved user IDs for platform users
- Custom protection surface for platform users
- Data, Applications, Assets and Services scope for platform users
Time and technology is ripe for organizations to adapt to platform working models by ensuring Zero Trust Architecture in place.