Zero trust is a new security model first developed in 2010 by John Kindervag of Forrester Research. The trustless model, as the name implies, assumes that every connection, endpoint, or user is a threat and that the network needs to protection against all threatsboth inside and outside.
While this may sound a bit paranoid, it’s exactly what organizations need in a world where IT is highly distributed, with systems deployed in the cloud and at the edge, millions device of all thingsand more staff working from home or via mobile device. The old idea of ”network perimeter” is dying out and being replaced by the idea of a trustless network.
In fact, this is how the trustless security model works in an organization’s network:
- Zero Trust uses least privileged access to ensure users can only access resources on a limited basis.
- Zero Trust verifies and authorizes each connection, and ensures the interaction meets all requirements set forth by the organization’s security policy.
- It authenticates and authorizes each device, connection, and network stream by dynamic policy, using context from multiple data sources.
These security best practices ensure that if any user or device accesses network resources in an unusual or unauthorized way — they are blocked and security is immediately notified. This process creates watertight protection against even the most sophisticated threats, even when they are already in the network.
Why is Zero Trust so popular?
Demand for products that support zero trust is constantly growing. The global zero trust market is likely to double in 5 years, projected to reach over $50 billion by 2026. The key factors driving this market are the frequency of targeted cyber attacksNew data protection regulationsand information security standards.
Many organizations are adopting a centralized approach to identity and access management (IAM), a key component of a trustless architecture. Companies are increasingly implementing IAM technologies and control mechanisms such as multi-factor authentication (MFA) and single sign-on (SSO).
Another trend leading to the adoption of the trustless model started with the pandemic—many organizations turned to untrusted network access (ZTNA) instead of relying on a virtual private network (VPN).
Trustless security can help organizations fend off sophisticated attackers and modernize their cybersecurity infrastructure. It also improves user access to cloud applications. The Zero Trust approach combines cutting-edge security technologies focused on data protection, integrating with existing identity management and endpoint protection systems.
Zero Trust Architecture Principles
The modern network is a highly dynamic and complex environment with no defined perimeter to protect. The bring-your-own-device and telework (BYOD) model allows employees and third parties to network discretely to gain access to resources. The supply chain consists of many partners and suppliers that can integrate with the network to provide services.
Users can be human employees or API partners connecting as needed to the network, can see multiple connections from different locations and devices around the world. Therefore, there is no defined scope and it can be difficult to distinguish between legitimate connections and malicious intrusions.
Additional endpoint threats faced by modern networks include accidental data leaks and unintentional malware (malware) downloads by legitimate users and data theft. data by insider threats or malicious intruders. Fraud scheme gained popularity as cybercriminals realized that they could infiltrate networks by manipulating employees of all ranks.
Unlike traditional security models that protect the inside of the network from external threats, the trustless security model protects against both internal and external threats. By assuming what’s inside the network is untrustworthy, this model can apply protections that prevent cybercriminals from exploiting endpoints to breach the network.
Principle of distrust
The trustless model treats all connections and devices as untrusted to block threats while allowing access. The architecture helps protect resources while complying with the National Institute of Standards and Technology (NIST) principle of unreliability. Here are the core principles:
- Resources—architecture that treats all computing services and data sources as resources.
- Communication—it secures all communications regardless of network location, operating under the assumption that all networks are hostile and unreliable.
- Session—a trustless architecture that grants access to individual enterprise resources on a per-session basis.
- Policy—it uses dynamic policy to enforce access to resources. Policy includes observable identity, application, device, and network state and can include behavioral attributes.
- Monitoring—businesses must monitor assets to ensure they are all safe.
- Dynamic—resource authentication and authorization is always dynamic and strictly enforced before allowing access.
- Data—enterprises must collect complete information about the current state of their communication and network infrastructure, using this data to continuously improve their security.
Zero Trust Technology
Zero Trust isn’t just an idea – it’s a collection of technologies built to help organizations implement its principles. The following are the most important technologies that can help an organization realize zero trust.
Secure Access Service Compile (SASE)
SASE is a cloud architecture model that unifies networking and Security as a Service functions into one cloud service. It allows organizations to consolidate all network and security tools into one management console, providing a simple network and security tool regardless of employee location and resources.
Untrusted network access (ZTNA)
ZTNA is a remote access security solution that implements specific privileges for applications. It grants access according to detailed policies when responding to requests from remote employees to corporate assets. The solution evaluates each request individually, considering context and authentication details, such as role-based access control (RBAC) policies, IP addresses, locations, time limits, and roles user group or game.
ZTNA is beneficial when deployed as part of a SASE solution that unifies the network security stack with network optimization features such as software-defined WAN (SD-WAN). Deploying SASE allows organizations to replace the traditional perimeter-based approach with a trustless security model.
Next Generation Firewall (NGFW)
NGFW is a third-generation firewall technology that you can deploy in software or hardware. This technology enforces security policies at the port, protocol, and application levels to detect and block sophisticated attacks. Here are common NGFW features:
- Integrated intrusion prevention systems (IPSes).
- Application awareness.
- Identity awareness through user and group control.
- Use external intelligence sources.
- Bridged and Routing mode.
Most NGFW products integrate at least three basic functions: enterprise firewall capabilities, application control, and IPS. NGFW provides additional context for firewall decision-making. This technology allows the firewall to understand the details of web application traffic as it passes through and block suspicious traffic.
Identity and access management
Identity and access management (IAM) is a framework that uses business processes, policies, and technologies to facilitate the management of digital or electronic identities. It allows IT staff to control user access to information.
Common IAM capabilities include single sign-on (SSO), two-factor authentication (2FA), multi-factor authentication (MFA), and privileged access management. These technologies help securely store identity data and records, and apply data governance functions to control data sharing.
Microsegmentation helps to divide the network into logical and secure units by using policies to define access to data and applications. You can apply network microsegmentation to cloud environments as well as data centers.
Organizations can increase security by dividing the network into smaller pieces and restricting the types of traffic that are allowed to traverse the network. It also allows security teams to define how applications share data within a system, the direction in which that data is shared, and the necessary security and authentication measures.
How Zero Trust will change security
A modern workplace doesn’t require all employees to work from the same location. Teleworking has allowed companies to recruit geographically dispersed individuals and collaborate with partners in different countries. Physical distancing is no longer a factor in the security plan.
Distrust makes the user’s physical location irrelevant. It ensures continuous verification regardless of location or network, improving the security of the organization by restricting access globally.
Reduced friction with security groups
Development teams often see security teams as an obstacle because they prevent the use of certain tools or add security steps to the workflow. Distrust reduces this friction by eliminating security restrictions and verify each user when accessing the application remotely. Employees can use their devices without going through a firewall or VPN.
As a result, DevOps teams trust the security team and collaboration is easier.
Meeting an organization’s security needs
Zero trust helps maintain visibility across all network endpoints, allowing security teams to verify endpoints before granting access. Greater visibility allows teams to proactively prevent cyberattacks.
Initially, most companies relied on VPNs when transitioning to a remote working model. However, VPNs are not always able to handle all traffic from a large remote workforce. The future is likely to see hybrid working models become the norm, with zero trust being the only viable option for maintaining security in the long term.
Featured image credit: Photo by Cottonbro; Pexels; Thank you!