Otherwise known as Zero Trust Network or Zero Trust Architecture, the term Zero Trust was coined in 2009 by John Kindervag who was the Principal Analyst and Vice President at Forrester Research.
So, what is Zero Trust?
Zero Trust is a security framework, or concept that assumes trust is a vulnerability and is thus eliminated. This means that each individual or device will be required to undergo multiple verifications as they traverse different areas of the same private network. This Zero Trust concept of highly stringent authentication protocols effectively provides Layer 7 threat prevention.
Why is Zero Trust important?
The concept of Zero Trust stems from issues with older practices, where individuals or devices that have been given access to the network are automatically trustedindividuals or devices that have been given access to the network are automatically trusted, whereas those outside of the network are not. The practice of assuming that everyone within a network meant that any compromised entry point would be given free rein to manipulate data and systems within the network.
While trust models predating Zero Trust may have presented moderate levels of risk in on-prem networks, the uptake of various new technologies and the rise of cloud computingrise of cloud computing have drastically increased risk levels.
With information being distributed across sources, there is no longer a single source of access control. This lack of visibility is problematic as the number of entry points for an attack increases with the number of platforms a user uses. Attackers can then easily get access to a device or user credentials that have an all-access pass to the network, and worse, get away with it because it isn’t monitored closely.
By practicing the concept of Zero Trust, even if an attacker gets their hands on a user device or account credentials, the layer of verifications will help decrease the likelihood that attackers can get full access to the network.
The Pillars of Zero Trust
Least Privilege Access
Only provide users access to parts of the network or data that they absolutely require to get work done. From internal documentation to databases in the Cloud, grant access only on a need-to-know basis to limit the potential surface area of attacks.
Multi-Factor Authentication (MFA)
MFA is the practice of using multiple methods (or factors) of identity verification, which adds to the layers of security. The factors can be:
- Something you know - a password, passphrase, or PIN
- Something you are - a thumbprint or ocular scan. This is also known as “biometric”.
- Something you have - a hard token that generates a One-Time Password (OTP) or even a soft token on your phone or computer that generates an OTP
The easiest way to improve authentication is to at least have Two-Factor Authentication (2FA)The easiest way to improve authentication is to at least have Two-Factor Authentication (2FA), which requires two methods of identity verification in order to gain access. Apps like Google, Microsoft, or LastPass Authenticator are commonly used for this purpose. SMS is another method for retrieving OTPs, but can be intercepted by attackers in more complex attacks.
If an attacker gets access to a user device with confidential information, MFA is the step between having access to only the device versus opening the door to confidential data.
Although MFA adds a layer of security, in more complex attacks, attackers might be able to intercept a secondary device to impersonate a user and get past the MFA authentication stage.
Device controls come into play here, where organizations may consider limiting the number of devices or which devices are allowed access to the network.
Network segmentation involves segregating the network into multiple secure zones. Each zone can be set up with its own micro-perimeters, such as a Next-Gen Firewall (NGFW), to ensure only authorized users or devices can access it. This also limits the surface area of an attack.
Implementing Zero Trust in your Organization
To practice Zero Trust, start with identifying which parts of the network to protect, and which areas are most vulnerableidentifying which parts of the network to protect, and which areas are most vulnerable. Following which, map out the flow of data and dependencies within the network, to understand the who’s, what’s and when’s of a user requesting access to it. In this way, you can effectively implement micro-segments and perimeters.
It is also important to communicate the need and importance of Zero Trust to the stakeholders within your organization and implement a policy to maintain the Zero Trust efforts made.
Finally, consistent monitoring is essential for you to respond and change the perimeters where needed.
If you’re looking to set up a Zero Trust policy and want to find out how to tailor it to your organization, Horangi offers CISO-as-a-Service that can help you get started.