Ever since it was created in 2010, Zero Trust’s humble beginnings seem a far cry from how it’s being deployed over a decade later. Coined by principal analyst John Kindervag, Zero Trust has moved beyond mere buzzword and into the mainstream. CIOs, CISOs and other corporate executives have been increasingly implementing the model to protect their systems against progressively more sophisticated attacks.
But what do we mean by Zero Trust and how can you begin to deploy it within your business? Here, we’ll take a look at its definition in more detail, as well as the principles and technology governing it and how it can be used to optimise business’ cybersecurity offerings.
What is Zero Trust security?
The traditional model of cybersecurity assumes that internal traffic is safe. In reality, however, 30% of data breaches today involve internal users. And while these users may not be acting in a malicious manner, their behaviour is often being exploited by external “threat actors”, i.e., a person, group, or entity that creates all or part of an incident that aims to impact an organization’s security.
The Zero Trust security paradigm, on the other hand, views everything and everyone (both internal and external) as untrustworthy until proven otherwise. This means that users, devices, and applications must submit an access request every time they want to complete a task.
Each of these requests undergoes evaluation based on micro-segmentation of user types, locations, and other identifying data. From here, the business then knows:
- When to trust
- What (or who?) to grant access to
- How long that access is enabled for
Essentially, the model can be boiled down to: “Never trust, always verify.”
What are the principles of Zero Trust security?
Re-examine all default access controls
Since Zero Trust assumes that there are attackers both within and outside of the network, no users or machines should be automatically trusted. Because of this, every request to access the system must be authenticated, authorised, and encrypted.
Use a variety of preventative techniques
A Zero Trust model relies on a variety of techniques to prevent breaches and reduce their impact, such as:
- Identity Protection and Device discovery: To establish what is normal and expected on your extended network, your credentials and devices should be in an audit-ready state of knowing what devices exist and which credentials are on each.
This allows you to know how these devices and credentials behave and connect, letting employees improve step-up authentication by identifying challenges and anomalies.
- Multi-factor authentication (MFA): A commonly used method of confirming a user’s identity and increasing network security, MFS relies on two or more pieces of evidence such as security questions, email/text confirmation, or logic-based exercises to assess the user’s credibility. The more authentication points an organisation has, the greater its overall security strength.
- Least privileged access: The organisation should grant the lowest level of access possible to each user or device. In the event of a breach, this helps limit lateral movement (basically, the techniques cyber attackers use to move through a network) across the network and reduces the potential for attack.
- Micro-segmentation: By dividing perimeters into small zones to maintain separate access to every part of the network, micro-segmentation can contain attacks. This can be done through devices and functions or, more effectively, by identifying and controlling groups and users. Should a breach occur, the hacker is unable to explore outside their micro-segment.
Enabling real-time monitoring and controls
Since Zero Trust is generally preventative in nature, organisations should also set up real-time monitoring capabilities to improve their “breakout time”, i.e., the window of time between an intruder compromising the first machine and when they can move laterally to other systems on the network.
This real-time monitoring is crucial in detecting, investigating, and dealing with intrusions.
Align the model to your broader security strategy
Of course, Zero Trust is merely one aspect of a security strategy. Additionally, digital capabilities alone won’t stop breaches. That means companies must adopt a more robust security solution that incorporates a variety of endpoint monitoring, detection, and response capabilities to ensure the safety of their networks.
Older and obsolete authentication protocols like LPDA and NTLM should be updated, and their “easy access” removed. Of course, all devices, services, applications, and firmware should be patched ASAP when new zero-day vulnerabilities are announced by vendors.
Likewise, even the most innocuous-looking software updates to common systems can cause damage. A solid incident response plan, along with business continuity and recovery plans, can help to prevent unexpected incidents and potential breaches from taking place.
What are the benefits of Zero Trust security?
Greater visibility across the business
By deciding on which resources and activity you should cover in your security strategy, your monitoring becomes more finetuned, and as a result, you’ll have full visibility into who (or what) accesses your network. This lets you know the time, location, and applications in every access request.
Simplified IT management
Because of the monitoring involved, you can use automation to evaluate access requests. So, when using a privileged access management (PAM) system, it can judge certain requests to be standard based on certain identifiers and grant automatic access.
This takes the pressure off IT having to manually approve every access request. Instead, they’ll serve in an admin-only capacity when the system notices anything suspicious.
Improved data protection
Zero Trust can prevent malware (or even deceptive employees) from gaining access to vast swathes of your network for as long as they like. Limited, time-bound access means there’s a far smaller chance of either threat actor exploiting the data they’re looking for.
A more secure remote workforce
With users spread all over the country and data housed in the cloud, firewalls are no longer sufficient. Zero Trust makes identifying the perimeter and devices simpler, strengthening protection for workers and data wherever they are in the world.
Streamlined user access
Zero Trust also puts an end to remote workers needing to log in to VPNs and slow-paced gateways to get to the resources they need. Coupled with the automated access we mentioned earlier, this enables users to get what they need quickly, without tiresome roadblocks and verification.
Since every access request is evaluated and logged, Zero Trust means continuous compliance. By tracking the time, location, and applications involved with each access request, this creates a seamless audit trail. Need to produce evidence in order to uphold governance? You’ll have a chain of events which illustrate your business’ compliance in no time.
How to deploy Zero Trust within your business
Every business’ needs differ, but you can start to develop and deploy a Zero Trust model within your own organisation with the following:
Assess the organisation
Identifying the sensitive data, assets, applications, and services (DAAS) within the Zero Trust framework can help you to define the attack “surface”.
One way of doing this is by identifying and auditing every credential active within your organisation and removing any accounts that haven’t been used in 30 days, before reviewing the privileges for risk and impact. You should also assess the organisation’s current security toolset to identify gaps within the infrastructure.
Once you’ve identified the attack surface, it’s important to give these critical assets the highest level of protection possible.
Create a directory of all assets and map the transaction flows
Where does your most sensitive information live, and which users need access to it? By determining this, you’ll gain a greater understanding of how your various DAAS components interact, which in turn allows you to ensure compatibility with security access controls between these resources.
Take a look at your authentication protocols too, and remove or raise any connection issues on your outdated or legacy systems. Like the first point, consider removing outdated accounts, and strengthen your existing accounts by enforcing a mandatory password rotation.
Establish a variety of preventative measures
To stop hackers in their tracks, you should use the multifactor authentication, least privileged access, and micro-segmentation measures which we mentioned earlier in this post.
Create the Zero Trust policy
Once you’ve assessed your attack surface, mapped transactional flows, and know which preventative measures you’re putting in place, you should create a whitelist outlining which resources have access to others. Ask yourself who should have access, what can they have access to, why they might require access, and how can they access their required applications.
By doing this, you’ll be ensuring that only known allowed traffic and legitimate application communication is permitted.
Monitor the network continuously
Once everything has been implemented, things don’t stop there. You’ll need to continually monitor things in case you spot any anomalous activity and suspicious traffic. By inspecting, analysing, and logging all traffic, you’ll have valuable insights into how to improve the network over time.
CDL is one of the UK’s leading IT disposal companies, working to help private and public businesses safely retire and recycle their outdated IT assets. To find out how we could help your business, or for more of the latest tech news and advice, visit our homepage or call our team today on 0333 060 2846.