Published: September 23, Zero Trust is a security model — a strategy for protecting an organization’s IT assets, including data, services and applications. The Zero Trust model is built upon research more than a decade ago by analysts at Forrester, and it is now recommended by many security experts and vendors, including Microsoft.
Zero Trust is a security architecture model that requires no implicit trust to be given in any quarter. NIST SP defines Zero Trust as “a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”
One Microsoft expert calls it a “deny-until-verified” approach.
As the name implies, with Zero Trust, access to resources from both inside and outside of the network should be restricted until the validity of the request can be confirmed. Every user, regardless of their position in the organization, must still go through specific protocols to verify their identity so that they can be authorized for the secure level of access they seek.
Because Zero Trust policies force users and services to verify their credentials when attempting to access enterprise resources, it’s much more difficult for unauthorized users to gain access to vital architecture. For example, an automation process requesting access to a database should be vetted to ensure it doesn’t become an avenue through which an attack can be launched.
Another thing important to understand is that, just as it’s impossible to fully achieve cybersecurity, it’s impossible to fully adopt Zero Trust principles. Many enterprises operate in a hybrid mode, with a combination of Zero Trust principles and perimeter-based mode, as they work on reinforcing and modernizing various IT initiatives and making improvements to business processes. As a result, companies may end up having newer Zero Trust policies working alongside older security workflows.
The core tenets of Zero Trust
According to the book “Zero Trust Networks: Building Secure Systems in Untrusted Networks” by Evan Gilman and Doug Barth, Zero Trust is built upon five pillars:
* Assume the network is hostile.
* Assume that threats from inside and outside the network exist at all times.
* Don’t base network trust on a network’s location.
* Authenticate and authorize every requesting entity: devices, users and networks.
* Rely on dynamic policies fed from as many sources of data as possible.
Why is Zero Trust important?
Zero Trust helps close security gaps, including:
* Mistakes in access rights granted
* Unrecognized devices accessing company networks from within
* Data thieves exploiting software vulnerabilities to make off with valuable information to sell or ransom for profit
This approach effectively addresses the challenges associated with a shifting security perimeter in a cloud-centric and mobile workforce era. In the new reality, people are the new corporate perimeter; the time when “trust” was granted whenever you were within the corporate firewall (physically in the network or even connected via a VPN) is gone.
The Zero Trust model took shape as hackers became adept at exploiting the shortsightedness of organizations that presumed they only had to worry about threats from the outside. If attackers managed to find an opening in a company’s network or steal a user’s credentials, they gained the ability to move laterally and gain further system privileges. Zero Trust recognizes the importance of installing security controls at all vulnerable access points, including those inside the network.
By focusing on identity, Zero Trust makes it possible to limit the movements of hackers even if they manage an initial breach. For example, even if they manage to log into an employee’s account, the protocols put in place would recognize any unusual movements or attempts to access resources outside of the scope of that worker’s role.
Zero Trust architecture
Zero Trust security is not something that can be accomplished through technology alone. Instead, the organization must develop a comprehensive strategy that includes making changes to company culture.
To start moving toward establishing a Zero Trust network architecture, companies must commit to:
* Understanding the current IT ecosystem and business processes, including the jobs performed by employees, how business processes work, and the capabilities of your company’s current technology and any existing gaps
* Assessing where you’re strongest and where you’re going to need further reinforcements.
* Figuring out how to address the shortcomings in your current security protocols and start integrating Zero Trust concepts into your business and IT processes
A Zero Trust architecture encompasses all of a company’s networks and computing services, including connected devices that send data to sources like databases and software as a service (SaaS) platforms. You have to think beyond the network location when outlining security requirements for access requests sent by assets connected to your network infrastructure.
Logical components of a Zero Trust infrastructure, as described by NIST SP , include:
* Policy engine (PE) — Controls decisions around granting access to a resource. It relies on enterprise policy and input from other security infrastructure.
* Policy administrator (PA) — Is responsible for establishing and shutting down communication between a requester and a resource. It authenticates credentials or security tokens before allowing a session to be processed.
* Policy enforcement point (PEP) — Enables, monitors and terminates connections between requesters and enterprise resources.
Data sources that typically feed the core components of a Zero Trust architecture include:
* Continuous diagnostics and mitigation (CDM) system — Gathers information about enterprise assets to update software and configuration components
* Threat intelligence feeds — Delivers information from internal and external sources that help the policy engine make access decisions
* Network and system activity logs — Provide real-time information about events in the IT environment
* Data access policies — A collection of rules and attributes that define access rights to specific enterprise resources
* ID management system — Creates, stores and manages user accounts and identity records in an enterprise
Common components of a Zero Trust architecture
There are multiple ways in which an organization can deploy a Zero Trust architecture for various workflows. Your implementations may vary depending on the components in use. Here are some common approaches:
* Micro-segmentation – Involves setting up granular security zones within the company network. The technology allows organizations to place individual resources or groups of resources in a unique network segment that receives protection from a gateway security component.
* Enhanced identity governance — Relies on the identity of users and other factors to calculate the level of confidence in the authentication process. Factors that can play a role in access decisions include: * The user’s current access privileges
* The device being used to access the company network
* The current status of the user
Depending on the final confidence level calculation, the access given to a user may be altered, including providing them with only partial access to a resource.
* Network infrastructure and software defined perimeters — The policy administrator (PA) functions as a network controller responsible for setting up and reconfiguring the network based on decisions by the policy engine. Implementation can include the use of an overlay network, which is often referred to as a software-defined perimeter approach. In this scenario, clients continue receiving access via policy enforcement points (PEPs) managed by the PA.
* Device agent/gateway-based deployment — The PEP is divided into two separate components that either reside on the resource or exist directly in front of it. An example of this architecture is having an agent installed on an enterprise asset to coordinate connections to that asset, as well as a resource sitting in front of the asset that prevents the asset from communicating with anything other than the gateway.
Steps for moving toward a Zero Trust architecture
1. Get together with company leaders and stakeholders.
Start by getting buy-in from those who would benefit from the transition to a Zero Trust architecture. Working together, map out the steps necessary to make Zero Trust a core part of your organization’s security posture.
2. Plan first.
* Learn everything you can about the organization. Learn more about the people working at your company and the access they hold. Next, inventory the company’s IT assets, including systems and devices. In the end, you want to have thorough visibility into the workloads and the connections required to keep them running.
* Establish a security baseline. Come up with a baseline of your current security capabilities, and then start setting goals for transitioning different pieces of company infrastructure.
* Determine business priorities for migration to Zero Trust. During the planning phase, it’s important to assess the importance of a workflow or service to the organization and how it ties into the overall goal of improving security.
* Conduct risk assessments. Conduct risk assessments based on running different processes and then develop risk-based policies that build on your strengths and address any gaps.
3. Deploy Zero Trust principles.
Many companies start the process gradually to observe the effects of the changes. For example, use multi-factor authentication to establish the authenticity of entities requesting access to your organization’s networks. Try setting up device security controls to prevent exploitation of a device’s weak points. Use micro-segmentation to add a layer of protection around vital infrastructure. Set up a network security standard that applies across the organization.
Consider operating in reporting-only mode to see how well the changes work. In this mode, you’d grant most access requests as you gauge the effects of various decisions. Once you gain confidence, you can put the changes into operation.
Technologies that support Zero Trust
Zero trust architecture typically contains one or more of the following technologies:
* Multi-factor authentication — Forces users to confirm their identity in more than one way before allowing them access to company applications and systems
* Security monitoring — Audits network activity to spot threats to company resources
* Privileged access management (PAM) — Helps manage accounts with elevated permissions to critical corporate resources and control the use of those accounts
* Device security controls — Reduce the risk posed by devices; examples include firewalls, antivirus software, and interface constraints
* Encryption — Used to make the information unreadable by unauthorized parties
1. What is Zero Trust security?
Zero Trust is a security framework built around the idea that no person or service should receive automatic trust from a company’s networks. Instead, companies should rely on a combination of security controls, including stronger authorization and authentication techniques.
2. What is a Zero Trust architecture?
A Zero Trust architecture is based on Zero Trust principles. It’s designed to minimize the risk of a data breach and limit internal lateral movement.
3. How do you implement Zero Trust?
There are many ways of implementing Zero Trust principles. Approaches vary based on business drivers and the organization’s cybersecurity level maturity. Implementation options include enhanced identity governance, logical micro segmentation and network-based segmentation.
4. What are the components of Zero Trust?
The logical components of a Zero Trust infrastructure, as described by NIST SP “Zero Trust Architecture,” include:
* A policy engine (PE) that controls access decisions
* A policy administrator (PA) that establishes and shuts down communications between requesters and resources
* A policy enforcement point (PEP) that enables, monitors and terminates sessions between requesters and resources
5. Why is Zero Trust important?
Zero Trust helps prevent hackers who manage to breach one access point to the network from moving laterally through your company systems. It also helps block internal threat actors, such as a disgruntled admin or runaway script, from stealing sensitive data or doing other damage.