What is Zero Trust?
Since mobile users began connecting via unmanaged devices to business applications over the internet, there’s been growing need to implement zero trust security. When you can’t trust the connection, device, or network, zero trust sounds like a great idea. But in the last few years, there’s been a lot of confusion about what the term actually means.
When did the concept of zero trust emerge? In 2010, John Kindervag of Forrester Research published a paper that popularized the concept of zero trust. In the paper, Kindervag discussed how the zero trust security model is built around the idea that enterprises should not inherently trust any attempt to connect to a business system or application and must be verified before any level of user access is granted.
At its core, the concept is simple: zero trust = assume everything to be hostile. While this sounds obvious, the notion is antithetical to the corporate network security model. Since the early 1990s, companies have been building a network architecture with a secure perimeter using endpoint-based controls, relying on approved IP addresses, ports, and protocols to validate applications, data, and/or users, which are then trusted to communicate inside the network.
In contrast, the zero trust approach treats all traffic, including traffic already inside the perimeter, as hostile. Unless workloads have been identified by a set of attributes—a workload fingerprint or identity—they are untrusted and blocked from communicating. Identity-based policies result in stronger security that travels with the workload wherever it communicates—in a public cloud, a hybrid environment, a container, or an on-premises network architecture. Because protection is environment-agnostic, applications and services are secured even if they communicate across network environments, requiring no architectural changes or policy updates.
A key aspect of zero trust is least-privilege access, which means it eliminates the excessive trust users have once inside a traditional network. With a zero trust approach, least-privilege access is not only applied before granting access, but also to what—which services, devices, or connections—where, and when, which greatly reduces attack surfaces, giving defenders a narrower scope of focus.
The myth of the zero trust model for network security
Zero trust security is a term commonly used—and usually misused—in the security industry to describe the concept of an implemented zero trust security strategy to protect networks. But zero trust actually moves security off the network, focusing instead on protecting users, applications, and workloads.
Zero trust is based on four principles:
- Least-privilege access with all entities (users, devices, and workloads) being authenticated before granting access and continually re-authenticated and re-authorized based on context
- Microsegmentation at the application level without network segmentation
- Applications and network remain invisible to the open internet
- The internet becomes the new transport network via encrypted microtunnels
Why adopt a zero trust security model?
Today’s networks are hostile places. They host business-critical applications and data, making them ripe for attack by cybercriminals who would like nothing more than to steal, destroy, or hold hostage sensitive data, such as personally identifiable information (PII), intellectual property (IP), and financial information for personal gain.
While no security is perfect, and data breaches will never be totally eliminated, zero trust reduces the attack surface and limits the blast radius—that is, the impact and severity—of a cyberattack, which reduces the time and cost of responding to and cleaning up after a data breach.
Four benefits of zero trust
1. Reduces business and organizational risk
Zero trust assumes all applications and services are malicious and are disallowed from communicating until they can be positively verified by their identity attributes—immutable properties of the software or services themselves that meet predefined authentication and authorization requirements.
Zero trust, therefore, reduces risk because it uncovers what’s on the network and how those assets are communicating. Further, as baselines are created, a zero trust model reduces risk by eliminating overprovisioned software and services and continuously checking the “credentials” of every communicating asset.
2. Provides access control over cloud and container environments
Security practitioners’ greatest fears about moving to and using the cloud are loss of visibility and access control. Despite an evolution in cloud service provider (CSP) security, workload security remains a shared responsibility between the CSP and the organization using the cloud. That said, there is only so much an organization can affect inside someone else’s cloud.
With zero trust, security policies are based on the identity of communicating workloads and are tied directly to the workload itself. In this way, security stays as close as possible to the assets that require protection and is not affected by network constructs such as IP addresses, ports, and protocols. As a result, protection not only travels with the workload where it tries to communicate but remains unchanged even as the environment changes.
3. Helps reduce the risk of a data breach
Because the zero trust model is focused on the workload, it’s easier for security teams to identify and stop malicious data-based activity. A zero trust approach always verifies, preventing workloads that are unverified from communicating anywhere on the system—to and from command-and-control, and between hosts, users, or applications and data (and any combination thereof).
Any altered application or service, whether it’s a result of adversarial activity, misuse, or accident, is automatically untrusted until it can be verified again through a set of policies and controls. Even when verified and approved, communication is restricted to a “need-to-know” basis; in other words, secure access is locked down to only the users, hosts, or services that need it.
4. Supports compliance initiatives
With zero trust, auditors (and others) achieve clearer insight into what data flows the organization has and can see how workloads are protected. Zero trust mitigates the number of places and ways network communications can be exploited, resulting in fewer negative audit findings and simpler remediation.
In addition, with zero trust segmentation (microsegmentation) implemented, organizations have the ability to create perimeters around certain types of sensitive data (e.g., PCI or credit card data, data backups) using fine-grained controls that keep regulated data separate from other, non-regulated data. When it comes time for an audit, or in the event of a data breach, a zero trust segmentation (microsegmentation) strategy provides superior visibility and control over flat network architectures that provide over-privileged access.
Getting started with zero trust
Designing for zero trust requires security and IT teams to focus on business concepts: What are we trying to protect? From whom? Recognize that a zero trust architecture underpins the entire security solution; technologies and processes are layered on top of the strategy, not the other way around.
Zero trust can be delivered as a service, which is recommended by Gartner in its zero trust network access (ZTNA) framework. It can also be implemented in stages, with organizations starting with their most critical assets. As an alternative, they can start with non-critical assets as a test case before implementing zero trust more broadly. Regardless of your starting point, a zero trust solution returns immediate gains through risk reduction and security control.