The traditional model of network security relies on the establishment of a secure boundary, or perimeter. This not only keeps unwanted “visitors” or attackers out but also assumes that those who remain within the boundary are only authorized users of the system. These authorized users may then be trusted only to access the network resources that have been allocated to them, and perform only those actions which have been prescribed or permitted by the network’s security policy.
When you consider what might be at stake within a corporate network (intellectual property, customer information, mission-critical software and processes, money), that’s a lot to simply rely for protection on the trust placed in your authorized users.
And in the multi-part corporate networks of today which themselves rely on chains of interconnected servers, wireless networks, and other third-party points of connection, it’s increasingly difficult to ensure that no network resources or information won’t leak out to unauthorized entities through these potentially vulnerable points.
Equally, the increased complexity of today’s network infrastructures allows greater opportunities for external agencies (including hackers and cyber-criminals) to find ways of gaining unauthorized access and finding a way in.
Barricading the fortress and assuming that nothing unwanted can get in or out simply isn’t enough.
The Zero Trust Principle
The age-old perimeter defense approach to network security adopts a “trust, but verify” attitude towards its authorized users. Various methods may be employed to authenticate members of a closed system and provide access control – but once they’ve passed the gatekeepers, authorized users are free to exercise whatever network rights and privileges have been assigned to them.
The “Zero Trust” principle assumes that there’s no such thing as a trusted insider (authorized user), and requires anyone wishing to gain access to a network – or to use any of the resources associated with it – to jump through hoops in order to establish their right to do so.
This requires separate access controls, authentication, and validation procedures to be implemented at various points within and around the network, safeguarding accounts, applications, processes, and other network elements.
“Trust no-one. Verify everything”, is more the philosophy here.
A Zero Trust Network in Practice
In the ecosystem of a Zero Trust network, users and data traffic are assumed to be operating in an open and unsecured environment, such as the public internet. Attempts to intercept, hack, or eavesdrop could be occurring at any point, so all network traffic is encrypted to reduce these risks.
Users are required to log in at every session (no cookies, or “Keep me logged in” option), and login procedures often involve multi-factor authentication (e.g., password, plus biometrics or PIN code sent to mobile phone). Network privileges and powers are assigned to authorized users on a restrictive basis, limiting them only to those rights and access strictly necessary for doing their jobs.
Network segmentation is a standard practice in Zero Trust, with systems sub-divided into as many unique and separate sections (representing business units, workflows, application sets, etc.) as deemed necessary. At all times, any attempts at accessing a sensitive division of the network from another area (by a person, application, or process) are treated as unauthorized or hostile – and screening is put in place to ensure that these attempts require proper validation, in order to succeed.
Encryption and the secure transmission of data across a Zero Trust network is typically achieved through software-defined wide area network (SD-WAN) techniques. Careful network design and virtualization technologies may be used to achieve network segmentation, and to create access control mechanisms which are based on trust.
An in-house or proprietary network security solution, dedicated security devices, and the services of a cloud access security broker (CASB) are some of the options available for discovering, inspecting, blocking, and handling attempts at network intrusion or attack.
Zero Trust Network – A Practical Example
In 2009, Google and a number of other large corporate entities were targeted in a highly sophisticated attack, dubbed Operation Aurora, which was alleged to have been sanctioned by the Chinese government.
While most of the companies responded by beefing up their perimeter defenses, Google developed a security architecture known as the BeyondCorp framework – a Zero Trust system which runs on the assumption that anyone inside the corporate firewall is just as suspicious as anyone outside, requesting access to the network.
Now a commercial offering, BeyondCorp has given birth to a new market which includes a growing number of off-the-shelf and bespoke (tailor-made) solutions for Zero Trust security.
Zero Trust Network Best Practices
Though it may seem a daunting task to switch gears into Zero Trust, for an organization that has been fully reliant on traditional firewalls and perimeter defenses, there are some recommendations which can make this transition much easier. These include the following:
- Identify the data you most need to protect: This requires a comprehensive inventory of all your data assets – what you have, where it resides, who’s using it, and how sensitive it may be.
- Map out how sensitive data moves across your network: This is essential in understanding how information flows between users, applications, and resources across the entire system.
- Design for Zero Trust, based on how data flows across the network, and how users and applications currently access sensitive information: This will assist in determining how the network should be segmented, and where protection and access controls should be positioned using virtual mechanisms and/or physical devices between the borders of different network segments.
- Create a body of rules for governing access between segments: This should be done on a “least privilege” or “need to know” basis, restricting access based on the job requirements or clearance levels of each user.
- Keep monitoring and reviewing: All network traffic should be logged and inspected, to check for suspicious activity – and to highlight areas of improvement. In addition, user rights should be regularly updated to reflect changes within the organization, the effects of regulatory compliance regime changes, and other relevant factors.
Share this Post