What is a Zero Trust architecture?
Traditional perimeter security lacks the control needed to restrict the movement of attacks and malware inside the perimeter. Segmenting a network with physical security devices allows stronger breach control, but quickly escalates costs and creates change management challenges, especially as workloads become mobile.
The principles of Zero Trust architecture as established by the National Institute of Standards & Technology (NIST) are:
- All data sources and computing services are considered resources.
- All communication is secure regardless of network location; network location does not imply trust.
- Access to individual enterprise resources is granted on a per-connection basis; trust in the requester is evaluated before the access is granted.
- Access to resources is determined by policy, including the observable state of user identity and the requesting system, and may include other behavioral attributes.
- The enterprise ensures all owned and associated systems are in the most secure state possible and monitors systems to ensure that they remain in the most secure state possible.
- User authentication is dynamic and strictly enforced before access is allowed; this is a constant cycle of access, scanning and assessing threats, adapting, and continually authenticating.
Zero Trust benefits
Zero Trust enables organizations to reduce risk of their cloud and container deployments while also improving governance and compliance. Organizations can gain insight into users and devices while identifying threats and maintaining control across a network. A Zero Trust approach can help an organization identify business processes, data flows, users, data, and associated risks. A Zero Trust model helps to set policy rules which can be automatically updated based on those identified associated risks.
Organizations that shift from traditional perimeter security to a zero-trust model increase their level of continuous verification capable of detecting the following methods faster and often stopping them before intrusion occurs:
- Phishing emails targeting employees
- Lateral movement through corporate network
- Redirecting a shell to a service to compromise a corporate machine
- Stolen developer password
- Stolen application database credentials
- Exfiltration of database via compromised application host
- Compromising application host via privileged workstation
- Using developer password to elevate application host privileges
- Accessing privileged workstation
- Installing keylogger via local privilege escalation on workstation
Zero Trust capabilities can be designed into business processes, services, and systems that, as a result, are better enabled to:
- Prevent data breaches and contain lateral movement using application micro-segmentation
- Easily expand security protection across multiple computing and containerized environments, independent of the underlying infrastructure
- Gain visibility into users, devices, components, and workloads across environment. Identifying what is running and enforcing policies.
- Continuously monitor and respond to signs of compromise. Logs, reports, alerts that promote detection and response to threats.
- Ensure organizational security while still providing a consistent user experience
- Reduce full-time equivalent hours and architectural complexity
Zero Trust, the cloud, and containers
Best practices for implementing Zero Trust
Organizations seeking to implement a Zero Trust security framework must address the following:
- Identify Sensitive Data – Zero Trust requires an organization to identify and prioritize its data. Know where it lives and who has access to it.
- Limit and Control Access – A shift to a Zero Trust security model will require establishing limits to users, devices, applications, and processes that will seek access to the identified data. A least-privilege access control model will be limited to a “need-to-know” basis.
- Detect Threats – Zero Trust requires continuous monitoring of all activity related to data access and sharing, comparing current activity to baselines built on prior behavior and analytics. The combination of monitoring, behaviors, rules, and security analytics enhance the ability to detect internal and external threats.
A successfully implemented Zero Trust security model features the following principles:
- Authenticated access to all resources – Multi-factor authentication (MFA) is a foundation of Zero Trust security. Zero Trust views every attempt to access the network as a threat. While traditional network security might require a single password to afford access to a user, Zero Trust MFA requires users to enter a code sent to a separate device, such as a mobile phone, to verify they are in fact who they claim to be. Zero Trust models also include access protocols and network access controls.
- Least privilege-controlled access – Allowing the least amount of access is a principle of zero trust security and its ability to eliminate unauthorized access to data and services and make control enforcement as granular as possible. Zero Trust networks allow access rights only when absolutely necessary, verifying all request to connect to its systems before granting access. Reducing security perimeters into smaller zones to maintain distinct access to separate parts of the network limits lateral access throughout the network. Segmented security becomes more important as workloads become mobile.
- Inspect and log all activities using data security analytics – Zero Trust models require continuous monitoring, inspection, and logging of traffic and activities. User account baselines should be established to help identify abnormal behaviors that could be malicious activity. Automation can render these functions efficient and affordable for security teams.