Zero Trust Security Model
What is Zero Trust?
Zero trust is a network security philosophy that states no one inside or outside the network should be trusted unless their identification has been thoroughly checked. Zero trust operates on the assumption that threats both outside and inside the network are an omnipresent factor. Zero trust also assumes that every attempt to access the network or an application is a threat. These assumptions inform the thinking of network administrators, compelling them to design stringent, trustless security measures.
How Traditional Protections Created the Need for Zero Trust Models
Traditional security architecture is sometimes referred to as the “castle-and-moat” model. Think of the network as a castle and authorized users "cross the moat" to get inside the network perimeter. Even though this approach was useful to defend against external threats, it failed to address threats that already existed within the network. This traditional perimeter-based security approach only distrusts factors outside the existing network. Once a threat is able to cross the moat and get inside the network, it has free reign to wreak havoc within the castle that is your system. A zero-trust network security model is based on identity authentication instead of trusting users based on their position relative to your network.
How the Zero Trust Model Evolved
The term “zero trust” was first coined by John Kindervag at Forrester Research. In a paper published in 2010, Kindervag explained how traditional network security models fail to provide adequate protection because they all require an element of trust. Administrators have to trust people and devices at various points in the network, and if this trust is violated, the entire network could be put at risk.
To solve the problem, he recommended the use of segmentation gateways (SG), which could be installed in the heart of a network. The SG model involves incorporating several different protection measures and using a packet-forwarding engine to dispatch protections where they are needed in the network.
Within a few years, Google adopted zero trust security measures. Other companies, eager to follow in Google’s footsteps, also began adopting the zero trust concept.
How Does a Zero Trust Architecture Work?
Zero trust implementation involves requiring strict identity verification for every individual or device that attempts to access the network or application. This verification applies whether or not the device or user is already within the network perimeter. User or device identity verification can be triggered by events such as changes in the devices being used, location, log-in frequency, or the number of failed login attempts.
The Protect Surface
Protection begins by identifying your protect surface, which is based on data, applications, assets, or services, commonly referenced by the acronym DAAS:
- Data: Which data do you have to protect?
- Applications: Which applications have sensitive information?
- Assets: What are your most sensitive assets?
- Services: Which services can a bad actor exploit in an attempt to interrupt normal IT operation?
Establishing this protect surface helps you hone in on exactly what needs to be protected. This approach is preferable to trying to guard the attack surface, which constantly increases in size and complexity.
A zero trust policy involves regulating traffic around critical data and components by forming microperimeters. At the edge of a microperimeter, a zero trust network employs a segmentation gateway, which monitors the entry of people and data. It applies security measures that are designed to thoroughly vet users and data before to granting access using a Layer 7 firewall and the Kipling method.
A Layer 7 rule involves inspecting the payload of packets to see if they match known types of traffic. If a packet contains data that doesn’t meet the parameters of the Layer 7 rule, access is blocked. The Kipling method challenges the validity of the entry attempt by asking six questions about the entry and who is trying to get in: Who? What? When? Where? Why? How? If the answer to any of the queries raises a flag, access isn’t granted.
Multi-factor authentication (MFA) verifies the identity of a user by requiring them to provide multiple credentials. With traditional password entry methods, a bad actor only has to figure out a username and password, which often are easy for hackers to acquire. With MFA, users must provide multiple methods of identification. For example, a user may need both a USB stick and a password. Without either factor, the person would not be able to gain access.
Multi-factor authentication aids a zero-trust network by increasing the number of user-specific credentials required for access. Using MFA can increase the difficulty for hackers by a factor of two, three, four, or more.
Endpoints need to be verified to make sure each one is being controlled by the right person. Endpoint verification strengthens a zero-trust approach because it requires both the user and the endpoint itself to present credentials to the network. Each endpoint has its own layer of authentication that would necessitate users to prove their credentials before gaining access.
Then, in order for a component or program on the network to allow the endpoint access, it sends a verification out to the endpoint. The user then responds on the device. The data sent from the endpoint is used to check its validity, and a successful receipt and transmission process earns the device the status of “trustworthy.”
Unified endpoint management (UEM) allows administrators to centralize how they manage IT infrastructures by giving them a single set of tools they can use to verify multiple endpoints. Endpoint detection and response (EDR) verifies the safety and security of the endpoint. EDR works like a multifaceted antivirus. It scans the endpoint, identifies threats, and then takes steps to protect the endpoint and by extension, the rest of the network.
Microsegmentation involves creating zones within the network to isolate and secure elements of the network that could contain sensitive information or provide access to malicious actors. A zero-trust security approach benefits from microsegmentation because once the secured area has been microsegmented, it’s protected from threats. The firewall or filter that forms a barrier around the zone can also block threats from exiting the zone, which protects the rest of the network.
Least-privilege access refers to allowing users and devices to access only those resources that are essential to performing their duties. A zero-trust setup benefits from least-privilege access because it limits the number of points of entry to sensitive data or infrastructure. Least-privilege access may also save time and resources because fewer MFA measures have to be employed, which limits the volume of identification credentials that have to be granted and managed.
Zero Trust Network Access
Zero trust network access (ZTNA) is an element of zero trust access that focuses on controlling access to applications. ZTNA extends the principles of ZTA to verify users and devices before every application session to confirm that they meet the organizations policy to access that application. ZTNA supports multi-factor authentication to retain the highest levels of verification.
A key element of the ZTNA concept is the location independence of the user. The application access policy and verification process is the same whether the user is on the network or off the network. Users on the network have no more trust than users that are off the network.
For users off the network, ZTNA includes a secure, encrypted tunnel for connectivity from the user device to the ZTNA application proxy point. The automatic nature of this tunnel makes it easier to use than traditional VPN tunnels. The improved experience for users is leading many organizations to shift to ZTNA to replace VPN access.
The ZTNA application proxy point provides a benefit beyond just the transparent, secure remote access. By putting applications behind a proxy point, ZTNA hides those applications from the Internet. Only those users who have verified can gain access to those applications.