Zero Trust Architecture Never Trust, Always Verify

Zero Trust Architecture: Never Trust, Always Verify

What is a zero trust approach? A zero trust approach is a security model that protects networks from attack by eliminating trust from the system. Without trust, every user has to be verified for all resources and data they want to access.

How Does Zero Trust Work?

Zero trust security is an approach to security in which no device, user, or agent is implicitly trusted with access to system resources. Access to system resources must only come through authentication and authorization using acceptable credentials.

Zero trust focuses on protecting critical data, assets, applications, and services (DAAS) using micro-perimeters and segmentation gateways. These security tools place security measures close to DAAS—concentrating the protection surface as much as possible.

Once you have the potential protection surface figured out, you can then determine the flows of data through that surface and behind that surface. You will better understand how data moves through your security services and within your own infrastructure.

Most importantly is the implementation of zero trust security. Enterprises can look at an important security document published by the National Institute of Standards and Technology (NIST), NIST Special Publication 800-207: Zero Trust Architecture. This document outlines a framework for understanding and implementing zero trust principles.

Some of the principles of zero trust architecture outlined in NIST SP 800-207 include the following:

  • Consider All Services and Data Sources as Resources: Never take for granted any aspect of your system and its place in the security ecosystem. This includes software, cloud services, mobile devices, workstations, and data storage platforms.
  • Secure All Communications Regardless of Network Location: Never consider any aspect of your internal network to be secure as it is, and implement protections at any point where a resource may connect or transmit.
  • Limit Access on a Per-session Basis: To force users and devices to demonstrate their trustworthiness, you should eliminate multi-session access for any and all resources for both authentication and authorization purposes.
  • Leverage Dynamic Policy Attributes for Access: Role-based access control (RBAC) is a popular way to determine who can access resources. Zero trust policies should also leverage attribute-based access controls (ABAC) to incorporate limitations based on device characteristics, time and date, or even behavioral attributes.
  • Continually Monitor All Assets: NIST suggests that any asset, whether data, software, or hardware, must be regularly monitored to avoid cases where the asset has been unknowingly subverted.
  • Strict Identity Access Management at All Times: Your system must enforce strict authentication and authorization controls before any access is ever granted.
  • Assessment and Optimization: Continuous monitoring can, and should, contribute to optimizing access enforcement, security, and network privacy.

Discover How to Address the Biggest Gap in Your Zero-trust Security Strategy

What Are Best Practices and Benefits of Zero Trust Architecture?

While you may have a basic grasp of the principles that make up a zero trust model, it is another thing entirely to implement this architecture. You must consider how those principles play out in your specific IT systems, within your specific infrastructure, and concerning your business goals.

Several steps go into implementing a zero trust architecture:

  • Define protection surfaces close to DAAS to avoid overextending security resources. It might get confusing to think of what “close” means in this context. Access controls and security measures shouldn’t cover a broad, unnecessary set of technologies and resources. Instead, you should implement clear, limited, and targeted protection surfaces where needed. This approach allows you to control traffic and system access better and adjust perimeter security as needed.
  • Trace data transactions and flows, including all movements of information across different parts of your infrastructure. Per NIST, you should never assume that information is secure in your network. Your zero trust architecture should have controls in place to track how data moves across your networks, particularly in relation to your protection surface.
  • Develop security and zero trust policies around the “Kipling Method.” The Kipling Method, often attributed to a poem by Rudyard Kipling, defines a set of universal questions you can ask about your security infrastructure: Who? What? When? Where? Why? and How? By using this approach, you can build zero trust policies around an extensive list of roles, attributes, and other granular controls.
  • Create continuous monitoring and maintenance plans and implement them. NIST SP 800-207 suggests that monitoring and optimization become a part of your zero trust architecture. Using data-driven audit logging and monitoring tools, you can implement zero trust principles even with existing resources. Never assume that an existing resource hasn’t been breached or compromised, and never assume that your resources remain secure against evolving threats.

To understand a full approach to implementing zero trust, look to NIST SP 800-207, which includes compliant, high-level architecture guidelines.

Of course, zero trust architecture has a number of benefits, primarily around security and compliance:

  1. Security: Zero trust principles close gaps in security, especially those related to authorization and authentication. Since no user, device, or resource is trusted implicitly, there are less attack surfaces for hackers to exploit. The vectors by which attacks like advanced persistent threats (APTs) can spread within a system are also limited.
  2. Compliance: Several federal and defense compliance standards recommend or require zero trust architecture. Furthermore, the recent Executive Order on cybersecurity calls for all federal agencies and contractors to move to zero trust security. Getting ahead by implementing these principles will go a long way to promoting your compliance posture.

How Do Organizations Implement Zero Trust Architecture?

Following the best practices discussed here and guidelines within NIST SP 800-207, it’s relatively straightforward to conceptualize a zero trust implementation. However, looking at zero trust from a system-wide perspective can make the task seem more daunting.

A good way to start conceptualizing zero trust in action within your system is to start with a single critical DAAS:

  • Identify a DAAS within your infrastructure that should or will fall into zero trust security.
  • Deploy the Kipling Method to develop zero trust policies:
    • Who should access this resource?
    • What are they accessing (software, data, etc.)?
    • Where would they access it under normal and secure circumstances?
    • When would they access it (only during work hours, under limited windows of time, etc.)?
    • Why would they need to access it for legitimate business use?
    • How must they access it (local workstations, mobile devices, etc.)?
  • Build zero trust policies from these questions and develop a security and identity and access management (IAM) configuration from those policies. This configuration should address your security policies without compromising user experience or system usability.
  • Implement policies through limited protection surfaces around assets, adhering to the decided security and IAM configurations.

Conclusion

Zero trust architecture is becoming a mainstay in many security circles, and this is only becoming more common. With the recent Executive Order on national cybersecurity standards now going into effect, the use of required zero trust principles is only going to become more pronounced.

Kiteworks 2022 Sensitive Content Communications Report

Additional Resources

Share
Tweet
Share