Zero Trust Architecture: Never Trust, Always Verify
What is a zero trust approach? A zero trust approach is a security model that protects networks from attack by eliminating trust from the system. Without trust, every user has to be verified for all resources and data they want to access.
Zero Trust Principles
Zero trust principles are a security concept emphasizing the need for secure access controls and monitoring by all users, from employees to vendors and customers, regardless of their location and network. Zero trust is based on the principle of “never trust, always verify.” It requires organizations to verify the identity of each user and continuously monitor user behavior for malicious activity.
Organizations that do not know about zero trust principles are at risk of financial, legal, and reputational repercussions. Financial repercussions may include monetary losses from data breaches, fines from regulatory bodies, and costs associated with repairing reputational damage and rebuilding customer trust. Legal repercussions may include lawsuits from customers or vendors and other authorities, such as GDPR fines or data privacy violations. Finally, reputational repercussions may include damage to the organization’s brand, lower customer loyalty, and a lack of stakeholder trust.
How Does Zero Trust Work?
Zero trust security is an approach to security in which no device, user, or agent is implicitly trusted with access to system resources. Access to system resources must only come through authentication and authorization using acceptable credentials.
Zero trust focuses on protecting critical data, assets, applications, and services (DAAS) using micro-perimeters and segmentation gateways. These security tools place security measures close to DAAS—concentrating the protection surface as much as possible.
Once you have the potential protection surface figured out, you can then determine the flows of data through that surface and behind that surface. You will better understand how data moves through your security services and within your own infrastructure.
Most importantly is the implementation of zero trust security. Enterprises can look at an important security document published by the National Institute of Standards and Technology (NIST), NIST Special Publication 800-207: Zero Trust Architecture. This document outlines a framework for understanding and implementing zero trust principles.
Some of the principles of zero trust architecture outlined in NIST SP 800-207 include the following:
- Consider All Services and Data Sources as Resources: Never take for granted any aspect of your system and its place in the security ecosystem. This includes software, cloud services, mobile devices, workstations, and data storage platforms.
- Secure All Communications Regardless of Network Location: Never consider any aspect of your internal network to be secure as it is, and implement protections at any point where a resource may connect or transmit.
- Limit Access on a Per-session Basis: To force users and devices to demonstrate their trustworthiness, you should eliminate multi-session access for any and all resources for both authentication and authorization purposes.
- Leverage Dynamic Policy Attributes for Access: Role-based access control (RBAC) is a popular way to determine who can access resources. Zero trust policies should also leverage attribute-based access controls (ABAC) to incorporate limitations based on device characteristics, time and date, or even behavioral attributes.
- Continually Monitor All Assets: NIST suggests that any asset, whether data, software, or hardware, must be regularly monitored to avoid cases where the asset has been unknowingly subverted.
- Strict Identity Access Management at All Times: Your system must enforce strict authentication and authorization controls before any access is ever granted.
- Assessment and Optimization: Continuous monitoring can, and should, contribute to optimizing access enforcement, security, and network privacy.
What Is a Zero Trust Network?
A zero trust network (ZTN) is an advanced security model that assumes all users, systems, and networks within an organization are potentially untrustworthy. It is based on the “never trust, always verify” principle, where every user and device is assigned a unique identity and credentials, and all communications are secured through authentication.
Businesses benefit from zero trust networks by being able to detect threats more quickly, reducing the likelihood of a successful attack. As it eliminates the concept of “trusted” access, it reduces the attack surface and provides an additional layer of protection from the inside out.
A zero trust network is different from a zero trust architecture (ZTA) in that ZTN is focused on data security and communication across the network. In contrast, ZTA is more focused on identity and access management. While both models focus on microsegmentation to reduce the attack surface, a zero trust network emphasizes secure communication between microsegments, while a zero trust architecture emphasizes access control.
What Is a Zero Trust Security Model?
A zero trust security model is a security model that does not assume trust for any user, device, or application. Instead, all traffic is treated as untrusted by default and is only allowed access to a network if it can prove its identity and credentials. It is an approach to cybersecurity that requires organizations to verify not just the essence of their users but also the security posture of their devices and applications.
Businesses benefit from using a zero trust security model because it provides an extra layer of protection to the network, requiring all incoming traffic to be verified before being allowed access. This model helps deter malicious actors while reducing the risk of data breaches and other cyberattacks by validating user identity and authorizing access to only trusted entities. Additionally, a zero trust security model helps to ensure compliance with data privacy regulations such as GDPR and is more cost-effective than traditional perimeter-based security models.
Zero Trust Use Cases
It is essential in today’s digital world, as malicious actors are increasingly sophisticated.
Zero trust has three prominent use cases.
- Secure Cloud Access: Zero trust can be used to secure access to cloud applications and services. By leveraging identity and access management (IAM) and multi-factor authentication (MFA) technologies, organizations can securely authenticate users trying to access cloud services and applications, ensuring only authorized users have access.
- Network Defense: Zero trust can protect network environments by ensuring that only authenticated and authorized users and devices can access the network and its services. It also provides enhanced visibility into all the traffic entering and exiting a network, allowing organizations to take swift action in the event of a potential breach.
- Data Protection: Zero trust helps protect sensitive and confidential data from unauthorized access. By leveraging encryption technologies, organizations can secure data at rest and in transit, ensuring it is only accessible by authorized users. Businesses can enforce this secure access through role-based access controls and data loss prevention solutions.
What Are Best Practices and Benefits of Zero Trust Architecture?
While you may have a basic grasp of the principles that make up a zero trust model, it is another thing entirely to implement this architecture. You must consider how those principles play out in your specific IT systems, within your specific infrastructure, and concerning your business goals.
Several steps go into implementing a zero trust architecture:
- Define protection surfaces close to DAAS to avoid overextending security resources. It might get confusing to think of what “close” means in this context. Access controls and security measures shouldn’t cover a broad, unnecessary set of technologies and resources. Instead, you should implement clear, limited, and targeted protection surfaces where needed. This approach allows you to control traffic and system access better and adjust perimeter security as needed.
- Trace data transactions and flows, including all movements of information across different parts of your infrastructure. Per NIST, you should never assume that information is secure in your network. Your zero trust architecture should have controls in place to track how data moves across your networks, particularly in relation to your protection surface.
- Develop security and zero trust policies around the “Kipling Method.” The Kipling Method, often attributed to a poem by Rudyard Kipling, defines a set of universal questions you can ask about your security infrastructure: Who? What? When? Where? Why? and How? By using this approach, you can build zero trust policies around an extensive list of roles, attributes, and other granular controls.
- Create continuous monitoring and maintenance plans and implement them. NIST SP 800-207 suggests that monitoring and optimization become a part of your zero trust architecture. Using data-driven audit logging and monitoring tools, you can implement zero trust principles even with existing resources. Never assume that an existing resource hasn’t been breached or compromised, and never assume that your resources remain secure against evolving threats.
To understand a full approach to implementing zero trust, look to NIST SP 800-207, which includes compliant, high-level architecture guidelines.
Of course, zero trust architecture has a number of benefits, primarily around security and compliance:
- Security: Zero trust principles close gaps in security, especially those related to authorization and authentication. Since no user, device, or resource is trusted implicitly, there are less attack surfaces for hackers to exploit. The vectors by which attacks like advanced persistent threats (APTs) can spread within a system are also limited.
- Compliance: Several federal and defense compliance standards recommend or require zero trust architecture. Furthermore, the Executive Order on cybersecurity calls for all federal agencies and contractors to move to zero trust security. Getting ahead by implementing these principles will go a long way to promoting your compliance posture.
What Is Zero Trust Email Architecture?
Zero trust email architecture (ZTEA) is an email security framework that applies the principles of zero trust to the infrastructure of an organization’s email system. It is designed to protect users, corporate assets, and sensitive data from malicious actors and ensure secure communication between the organization and its external partners. Zero trust architecture, by contrast, is a cybersecurity strategy that focuses on preventing unauthorized access from both internal and external sources.
Zero trust email architecture takes this concept a step further by adding additional layers of security to emails sent outside of the organization. This includes encrypting all emails, controlling who can send and receive emails, and enforcing authentication for both internal and external email accounts.
Zero trust email architecture helps organizations protect their sensitive information like PII, PHI, and intellectual property when they share it externally. By encrypting all emails, organizations can ensure that only the intended recipient can access the sensitive information. Additionally, by controlling which users can send and receive emails and enforcing strong authentication, organizations can prevent malicious actors from gaining access to the email system.
Zero trust email architecture also helps organizations comply with data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR). For example, GDPR requires organizations to ensure that personal data is kept secure and only accessed by authorized personnel. By implementing zero trust email architecture, organizations can meet this requirement by controlling who can send and receive emails, encrypting all emails, and enforcing authentication.
Steps to Implement Zero Trust
Implementing a zero trust architecture is a big undertaking. Before you commit to building a zero trust architecture and a broader zero trust philosophy, here are some recommendations to consider:
- Identify users, devices, and endpoints and create an inventory of them;
- Establish policies and procedures for data access and risk control;
- Implement authentication and encryption techniques;
- Segment the network into micro perimeters and control access to each segment; and
- Monitor the system continuously and detect threats in real time.
For example, a company can use multi-factor authentication when logging into their network, so users must provide a username, password, and possibly a verification code to gain access.
How Do Organizations Implement Zero Trust Architecture?
Following the best practices discussed here and guidelines within NIST SP 800-207, it’s relatively straightforward to conceptualize a zero trust implementation. However, looking at zero trust from a system-wide perspective can make the task seem more daunting.
A good way to start conceptualizing zero trust in action within your system is to start with a single critical DAAS:
- Identify a DAAS within your infrastructure that should or will fall into zero trust security.
- Deploy the Kipling Method to develop zero trust policies:
- Who should access this resource?
- What are they accessing (software, data, etc.)?
- Where would they access it under normal and secure circumstances?
- When would they access it (only during work hours, under limited windows of time, etc.)?
- Why would they need to access it for legitimate business use?
- How must they access it (local workstations, mobile devices, etc.)?
- Build zero trust policies from these questions and develop a security and identity and access management (IAM) configuration from those policies. This configuration should address your security policies without compromising user experience or system usability.
- Implement policies through limited protection surfaces around assets, adhering to the decided security and IAM configurations.
Zero trust architecture is becoming a mainstay in many security circles, and this is only becoming more common. With the Executive Order on national cybersecurity standards now going into effect, the use of required zero trust principles is only going to become more pronounced.