What the Heck is Zero Trust and Why Should You Care?

Cybersecurity threats are changing at a rapid pace, but security frameworks have not changed in a long time. By “frameworks” we mean how we look at a particular problem and, correspondingly, how we approach the solutions. If a business truly wants to stay ahead of the curve, it is time to rethink the know, traditional, and comfortable approaches to securing their network and data.

Security professionals at the cutting edge of innovation have developed a new framework that seeks to do a better job of securing data in our increasingly virtualized and cloud-based world. This IT architecture model is called Zero Trust.

So, what exactly is Zero Trust and why should you care about it? Let us dive in and see!

For years, the main focus around security has been placed on users and devices. Devices may be considered “trusted,” but what happens when that trusted device is compromised? In that case, the hacker essentially has access to anything and everything they want. Not a great scenario, especially considering that the most damage occurs from malware or phishing attacks that compromise internal hosts!

Compare that with the Zero Trust model. In that framework, the focus of isolation and protection tactics is on the data rather than the devices or users. Zero Trust no longer distinguishes between “inside” network perimeters traditionally considered safe, and the “unsafe” “outside” ones. In this model, all devices handling sensitive data are considered untrusted, whether they belong to the network or not, until they are validated by network traffic and behavior.

Some people seem to think that Zero Trust eliminates the perimeter altogether. However, they need to think again! In practice, it does not eliminate the perimeter but rather moves the perimeter closer to the protected apps through micro-segmentation.

Micro-segmentation is an extremely important aspect of the Zero Trust architecture. It seeks to stop lateral movement during an attack. Traditionally, once a hacker gained access to a system, they could often move laterally across many other systems and applications to compromise those as well. This reduction in lateral movement reduces the post-compromise risk when an attacker does gain access to a network device.

Another foundational element of this new model is identity and access management. Users and access rights have always played a large role in security operations, and Zero Trust model is no different! Any Zero Trust technology must be able to interact with identity stores and policies in real-time to make enforcement decisions on allowed and disallowed actions. Access management is a large topic to cover, but organizations must ensure that they commit the necessary resources to this piece of the puzzle or some aspects of their Zero Trust implementation will be left lacking.

While Zero Trust is still an emerging and evolving architecture, one thing is for certain. The inherent focus on removing implicit trust in access to data does no good without a detection and response strategy. Many consider the monitoring plane to be the missing link when it comes to this new Zero Trust model. Automatic detection and alerting of threats to a monitoring team is crucial to allowing organizations to fully manage their network security needs. Unfortunately, many common Zero Trust models omit this crucial element in their framework.

If you are considering implementing a Zero Trust architecture in your organization, keep the following things in mind.

Want more info? Contact us!

(646) 461–1698

aroon@3nom.com

Related posts:

This article will distill the contents of the academic paper Viewstamped Replication Revisited by Barbara Liskov and James Cowling. All quotations are taken from that paper. It presents an updated…

heaven is the red rocks against the blue sky with the music in my hair. “Vibration” is published by Ali Wyles in little love letters.

What Ravichandran Ashwin must learn from James Anderson to become a bowling great