Back to Insights

Zero Trust Security Can Be Trusted

Cyber security 06/12/2020 - 13:34 by Ruchika Tyagi

What is Zero Trust? Zero Trust Security Principles

Zero Trust is an information security framework that defines that companies should not trust any entity inside or outside the perimeter at any point in time. Zero Trust is a security plan developed to create architecture within an organization by John Kindervag in 2010 when he was Vice President and Principal Analyst for Forrester Research. Kindervag realized that “never trust, always verify”, this concept not only helps in creating a robust system but also gives the visibility to secure, manage, and monitor all the devices (laptops, mobiles, tablets, virtual machines, printers, faxes) including the network systems (switches routers), clouds, data & applications. For example, only the finance department should have access to accounting software, remote users should access through VPNs. For more clarity on the difference between other security models and zero trust check the internal traffic also.

The objective of the Zero Trust configuration is to check all incoming and outgoing traffic. Zero Trust is a smart approach to tackle data leaks, breaches, and ransomware attacks.

In most cases, once hackers gain access inside perimeter security or firewall, they can access any system or application without resistance. The major reason is that organizations do not have corporate data centers serving a contained network of systems; but instead typically have some applications on-premises and some in the cloud with users – employees & customers – accessing applications from any device & any location.

Security Challenges

Traditional security measures are the reason why the average mean time to identify a threat is 197 days, with another 69 days required to resolve a breach, usually because it has spread so far and deep into the network. Then the burden falls on IT to support with the help of technical expertise & SIEM solutions. Zero Trust is today’s need just because there are some loopholes in the traditional security model, which was based on the Moat and castle approach which ignores threats and vulnerable or compromised devices inside the castle.

Some of the challenges encountered are;

The challenge of off-network devices with cloud and client-based solutions – continuous endpoint protection to prevent devices whether on-premises, in the network, or off-network. According to the Ponemon Institute report, 63% of companies are not able to protect off-the-network devices, and over half cannot meet the requirement of compliance.

Technologies and Policies behind Zero Trust

Zero Trust principles are based on legacy technologies and governance processes to secure the enterprise network. Zero Trust supports a micro-segmentation strategy and more granular perimeter policy controls based on whether to trust a user, the user’s location, the server, or the application.

The enterprise system should be able to verify the users, which device they are coming from, whether that device is supported, and have a secure endpoint and what application they are accessing.

To attain zero trust within an organization, there will be a need for a combination of technologies like Identity and Access Management, Multi-factor Authentication, Encryption, Analytics, Advance Threat Protection, and policies within the organization.

Components of the Zero Trust include:

  1. Security automation & orchestration
  2. Visibility and analytics
  3. People interactions
  4. People identity
  5. Workload security
  6. Data Security
  7. Network Segmentation
  8. Device security

Zero Trust can be Trusted

Major cloud giants – Amazon, Google, and Microsoft and networking and Telecommunications – Cisco and Verizon are using Zero Trust architectures for their cloud and networking platforms.

Large corporates are working on overcoming these challenges with the help of technologies and policy controls and implementing micro-segmentation strategies to secure east-west traffic within the network.

Zero Trust Protects the Network

Organizations need to have complete visibility of the entire network to protect from any cyber-attack. A checklist should be there to check the user’s devices, and systems that are trying to access corporate data and network. Policies should be well defined, and controls should be in place to consistently monitor to respond to any legitimate request to report, and alerts should be generated in real-time to have proactive detection and response.

Best Practices

  1. Continuous monitoring and reviewing all user activities;
  2. Identity access management and multi-factor authentication should be in place to define what access a user has and what he can do;
  3. Micro-segmentation of network, devices, applications, and data to contain breaches and minimize the impact;
  4. Any devices accessing the internal applications should meet all the security requirements;
  5. Encryption of sensitive data;
  6. Data security storage and in transit;
  7. Remote users should access through a VPN.

Zero trust architecture does not involve completely replacing the existing network or buying new expensive products. Micro-segmentation with robust access policies on users, applications, devices, and data should be implemented. Organizations can scale up their security measures. This will help in identifying, segmenting, and regularly monitoring all devices which keeps the internal resources secured, data, and applications protected, and also helps in GDPR or PCI-DSS Compliance.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone by default.