“There are only two types of companies—those that know they’ve been compromised, and those that don’t know they’ve been compromised”.
Dmitri Alperovitch, McAfee Vice President of Threat Research
Traditional security models work on the basis of the castle and moat concept with access to the castle the prize that the attacker wishes to achieve. But the large moat around the castle along with heavily armed defences around the perimeter, prevent access to the castle. However, should an attacker be able to breach the moat and other defences then the castle falls easily into the attacker’s hands. Now apply that concept to your company network. The inside of the network, with all its services, applications and data are your “castle”. The boundary firewall and the security guards (if you have them) are your moat. If an attacker can gain entry past those defences, then there is often little protection beyond that to stop an attacker running riot in your network.
Let’s assume the castle commander is applying zero trust security inside the castle. He or she has ensured that inside the castle that they have deployed multiple layers of security and access to many different areas is controlled. The commander assumes they can’t trust anyone except their closest knights and each area has its own set of internal defences designed to prevent an attacker from moving through the castle quickly. This buys them time to react and repel the attackers. But this doesn’t mean that the permitter defences should be weakened as the further out you can stop and attack, the better.
Given the regular stream of public data breaches and on the basis that these publicised ones are the tip of the iceberg, companies are left wondering why they should even bother trying to prevent an attack when, if an attacker really wants to get your data, they will find a way through.
Zero Trust adopts a similar principle that we should not automatically trust anything inside or outside our perimeters and instead must verify anything and everything trying to connect to its systems before granting access. This goes against the traditional security mindset that everything inside an organisation’s perimeters doesn’t pose a threat and therefore can be trusted, hackers have been able to move through internal systems without any resistance once they managed to gain access.
Zero Trust is a security model that assumes a breach will occur – only a matter of when not if. Zero trust takes a holistic approach to data security, where no single technology provides a zero-trust approach. It works on the basis that no user, device, network, or service is trusted unless it is proven otherwise.
As the number of devices on networks has exploded its imperative that every device in the organisation needs to be uniquely identifiable. How that is done is dependent on the device type and platform but technologies such as a Trusted Platform Module (TPM) and software certificates play a role in this. TPM would carry a high confidence level that the device is trusted whereas a bring your own device system with a software-generated key will carry a lower level of confidence
A device can only be regarded as trusted when it is in both an authenticated and in a healthy compliant state.
Defining your device compliance and configuration policies and standards and monitoring the status of that is crucial in determining the confidence level of a device.
Furthermore, it’s possible to cryptographically measure the state of a devices firmware and operating system kernel to determine if the device status has changed – and if so, why? Your policies will dictate the actions you take when a device drops below being fully compliant and a risk-based approach may be taken to increase the authentication requirements or block access altogether when a device falls below an acceptable level of compliance. Mobile device management software (MDM) excels at this and applications such as Microsoft Intune and Conditional Access are cross-platform solutions that can perform such functions.
There is no room for complacency when protecting precious data and modern enterprise systems. Identify and limit access to sensitive data to limit possible exposure. Segmenting your data by type, sensitivity, and use can ensures a more secure setup. Adopting this methodology means critical or sensitive data is protected and potential attack surfaces are in turn reduced.
Zero Trust also keeps data well guarded in both storage and transit. This means things like automated backups and encrypted or hashed message transmission.
If adopting a Zero Trust model organisation’s should consider moving from perimeter-based data protection to data-driven protection.
Designing a zero-trust network starts with knowing every asset, user, and service in the infrastructure. Asset and user management is critical and knowing how data flows between devices, users and services are essential in the design process. Only with that information fully documented can you proceed with further design considerations.
In order to steal your data, cyber attackers must first access your network. By adopting Zero Trust networks make that as difficult as possible by segmenting, isolating, and restricting your network with technology like next-gen firewalls.
Even users on your internal network should not be trusted with organisational policies determining access levels.
Workloads refer to any application or service that operates in private data centers or public clouds. The workload terminology used by the infrastructure and operations team often refers to the entire stack of applications and back-end software that enables your customers to interface with your business, and unpatched customer-facing applications are a common attack vector you must defend.
The workload should be categorized based on its purpose, who needs access to it, and how critical it is to the business overall.
Humans are often the weakest link in your security strategy. Its important to limit, monitor, and enforce how your users access resources both inside the network and on the internet. Trust but verify all user activity on your network.
Monitor your users to protect against those infrequent human mistakes from phishing, bad passwords, or malicious insiders. Given that the network is untrusted and devices on the network are therefore more liable to be attacked, a comprehensive monitoring solution is required that focuses on the users, devices, services, and the network. It’s vital to know where a device is, the type of data it’s accessing and whether it’s in a compliant state.
Robust authentication is an essential component of any zero-trust architecture. If we assume that any connection to the network or service is untrusted until proven otherwise, the strongest authentication methods need to be used to establish trust. This requires multi-factor authentication (MFA) across all services. MFA has a reputation for affecting the user experience, and consideration must be given to how this is implemented. Using all of the available types of MFA can make the user experience more enjoyable and employing newer technologies such as location-based authentication and fast identity online (FIDO) keys enhance the user experience while retaining strong authentication. The usage of application programming interfaces (API) keys and public key infrastructure encryption (PKI) allow for strong authentication between devices. Storage of password hashes and cryptographic keys must be carefully considered, and relevant strong algorithms and hashes used where applicable.
In a more traditional network, it’s common to have multiple user identities such as Active Directory and numerous application user identities. Multiple user identities make user authentication (ie trust) very difficult to manage and the use of a single user identity to access all services is highly recommended. There are different ways of achieving the single user identity and the use of single sign-on technologies such as My1Login, Okta, Microsoft ADFS, and Azure Active Directory allow multiple applications to utilise a single user identity that allows for easier management.
There are multiple steps to adopting a Zero Trust model. But there could be quick wins that can deliver value for each investment you make.
By migrating to a Zero Trust security model you can improve your security, compared to the traditional network-based approach. But as there are currently so many people working from home its equally important that your approach better enables users to get the access they need whereever and whenever it’s needed.