Trust, as defined by Merriam Webster, is “the assured reliance on the character, ability, strength, and truth of someone or something.” Our networks have gone through a number of transitions over the years to ensure we ‘trust’ users and devices that are accessing network resources. From firewalls protecting the network from outside threats to internal access controls that are password-protected and micro-segmentation to secure different assets, trust was always the model. If you can supply a username and password, we trust you. Today, networks have no boundaries: users from all over need access to network resources using any kind of device, and as such, we live in a zero-trust world. We can no longer rely on trusting the user.
An Architecture of Trust
There is no shortage of vendors supporting a zero-trust approach to network security, and the concept of zero trust goes back several years. The idea here is to trust no one, but also ensure that legitimate users have access to the resources they need to conduct business. Sounds familiar if you think back to a time when least privilege was very popular—ensure users have the least amount of privilege and the right level of permission to access resources to do their job.
Zero trust goes far beyond least privilege and incorporates an architecture of trust. Not so much a paradigm shift in the way we deliver access policies and controls or specific application layer protections, zero trust utilizes existing security technologies, including micro-segmentation at the network layer, resilient authentication process, and behavior visibility. Zero trust is about understanding user workflows and traffic patterns, what applications are in use and who accesses them, what the east / west traffic looks like on the network, and which users are accessing other resources. Going back to the trust but verify days, verify as often as needed to ensure when a user leaves one system to access another, there is some level of verification, including the use of multi-factor authentication (MFA). This provides constant visibility and awareness, logs and audits user activity, and helps protect against unauthorized lateral movement and privilege escalation attacks.
Zero trust extends outside the on-premises systems and includes the use of cloud-based applications that users and development teams are accessing. Cloud-based applications and the storage and sharing of corporate data in the cloud are also at risk. The zero-trust architecture must extend to the cloud to provide comprehensive protection.
As a component of zero trust, identity governance can facilitate the model by providing insight into a user’s identity and privilege to improve visibility and detect inappropriate activity. Having visibility into the users that are accessing corporate resources and monitoring that access by incorporating policies and controls that require the user to provide the proper identity and authentication are all part of the zero-trust model.
In certain environments, zero trust can include everyone’s favorite subject, the Internet of Things (IoT). Let’s not abandon the idea that connected things can also pose a risk to the infrastructure. With the automation of smart devices connecting to the network, zero trust must encompass these devices to ensure that, although automated, they are connecting to the proper assets needed to complete a specific task and that they are not overtaken by some threat actor using the device to work laterally across the network. Gartner predicts over 20 Billion IoT devices will be connected by 2020, and although there are a few IoT trust frameworks out there, many of those devices have little security built-in, so including them in the zero-trust architecture is a must have.