Zero trust is the new standard in network security that strictly limits user access based on a dynamic authorization policy. A zero trust security model framework requires all users inside and outside the organization’s network to be authenticated, authorized, and continuously validated for security configuration and posture before accessing applications and data.
A zero trust framework monitors and assesses all users and network resources for security risks, including devices, data stores, and applications, because nothing connected to the network is assumed to be safe.
For user security, this means implementing a dynamic authentication and authorization policy to assess risk both before they are granted access to the network, and during their session. For network resource security, this means monitoring usage and security postures, keeping up with updates and patches, and adjusting configurations.
What are the core principles of the zero trust model?
The three basic principles of a zero trust security architecture framework are:
Explicit verification: Authenticate and authorize every user and device on every session, using as much data as possible to determine their risk level.
Principle of least privilege: Only grants the user access to the resources they are using at the time, and only for as long as they need it during that session.
Assume a breach: Act as though your network has been breached. Limit access to resources, verify end-to-end encryption, and use analytics to monitor network activity, detect threats, and adjust access policies.
Zero trust security and NIST 800-207
The National Institute of Standards and Technology (NIST) provides guidelines for implementing Zero Trust Security in publication NIST 800-207. The publication highlights the importance of continuous monitoring and risk assessment to detect and respond to threats in real-time. It also emphasizes the need for granular access controls, multi-factor authentication, and strong encryption to ensure the security of sensitive data and applications. NIST 800-207 serves as a valuable resource for organizations looking to implement zero trust security in their environments.
Tenets of zero trust security
According to the NIST 800-207 standard, the tenets of a zero trust security framework are as follows:
All data sources and computing services are considered resources. This includes different resource classes like SaaS applications, APIs, Internet of Things (IoT) devices, and personally-owned devices if they have access to network assets.
All communication is secured, regardless of network location. Whether a resource is accessed from on-site, in a VPN, or remotely, it should meet the same security requirements. Trust should not be granted based on a network location.
Access to individual resources is granted on a per-session basis, according to the following principles:
Trust in the requester is evaluated before granting access to any resource.
Access should be granted with the least privilege possible to accomplish the task.
Access to one resource does not automatically grant access to other resources.
Access to resources is determined by a dynamic policy. Access policy is a set of rules that determine what resources a user can access. A dynamic access policy accounts not only for static attributes such as group membership, but also for variables like time of day, session duration, device location, and user behavior.
Good dynamic access policies also consider environmental variables like traffic levels and anomalous behavior patterns.
The organization measures and monitors the security posture of all network resources. No resources are inherently trusted. All applications, APIs, and devices are monitored for known vulnerabilities and potential compromises. Resources are updated and patched regularly and reconfigured when necessary.
The organization collects data and uses it to improve access policies. The organization should collect data about resource security posture, traffic patterns, and access requests and review it regularly to assess and adjust access policies.
Why traditional security approaches led to the rise of zero trust models
Traditional cybersecurity models were based on the notion of creating a secure perimeter around an organization's network or resources, and trusting users and devices within that perimeter. However, this approach proved insufficient in the face of modern cyber threats, as it became increasingly difficult to define the perimeter and protect against attacks that originated from within the trusted network. For example, once there is a data breach and an attacker gains access to a device or user account within the trusted network, the attacker can often move laterally within the network, accessing sensitive resources without detection.
In response to this realization, zero trust security was developed, which assumes that no user or device is inherently trustworthy, and that all access requests must be verified and authenticated. Zero trust models eliminate the reliance on secure perimeters and instead focus on securing individual resources and data regardless of the user's location or device. Using this approach reduces the attack surface and prevents lateral movement within the network. Therefore, traditional protections created the need for zero trust models, which provide a more effective approach to cybersecurity in the face of modern threats.
How does a zero trust architecture work?
To implement zero trust, organizations must require strict identity verification for every individual or device attempting to access the network or application, regardless of whether they are within the network perimeter.
The system evaluates attributes like device ID, geolocation, time of day, and user role to assess authorization requests for access to resources, such as data stores and applications. Authentication and authorization requests are then evaluated separately, using dynamic access policies, based on user and device attributes, network type, and current environmental conditions.
Requests that fit the policy are granted. Unusual or suspicious requests are escalated for additional authentication, or rejected and flagged for later review.
Risk evaluation engines build profiles of how users and user classes typically interact with applications and data stores. As they monitor and authenticate users and devices, they will detect and flag anomalous behaviors.
With complex access policies evaluating every request both outside and inside the network, zero trust security systems require both automation and well-designed policies informed by constant monitoring.
Zero trust security implementation
The first step in protecting your data, applications, assets, or services is identifying your protected surface:
What data must be protected?
What applications contain sensitive information?
Which assets are most sensitive to your business?
What services can be exploited by a bad actor in order to disrupt normal IT operations?
Establishing a protection surface allows organizations to focus on protecting exactly what is necessary instead of attempting to defend against an ever-expanding attack surface that becomes increasingly complex.
A zero trust architecture involves creating microperimeters around critical data and components. It regulates traffic around them, and employs a segmentation gateway at the edge of each microperimeter to monitor entry. This gateway applies security measures, such as a Layer 7 firewall and the Kipling method, to thoroughly vet users and data before granting access. Layer 7 rules inspect the packet payload to ensure it matches known traffic types, and block access if it doesn't. The Kipling method challenges the validity of the entry attempt by asking six questions about who, what, when, where, why, and how. If any of the answers raise concerns, access is denied.
Multi-Factor Authentication (MFA) is a security feature that verifies a user's identity by requiring them to provide multiple credentials. With traditional password entry methods, a malicious actor only needs to uncover a username and password to gain unauthorized access. However, with MFA, users must provide multiple forms of identification, such as a password and a USB stick. Without all required factors, access is denied.
Implementing MFA can significantly increase security in a zero trust network. By requiring multiple user-specific credentials, MFA makes it much more challenging for hackers to gain access, which exponentially increases the difficulty level. Hackers might need to overcome two, three, four, or more factors to gain unauthorized entry, making it a much more difficult task.
Endpoint verification is an essential security practice in a zero trust strategy. It ensures that each endpoint is under the control of the appropriate person. Endpoint verification involves both the user and the endpoint presenting credentials to the network, providing an additional layer of authentication. Users must authenticate themselves before accessing any endpoint, and each endpoint must also authenticate itself before it is allowed network access.
To verify endpoint credentials, the network sends a verification request to the device, which prompts the user to respond on the endpoint. The received data is used to determine the endpoint's validity, and successful transmission earns the device the status of "trustworthy.".
Unified Endpoint Management (UEM) centralizes IT infrastructure management by providing a single set of tools to manage multiple endpoints. Endpoint Detection and Response (EDR) adds an extra layer of security by scanning endpoints, identifying threats, and taking necessary steps to protect the device and the network. It operates similarly to multifaceted antivirus software.
Microsegmentation is a crucial factor in the implementation of a zero trust security model approach, as it involves dividing the network into isolated zones that are secured and protected from potential breaches. By creating these zones, sensitive information and areas that could be accessed by malicious actors are effectively isolated and secured. The firewall or filter that surrounds the microsegmented area acts as a strong barrier to block any potential threats from entering or exiting the zone, thereby ensuring the safety and security of the entire network. This means that in the event of a breach, the impact is contained and limited to the microsegmented area only, thus minimizing the overall risk to the network.
In a zero trust model, least-privilege access is a crucial factor that limits user and device access to only the necessary resources required for their tasks. By doing so, the setup reduces the number of points of entry to sensitive data or infrastructure, making it harder for hackers to infiltrate the system.
Adopting least-privilege access may also result in time and resource savings by reducing the need for additional multi-factor authentication measures. This, in turn, decreases the volume of identification credentials that have to be granted and managed.
Zero trust network access
Zero Trust Network Access (ZTNA) is a crucial aspect of zero trust access that focuses on managing application access. It expands the principles of zero trust access by confirming that users and devices comply with the organization's policies before every application session. ZTNA supports multi-factor authentication to ensure maximum verification.
A significant aspect of the ZTNA idea is the user's location independence. The application access policy and verification process remain the same whether the user is on or off the network. Trust levels are the same for both on-network and off-network users.
For off-network users, ZTNA involves a secure, encrypted tunnel that connects the user device to the ZTNA application proxy point. This tunnel's automatic nature makes it more user-friendly than traditional VPN tunnels. In many organizations, ZTNA is replacing VPN access, resulting in improved user experience.
The ZTNA application proxy point has an additional benefit besides providing transparent, secure remote access. With ZTNA, applications are protected from the Internet by a proxy point, allowing only verified users access.
Benefits of a zero trust architecture
One of the primary benefits of a zero trust architecture is enhanced security. With this model, access to resources is granted only after the user has been properly authenticated and authorized, regardless of their location or device. This approach limits the exposure of sensitive data and reduces the risk of data breaches. Moreover, it ensures that only authorized users have access to critical data, providing an added layer of protection against insider threats.
Another benefit of a zero-trust architecture is improved visibility and control. This model enables organizations to have a better understanding of who is accessing their resources and what they are doing with them. With real-time monitoring and continuous verification, organizations can quickly detect and respond to security incidents, reducing the time to detect and remediate potential security breaches.
Finally, a zero trust architecture can also lead to increased productivity. With this approach, users can access the resources they need to do their jobs from anywhere, without compromising security. Moreover, automated policies and workflows streamline access requests and approvals, reducing the burden on IT teams and allowing them to focus on other critical tasks.
What are the alternatives to zero trust?
Previous network security frameworks relied on perimeter defense to secure network resources. Applications and data were secured by firewalls, VPNs, and other static defenses. After a user had been authenticated, they had access to federated resources inside the network. More sensitive resources might be protected by multiple layers of security or heightened requirements, such as MFA.
Another security strategy is for an organization to issue trusted devices to their users. These devices are secured and managed by the organization, and regularly updated with security patches and new policies.
The drawback of these security approaches is that when a malicious actor has made it past the barrier, they have essentially unchallenged access to every resource within that barrier. Because most security breaches involve bad actors using valid credentials to access a network, this kind of passive security framework isn't sufficient to protect most systems.
Why choose zero trust?
Zero trust is a dynamic, active security framework that scales to accommodate large numbers of users, network resources, data breaches and transactions.
Zero trust secures each of your network resources individually, limiting their exposure in case of a breach.
Because a zero trust architecture doesn't privilege network location, it allows your organization to enhance the security of existing infrastructure such as VPNs by integrating them into dynamic security policies. Zero trust can also streamline your user experience by eliminating the necessity for MFA for routine, low-risk transactions.