Graphic: We're hearing more and more about zero trust security, but why?
Table of Contents
BUZZ! BUZZ! BUZZ! The intrusive buzzing of the latest cybersecurity buzzword, zero trust, is palpable.
It’s evident why. The COVID-19 pandemic, with its surge in remote work, has pushed the implementation of zero trust architectures to the top of many enterprise priority lists.
As early as 10 years ago, most enterprise endpoints – users, devices, and applications - were restricted to the confines of the enterprise. Once these endpoints were in and verified as secure, they were granted access to network resources and henceforth assumed to be secure.
But now, with the advent of cloud computing, edge computing, and the Internet of Things (IoT), and with more and more employees accessing sensitive enterprise data not only from home but from cafés, different countries, and other far-flung locations – enterprise endpoints are virtually everywhere, and cyberattackers, like sleazy swindlers searching for the weaknesses of unsuspecting innocents, are eager to identify the perfect opportunity to execute.
“Okay, so how are we supposed to protect our sensitive data, then?”
It’s quite simple, reader.
Trust no one.
Photo: Zero trust is all about securing both internal and external endpoints, assuming they've been breached, and constantly verifying endpoint identity and trustworthiness.
Zero trust is a network cybersecurity approach that assumes data breaches are being perpetrated by untrusted sources originating both inside and outside an enterprise.
Zero trust security involves constantly verifying the identity and trustworthiness of every user, device, and application within a given enterprise network. It rejects the traditional assumption that users, devices, and applications are trustworthy merely because they’ve been verified as secure, and granted network access in the past.
This is an important point, as traditional perimeter-based cybersecurity models, also known as castle-and-moat models, accept the assumption that prior security verification and network internality are equivalent to trustworthiness.
Cybersecurity experts frequently refer to these older models using a castle-and-moat analogy because those who need internal access to network resources must pass a security check – the corporate firewall - to be granted such access, like crossing a heavily guarded drawbridge or even having it lowered in the first place. In essence, the belief is “trust, but verify,” and your enterprise data is safe.
Although marvels of a time before the era of digital nomadism and remote computation, these outdated models alone are now widely regarded as not only ineffective but also obsolete, given the modern proliferation of enterprise users, devices, and applications operating outside enterprise perimeters as well, whether in the cloud, a home office, a hammock on the beach, a manufacturing facility, a military outpost, and so on.
The modern proliferation of enterprise users, devices, and applications external to enterprise networks creates an increased attack surface for independent and state-sponsored hackers.
Zero trust architectures address this problem by adopting a “trust-no-one” cybersecurity model, authenticating enterprise user, device, and application trustworthiness both before and after granting access to network resources.
Unlike the older castle-and-moat model’s “trust, but verify” concept, the frequently touted adage for zero trust security is “never trust, always verify.”
In a nutshell, a zero trust architecture works by adopting a “trust-no-one” cybersecurity model that modern enterprises use to better safeguard their internally and externally accessed data.
Zero trust even has the approval of the federal government. The NSA, a major proponent of zero trust, strongly recommends that National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) networks adhere to a zero trust security model to secure their sensitive data.
Graphic: Tools used to achieve zero trust include network segmentation, multifactor authentication, and least-privilege access restrictions.
A zero trust architecture is achieved through the implementation of comprehensive security monitoring, risk-based access controls, and enterprise-wide system security automation.
This data-centric security model allows the concept of least-privilege access to be applied for every access decision, allowing or denying access to resources based on the combination of several contextual factors.
- National Security Agency (NSA), Embracing a Zero Trust Security Model
The concept of least-privilege access ensures that enterprise users, devices, and applications have only the access and permissions necessary to complete the tasks specific to their job, function, or purpose. This helps minimize the possibility of lateral movement throughout a network.
For example, a program manager doesn’t need to install software updates, and cybersecurity directors don’t need access to confidential program documents. The underlying purpose is the minimization of privilege: if a hacker were to compromise the program manager’s account, they could access confidential program documents but not install software updates. Conversely, a compromised cybersecurity director’s account would allow the hacker to install software updates but not access confidential program documents, at least not immediately.
Least-privilege access is a zero trust concept in nature since it inherently assumes that users, devices, and applications cannot be trusted to securely access and engage with enterprise data beyond the scopes of their purposes.
Although least-privilege access is a start to achieving a zero trust architecture, it's not perfect, as the issue of devices, users, and applications being compromised by hackers remains, which is why prevention is essential.
Enter macro-segmentation, micro-segmentation, and multi-factor authentication (MFA). Macro- and micro-segmentation allows cybersecurity architects to create network zones that segregate workloads and secure them independently. MFA is the practice of asking users to provide two or more verification factors to confirm their identity before they're allowed access to network resources. When paired with access management, network monitoring and analytics, and other tracking tools, a potent concoction for warding off cybercriminals is created.
As mentioned, the primary goal of zero trust is to control access and engagement with enterprise data, so to achieve a zero trust architecture, the who, what, when, where, and how of every enterprise user, device, and application must constantly be questioned to verify their trustworthiness in accessing and using enterprise data.
Since devices, users, and applications frequently make access requests, these access requests must be repeatedly authorized and secured using authentication and encryption technologies before the user, device, or application, whether internal or external to the network, is granted access to network resources.
In summarizing these contextual factors, the NSA lists seven preventive principles and system design concepts necessary to achieving a zero trust architecture:
Graphic: Cybersecurity has surpassed the internal enterprise. Endpoints are everywhere now, and they must be secure from hackers.
Enterprises need zero trust architectures to address newer and more sophisticated attack vectors associated with today’s cloud computing, edge computing, and Internet of Things (IoT) infrastructures.
John Mullin, director of information technology at Trenton Systems, says zero trust is essential to securing the diffused data of modern enterprises, especially in light of the COVID-19 pandemic.
With all these new endpoints – different desktop devices, different users, different smartphones – heading outside the perimeter, castle-and-moat cybersecurity alone is no longer acceptable. The COVID-19 pandemic really brought everything to a head. It’s the main reason zero trust, which has actually been around for more than a decade, is experiencing a renaissance right now. Not only are enterprises extending their private networks to their employees’ work-from-home endpoints, but work-from-home employees are oftentimes accessing these networks from their potentially insecure personal computers, so the question becomes, ‘How do you secure those computers in addition to the servers and workstations that comprise your enterprise infrastructure?’ Well, with zero trust, you assume all computers have already been hacked, and you implement security measures accordingly. As you can imagine, securing internal and external endpoints holistically has been a struggle for cybersecurity professionals everywhere.
At Trenton, we have a hybridized cybersecurity framework that utilizes both perimeter-based and zero trust principles. We are continuing to implement a zero trust framework that focuses on least-privilege access, multifactor authentication, macro-segmentation, tracking of logs, and network monitoring.
John Mullin, Director of Information Technology, Trenton Systems
Photo: Some argue that adopting zero trust is unrealistic because of legacy infrastructure, expenses, and other existing issues.
Some cybersecurity experts argue that pushing for the widespread adoption of zero trust security models imposes impractical and unrealistic expectations on many enterprises.
Morey Haber, chief technology officer and chief information security officer for BeyondTrust, lists four reasons why zero trust networks are not only unrealistic but impractical:
Haber’s technical debt obstacle asks: How will enterprises creating custom applications introduce zero trust security parameters into their software? Haber argues that many enterprises in this space are neither financially nor administratively equipped to accomplish such a feat.
Haber’s legacy systems obstacle maintains that old and outdated systems are not zero trust capable mainly because of incompatibility with current zero trust technologies.
Haber’s peer-to-peer (P2P) technologies obstacle highlights enterprises’ general ignorance of any active P2P technologies operating within their networks, which he says could pose a major risk of lateral movement.
And finally, Haber’s digital transformation obstacle asserts that cloud computing, DevOps, and the IoT do not inherently support zero trust and require additional, potentially cost-prohibitive technologies to achieve it.
There is some merit to the argument that it's currently unrealistic for some enterprises to adopt a zero trust architecture, but adopting zero trust is not an overnight process. You have to grow and expand to zero trust. It's a gradual process that will take time for all enterprises.
John Mullin, Director of Information Technology, Trenton Systems
What are your thoughts? Is zero trust unrealistic or impractical? Why or why not? Leave us a comment down below.
Graphic: How and where we access and engage with enterprise data is changing, and so, too, are the attack vectors used to steal or alter that data; therefore, cybersecurity must change, too. Adopting a zero trust security model is a start.
Zero trust architectures are ultimately more effective for security because they address modern attack vectors by securing an enterprise’s internal and external network endpoints comprehensively.
The devices, users, and applications associated with cloud computing, edge computing, and IoT systems are often distributed or located outside the enterprise perimeter. This increases attack surface and poses new avenues through which independent and state-sponsored cybercriminals can gain access to enterprise data.
It’s easy for hackers now. They have an endless supply of insecure endpoints they can exploit. Cybersecurity professionals are tasked with securing these endpoints and keeping them secure. It’s quite a feat to keep up with the increasing number of endpoints, and thus, the increasing number of security vulnerabilities. Gone are the days of securing a finite number of endpoints in a central location. Endpoints accessing enterprise data are everywhere now, and they must be secured.
John Mullin, Director of Information Technology, Trenton Systems
Castle-and-moat security models neither account for this increase in attack surface nor effectively obstruct the new avenues that today's hackers are exploiting.
Zero trust security models, however, do.
Photo: At Trenton Systems, we're embracing the turning tides of cybersecurity by adhering to zero trust principles internally and creating servers and workstations with zero trust architectures in mind.
Trenton Systems embraces a zero trust security model by adhering to and continuously implementing zero trust principles internally. We align our efforts with the zero trust adage of "never trust, always verify," improving our least-privilege access restrictions, macro-segmentation, multi-factor authentication, and network monitoring and analytics processes daily.
At the product level as well, we've got our security-conscious customers covered. Introduced during the launch of our 3U BAM Server, our system security stack equipped with Intel SGX, Intel PFR, and Intel TME is the ideal computing solution for military and industrial programs, applications, and enterprises adhering to a zero trust architecture.
Our security stack takes a holistic approach to cybersecurity, protecting hardware, firmware, and software with technologies and protections baked into the CPU, BIOS source code, and other layers of the system stack. In addition, our Counterfeit Protection Program (CPP), our comprehensive supply chain security processes and strict revision control procedures, and our made-in-USA promise help ensure that your Trenton server or workstation is protected at the hardware level.
The cybersecurity landscape, given the continuous growth and proliferation of various endpoints of varying levels of security, is changing.
Here at Trenton, we're changing with it - never trusting, always verifying.
For more information about our zero trust efforts or to procure a cybersecure, made-in-USA computing solution ready for integration with your infrastructure, drop us a line.