Posted on Jul 14, 2021
As more companies migrate to the cloud, the way that companies protect data changes as well. In a traditional on-premises network architecture, companies were able to follow the “trust but verify” philosophy. However, protecting cloud data needs to take the “never trust always verify” approach. Understanding what a Zero Trust Architecture is and how to implement one can help enhance security.
The zero trust cybersecurity model requires that all users, devices, and applications connected to the organization’s network are continuously authenticated, authorized, and monitored to ensure appropriate configurations and posture before granting them access to networks and data, regardless of whether they are on-site or remote.
In traditional on-premises network architectures, users and devices connecting to networks were considered “trusted” because you could limit their activity using hardwired connections and firewalls. However, with the rise of wireless networks, the concept of trust eroded. Zero trust is a way that companies can reduce risk by continuously requiring authentication and authorization.
Zero Trust means what it says and says what it means. Trust no one. According to the National Institute of Standards and Technology Special Publication (NIST SP) 800-207, the basic principles of a Zero Trust enterprise cybersecurity architecture include:
As with everything in cybersecurity, no “one size fits all” approach to zero trust exists. Although three different variations on the zero trust theme exist, many companies choose to take a “mix and match” approach across all three.
Identity governance is the process of managing the identity lifecycle from the time you first grant a user or entity access to systems, networks, and software until you terminate that access.
As a best practice, you should limit access according to the principle of least privilege, providing the least amount of access necessary for a person, device, or software to complete its job function. Additionally, you should consider incorporating the following as additional attributes when considering permissions:
Enhanced identity governance includes restricting network access according to the principle of least privilege and requiring multi-factor authentication (MFA).
Micro-segmentation is the process of protecting resources, either in groups or individually, by placing them on a unique network segment using a switch, firewall, or another gateway device.
Although this approach incorporates identity governance, it also relies on network devices to prevent unauthorized access. When using micro-segmentation to protect data, organizations need to ensure that the devices can respond to threats or changes in workflow.
Often referred to as a software-defined perimeter, this approach often uses technologies like Software-Defined Networks (SDN) and intent-based networking (IBN). Under this approach, the organization deploys a gateway at the application layer that establishes a secure channel between the user and resource.
When discussing zero trust, people often toss around the terms ZTA and ZTNA. The two both enable zero trust but do it differently.
ZTA relies on the organization’s Identity and Access Management (IAM) policies, often requiring MFA as a way to verify that they are who they say they are. Additionally, ZTA usually includes maintaining a continuous inventory of devices and users connecting to the network while continuously scanning for new access.
While ZTA focuses on who and what connects to a network, ZTNA focuses on who and what can connect to applications located on the network. ZTNA places the applications behind a gate called a “proxy point,” creating a secure, encrypted tunnel that data travels across. This makes it easier to secure remote users and entities without having to use a VPN.
If you’re considering whether zero trust is appropriate for your organization, the following use cases might make it easier for you to understand how it would fit into your current IT landscape.
Often, organizations have a headquarters with remote offices or employees. Since the remote locations, home or building, don’t connect to the enterprise local network, a company might decide to create a portal for users who need access to resources.
Increasingly, organizations use more than one cloud services provider, hosting multiple applications across the different clouds. A zero trust approach enables better security for both Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) by requiring users and entities to access the resources through a portal or installed agency. This gives the company more control over how users gain access to the cloud resource and ensures better visibility into cloud security.
To mitigate the risks associated with outsiders accessing enterprise resources, zero trust can be used to create a portal for those who need network connectivity to perform their tasks. Using zero trust enables you to offer access while obscuring enterprise resources.
Many enterprise organizations have different databases used by various subsidiaries. Creating multiple accounts for users who need access to more than one database across the subsidiary lines becomes overwhelming.
For example, an enterprise might have Sub 1 and Sub 2 with Database A and Database B. Both Sub 1 and Sub 2 use Database A, but only Sub 2 needs access to Database B. Creating unique logins for each database increases credential theft risk. In this case, zero trust provides the same benefit as remote employees and offices.
In some cases, companies offer customer services that require user registration. In this case, the organization needs to protect both internal assets and customer information. Zero trust enables enhanced security when organizations can segregate these customer services from enterprise services and use portals that drive customers to the resources they need.
While zero trust enables organizations to better secure data, it also comes with its own set of risks.
Any software or hardware component used must be securely configured and maintained. This can include monitoring for new risks arising from:
All of the technologies that enable a Zero Trust Architecture rely on network connectivity. A network outage, either as part of a DoS attack or cloud service provider downtime, can undermine the core technologies protecting the digital assets. Additionally, unexpected heavy usage can lead to slower service that leads to business disruption. Any of these scenarios can lead to users being unable to access resources. This means that employees or customers may not be able to connect to resources, decreasing productivity or interrupting customer services.
No matter what deployment method you choose, zero trust relies entirely on authenticating users and entities to networks or applications. Stolen credentials or a malicious insider can undermine your zero trust goals.
To mitigate this risk, you should consider:
While establishing a Zero Trust Architecture can enhance security, many organizations find the implementation challenging. Understanding the steps involved can help move toward a zero trust security approach.
Taking a rip-and-replace approach is not the most likely path, but some organizations can do it. This approach requires:
It’s more likely that you already have a network infrastructure in place. Ultimately, this means taking a perimeter-based approach which requires engaging in the following 8 steps.
The first step is understanding who needs access to your digital resources. However, you also need to do more than just get a list of employees. When identifying users, you need to consider:
Additionally, you need to consider users with privileged access, including:
Zero trust also tracks all devices that connect to your network. The increased use of Internet of Things (IoT) devices has made identifying and cataloging devices more challenging.
When creating the asset catalog, you should include:
As part of a zero trust architecture, you need to maintain secure configurations for all of these devices.
Increasingly, applications and other non-tangible, digital artifacts require network access. As you build out your list, you should consider:
Another challenge here is shadow IT, technologies connecting to the network that your IT team may not know about. As part of your zero trust migration, you want to engage in a network scan to ensure you know all access points.
Once you know all the applications your company uses, you need to define the ones most critical to your operations. These key business processes help you set resource access policies.
Low-risk processes are often good candidates for the first round of migration because moving them won’t cause critical business downtime.
Meanwhile, cloud-based critical resources are good candidates overall because placing controls around them protect sensitive data and services. When putting the controls around these processes, however, you should engage in a cost-benefit analysis that includes:
With all users, technologies, and key business processes identified, you now start establishing policies.
For each asset or workflow, you need to identify:
The solution you choose should be based on the previous steps because different tools enable different business goals. According to NIST, the primary questions you should ask yourself when making the decision are:
Deploying your solution should be done in stages to mitigate business interruption risk. This first stage should consider:
Once you know that everything works as intended for the first round of migrated processes, you should engage in a period of monitoring. During this time, you want to make sure you set baselines for activities like:
Moreover, you want to monitor basic policy functionality lik:
With the first phase of migration complete, you now have baselines and logging that should give you confidence over workflows and monitoring. However, each phase of the rollout should follow a similar process where you implement, review, monitor, set baselines, and ensure documentation.
SecurityScorecard’s security ratings platform enables organizations to continuously scan their environment for new risks. Our platform scans all IP addresses, giving you visibility into all access points, including IoT devices. Our security ratings use an A-F system that gives you at-a-glance visibility into risk, and our prioritized alerts incorporate remediation steps you can take to enhance your security posture.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You can’t manage what you can’t measure. Check out our list of the top 20 cybersecurity KPIs to track in 2021.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.