The Zero Trust Model
With the ever-increasing number of breaches, it is quite evident that the traditional “trust but verify” model hasn’t been able to withstand today’s cybersecurity threat landscape.
In the “trust but verify” model, the network is divided into either “untrusted” network ( a network connected to the public internet) or “trusted” network (a network connected to the inside of the organization where all the users are trusted and have unrestricted access to anything and everything). As reported by Verizon, 34% of data breaches in 2019 involved internal actors. As a result, trusting anyone, on either side of the perimeter, should not be the de-facto anymore. Thus, it is quite imperative to redesign the network on a Zero Trust Model.
Defining Zero Trust
A Zero Trust Model refers to a threat model where no users, agents, or actors are trusted, irrespective of their location. Instead, all access is based upon a “need-to-know” philosophy and is enforced strictly. This even boils down to cutting off access to any network resource until the user is identified by the network and the need to access the requested resource is proven. Zero Trust Model shifts focus from securing just the network boundaries to securing the network endpoints, which implies a need for redesigning the network from the inside out.
Building a Zero Trust Model
The Zero Trust Model is vendor-agnostic and is built upon the following systems:
Micro-segmentation is a granular approach of segregating the network according to workloads or applications. Virtualization solutions such as VMs and containers, cloud services, and Software Defined Networks (SDNs) are all part of the Micro-segmentation strategy. Being built onto the software, Micro-segmentation comes with an added benefit of reducing the management overhead of the ACLs or the security policies on the firewall.
Identity and Access Management (IAM)
The principle of least privilege should be the modus operandi to implement IAM systems for managing the access to all resources. Technologies such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM) forms the core of any IAM system.
Log and Analyze Traffic
All traffic traversing through the network should be logged and analyzed. Security information and event management (SIEM) solutions can help easily corelate all the traffic and provide a centralized view to monitor the environment.
In today’s cyber world, it is only logical to assume that there is bound to be a network intrusion. It is not a matter of if; it’s only a matter of when. And when the inevitable occurs, micro-segmentation along with IAM can severely restrict the lateral movement of the intruder, while monitoring all the activities in the network can alert you to any unusual activity. The Zero Trust Model, thus, provides a secure framework to defend against data breaches or any advanced cyber threats.
Read More from this Author