Let’s Talk About Zero Trust

The concept of “Zero Trust” security is to embrace that networked computing has made all systems vulnerable. The attacker no longer comes from the outside, attempting to penetrate the castle walls of the traditional network. Instead, with the recent surge in work-from-home, the attack surface has become much wider and thus security measure must evolve as demanded. Organizations must recognize that their current security posture will not withstand today’s advanced cyberattacks, which are poised to disrupt entire industries, steal millions in financial assets, and cause trillions in damage to critical infrastructure.

Moreover, it means that companies and governments must accept that their security posture is also vulnerable to insider threats from current employees. Recent reports have made it clear that even the most sophisticated organizations are not just at risk for attacks from the outside, but also inside their corporate networks. In recent years, some of the worst breaches resulted from insiders—not just outside hackers—leaving the organizations vulnerable to external threats.

IBM recently announced the release of its annual “Monthly Cost of a Data Breach” report, which claims that in 2021, businesses on average face a data breach that costs a total of $4.24 million. Expenses related to such incidents now average 10% higher than in 2020, when 1,000 — 100,000 records were involved.

High-profile cyberattacks targeted at high-level companies have increased by 65% compared with the two years before, as indicated by the cost of their remediation. The largest data breaches affecting leading businesses, which have exposed between 50 and 65 million records, now cost more than $400 million to remediate!

One of the most common vulnerability vectors for enterprises affected by a cyberattack are unauthorized access to credentials, whether taken from data dumps posted online, sold on, or via brute-force attacks. And once the network was compromised, the personal information of around 50% of victims, including names and email addresses, were stolen.

What is Zero Trust Security?

Zero Trust is a framework of security policies, practices, and technologies that makes it safe for users to share information in the cloud. Zero Trust Security is designed to provide a secure, trusted workspace for all networked devices. Based on the concept of “Zero Trust” (ZT), this framework offers a complete solution to secure applications and data in a corporate environment. The Zero Trust Security model supports enterprise-wide cloud adoption and moves beyond traditional perimeter defenses to safeguard data in the cloud without compromising user privacy or productivity. This model enables a business to fully utilize cloud resources, including applications, the digital content, and the data itself.

The Zero Trust security model provides a vision that breaks away from traditional perimeter defenses and embraces new technologies designed to protect users in the cloud. This model looks at breaches in a new way, encouraging organizations to consider all users as adversaries, and sets the stage for immediate remediation. The Zero Trust model moves away from traditional levels of trust and requires that all communication be authenticated and authorized.

ZT aims to build security into the fabric of the application environment instead of it being an afterthought later in the development cycle. The approach does not focus solely on standard security defenses but rather on building applications with a completely trusted network and client ecosystem.

Benefits of Zero Trust Security

1. A Great Investment Against Lost or Stolen Information

Zero-trust cybersecurity architectures can be used as an insurance plan against lost or missing information. It is not uncommon to see companies experience substantial financial losses due to cyberthieves. According to a report from IBM, the average cost of a data breach is now over $4 million. The larger companies in the US estimate a ransomware demand from a staggering $6 million per incident. And the biggest payment made to an insurance company by the victim organization ever was $40 million, IBM calculates. Therefore, it is wise to consider implementing a zero-trust cybersecurity system to avert this type of loss.

2. Creating Security Policies in a More Efficient Manner

Traditional security solutions implemented a redundant structure, particularly when it came to cybersecurity. It often meant that the different security tools throughout a network were configured and operated independently from one another, leaving some network components more vulnerable to attack when tools were missing or malfunctioning.

Zero trust helps here because it permits a universally applied policy to be created and implemented in all parts of the company. SSO is a great example because this handles authentication for all types of resources on the entire network.

3. Reduces Business Risk 

Cloud-based software and services operate under the assumption that all applications and services are malicious and are prevented from communicating until we can positively verify their identity. Immutability of the software is mandatory to meet predefined trust principles, such as authentication and authorization.

A greater risk is averted by following the ZT method, as it learns what is on the network and how those assets are communicating. Further, as baselines are detected, a ZT strategy lowers risk by eliminating overprovisioned products and services and continually checking the credentials of every communicating item or asset. As such, ZT can be expensive to implement.

4. Strong User Identification and Access Policies

ZT requires a proactive management strategy for users on the network utilizing multifactor authentication or even further beyond usernames and passwords with biometric info to keep accounts protected. After that, only users with the appropriate permissions will access the information they need to perform their job function.

5. Effective Data Segmentation

A Zero Trust model would divide data into pools according to data sensitivity, use, and type, resulting in less exposure to vulnerabilities in potential attack surfaces.

Zero Trust Architecture

The Zero Trust model leverages a comprehensive set of advanced technologies designed to provide immediate protection to critical assets while also enabling organizations to make optimal use of the multi-tenant cloud environment. The latest implementation of this framework allows businesses to secure applications and data in an on-premises environment with the same level of security that is available in the cloud. 

The Zero Trust Security model significantly departs from standard perimeter security approaches and offers a way to embrace technology innovation, including microservices, serverless computing, containers, and/or even blockchain technology. This model aims to reduce the complexity of securing critical systems while maximizing the reach and efficiency of these important applications.

ZT security architecture is centered around the Zero Trust Security Framework, which leverages a series of foundational technologies to provide immediate protection for critical assets in the cloud. This architecture also allows businesses to optimize multi-tenant cloud environments as it provides unparalleled visibility into endpoints across the entire application environment.

Zero Trust Security Framework

This framework is designed to provide real-time protection for critical assets in the cloud. It makes use of several advanced technologies, including trust, fraud detection, endpoint security, intrusion detection and prevention, data sharing, and subnet management. The Zero Trust Security Framework provides a high-level security framework designed to be applied in conjunction with any existing security model or product. Using this framework, security operations can be equipped with an open view of the entire application environment while also maintaining visibility into endpoints across all applications. This model provides immediate protection for critical assets while ensuring that business-critical data is not exposed to threats outside of the organization.

Challenges of Using Zero Trust Security

As with any new technology, with the gains also come some trade-offs that, in time, will be mitigated as the ZT is more widely adopted. Here are some of the drawbacks that ZT may pose:

1. Setup Time, Effort, and Cost: Switching over an existing network with policies can be complicated as they still need to remain in effect until the new system is ready to conduct business as usual. Typically, it’s easier to build a brand-new network and plug it into the existing one. In this case, we cannot use the Zero Trust architecture. So, starting from scratch will be necessary and can be costly.

2. Management Of a Larger Number of Users: Employees need to have access to only the necessary data. And users might also extend this role to friends and clients. Different access paths guarantee full integration in a Zero Trust framework, as different group policies are required for each type.

3. Managing More Devices: Today’s work environment encompasses not just an exceptionally vast array of various individuals but also an increased range of distinct devices specialized for the end-user’s specific use-case. Different devices may have different communication conventions and security standards that must be addressed adequately, some on a case-by-case basis.

When implementing Zero Trust, the following best practices should be adhered to:

1. Define the protect surface: Your protect surface are the databases, applications, assets, and services your company would want to protect most. Seeking to initially reduce the attack surface is not practical in today’s world where remote work has become a new norm. The attack surface constantly changes, making it challenging to pinpoint, shrink or protect against. Instead of focusing on the limitless amount of attack vectors, it is a simpler solution to specifically define your protect surface. Typically, in a ZT network, the protect surface is defined by one of these four items (DAAS):
   1. Data: what are we protecting?
   2. Applications: focus on applications that will be used to consume sensitive information.
   3. Assets: what are the most critical assets in terms of value?
   4. Services: what are the most common services can be leveraged by a malicious actor to infiltrate the company?

2. Draw the transaction flows: The network’s traffic flow highlights which actions must be coordinated to ensure security. Therefore, it’s critical to gain a general understanding of the interrelationships of your DAAS. Mapping the relationship between disparate resources will provide context for how you intend to enforce controls and how they protect your data, rather than hampering your business needs.

3. Architect a Zero Trust network: Zero trust networks are completely personalized, not found in one single, generic design. Instead, the architecture is fixed at the protected surface level. Once you have implemented the zero-trust model and mapped the flows according to your needs, you can map out the Zero Trust architecture, starting with a next-generation firewall. The next-generation firewall contributes to forming the boundary of your micro perimeter, and with a segmentation gateway, you can restrict access to resources that extend beyond the protected surface area (Layer 7), including people and resources.

4. Develop Zero Trust policy: After the architecting of the network is finished, use the “Kipling Method” to develop a Zero Trust architecture to add safelist items that should have access to each other. Rudyard Kipling, yes, the well-known novelist, introduces a 6-tuple question “who, what, when, where, why and how” in his poem “Six Serving Men.” It is used to define the policies and precautions that you will use for each protect surface on your network.

• Who should be allowed to use a resource?
• What application is being utilized to access a resource within the protected area?
• When was the resource used?
• What’s the destination of the packet?
• Why is this packet attempting to access this protected resource?
• What application is the packet using to reach the protected surface?
• With this level of granular access control, you can be sure that only authorized traffic of legitimate applications is allowed.

5. Maintaining and monitoring the network: The last step is to inspect all system logs, both internal and external, right up to Layer 7, emphasizing the operational aspects of Zero Trust. Zero Trust is an industry-specific process, and reviewing the logs provides practical troubleshooting ideas. 

According to Statista, in 2021, 37% of survey participants reported that the benefits of zero trust included greater security, compliance agility, and increased speed of threat detection & remediation of the customer data. The report from Statista also states that “…in 2021, 42% of people from an international survey said they have plans to adopt a zero-trust strategy and were in the early phases of doing this.”