Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders.
Bad guys out, good guys in. This principle has long shaped how enterprises approach information security, anchored in the premise that IT environments can be protected from malicious activity simply by making the perimeter bigger, stronger and more resilient. It's a model that evokes comparisons to castles and moats, but it carries a twinge of irony, considering the foundation of the narrative that internal traffic is automatically trusted is now a fairytale.
Zero-trust security proposes a different model -- one grounded in the assumption that all users, devices and transactions are already compromised, regardless of whether they're inside or outside of the firewall. That perspective drives a new strategy for network security architecture.
What is it, exactly?
Zero trust is not a technology, nor is it a product. It is a strategic, architectural approach to network security enabled by technology.
First articulated in 2010 by John Kindervag, then a principal analyst at Forrester Research, a zero-trust security model is a philosophy for designing network security architecture in a way that withholds access until a user, device or even an individual packet has been thoroughly inspected and authenticated. Even then, only the least amount of necessary access is granted. An adage commonly ascribed to zero-trust security is "never trust, always verify," an evolution from the old "trust but verify" approach to security."
Zero-trust security espouses the use of more precise and stringent network segmentation, creating what are sometimes called micro-perimeters throughout the network to prevent lateral movement. The goal is that when -- not if-- a breach occurs, an intruder can't easily access sensitive data by hopping VLANs, for example.
Policies and governance also play an important role in a zero-trust architecture, since users should have the least amount of access required to fulfill their duties. Granular control over who, what, where and when resources are accessed is paramount to a zero-trust network.
What's driving the zero-trust security model?
A legacy, perimeter-based approach to security simply doesn't protect enterprises from increasingly common and destructive identity- and credential-based attacks.
In other words, no matter how flashy the firewall, it won't prevent an attacker who's obtained stolen login information from wreaking havoc without highly granular segmentation and access policies. Contrary to traditional security models, user identity inspires one of the lowest degrees of confidence, because it's reasonable to assume that the person logging in with Bob from accounting's username and password may not be Bob from accounting.
Moreover, according to Verizon's 2018 Data Breach Investigations Report, compromise and exfiltration often occurs in a matter of minutes or even seconds, while two-thirds of breaches go undiscovered for months.
In terms of technology, many familiar elements are in zero-trust security's toolbox: automation, encryption, identity access management, mobile device management and Multifactor authentication, to name a few.
But at the heart of the zero-trust model are fine-grained microsegmentation and highly adaptive policy enforcement -- two components largely enabled by software-defined networking, network orchestration and virtualization (including but not limited to Network virtualization).
Make no mistake: While benefits to moving to a zero-trust architecture are many, getting there is no small feat.
Before diving into implementation, however, a successful transition to zero-trust security starts with a comprehensive audit of all devices, endpoints and other assets, because everything connected to the network is a potential risk. You also need a detailed understanding of how different users work and whether restricting access to various resources could interfere with their ability to do their jobs -- often information best obtained by partnering with business leaders in the organization.
While the zero-trust security model gained popularity once implemented by Google, it is by no means just for large enterprises. In fact, it can be easier for smaller organizations, as their environments are often less bogged down by interconnected layers of legacy systems.
In an ideal world, a zero-trust security architecture is created by design in a greenfield environment, but that isn't the only option. Zero-trust-based approaches can also be introduced gradually to existing environments as a longer-term transition.
Drawbacks to the zero-trust security model?
Make no mistake: While benefits to moving to a zero-trust architecture are many, getting there is no small feat. In addition to the technical complexities, it requires a profound cultural shift within IT and beyond; namely that equating safety with "inside the firewall" is no longer acceptable.
As mentioned previously, implementing zero-trust security can be significantly harder for enterprises with legacy environments, often making their networks more brittle.
Zero-trust security also requires ongoing work. Teams must regularly monitor, maintain, optimize and update micro-perimeters and governance policies to ensure systems continue to function properly, while not preventing users from being productive.
