What You Need to Know About Zero Trust

By: Josh Mayfield | 4/2/2019

The Zero Trust security model establishes the idea that an enterprise cannot automatically trust any endpoint originating inside or outside of its perimeters. There is an authentication that happens at every single turn. Ideally, businesses should verify anything and anyone attempting to connect to their systems before granting access.

Think about going through the various stages of an airport from check-in to boarding. However, instead of going through security once to check your credentials, at every step you take there is another checkpoint to ensure you are the right person, and another, and another. That’s what Zero Trust is like.

What is Zero Trust

The concept of a Zero Trust Network (or Zero Trust Architecture), was the brainchild of former Forrester Research analyst John Kindervag. In 2010, he published a paper that introduced the concept to the IT world.

The granularity and micro-segmentation of a Zero Trust network enforces rules based on users, their locations, and/or other relevant details to determine whether that user, machine, or app requiring access should be trusted.

Without knowing the security status of an endpoint, Zero Trust networks won’t authenticate until it can verify the user and the location.

After an endpoint has been authenticated, a restrictive policy can be carried out for that specific session. Not unlike the “need-to-know” basis used by the government, a Zero Trust policy only provides the exact amount of network access required for users, machines or apps — nothing more, nothing less.

For independent security researcher Rod Soto, Zero Trust is not exactly zero in the literal sense. “Zero Trust is an operationalization of the least privilege principle and segregation of duties by the use of different technologies,” he said. “This can go from high privileges and full access to no access rights at all and can be applied to applications, devices, and users within and outside the perimeter.” 

The role of network segmentation

Network segmentation is all about partitioning the network into smaller networks, and in doing so, restricting access levels. This way, hosts and services containing sensitive information would be on their own separate network — apart from other networks.

For example, you wouldn’t want sensitive HR or Finance data to reside on the same network as your general company documents or spreadsheets.

But to be effective, network segmentation requires careful planning and strict enforcement. Access should be monitored.

“I would say that a more comprehensive Zero Trust approach should go beyond just network segmentation and include asset and identity management components,” says Soto. “It is important to verify not just at the network level but also devices, applications, and users.”

Because once a bad actor compromises your network, they’re likely to poke around your systems in search of sensitive information, hosts and services.

Check out our Cybersecurity 101 guide to understand why preventing threats is so important.

Advantages of network segmentation

There are several benefits from segmenting your network and embracing the Zero Trust framework, the most obvious being improved security. We’ve discussed this above.

We’ve also touched upon better access control — the ability to make sure users and endpoints only have access to specific network resources, which can stop any accidental and malicious activity in its tracks. 

Improved Containment

By segmenting your network, you reap the benefits of more containment of your network. Any networking issue that arises is limited to that local subnet. In addition to the attack protection, any network errors can be targeted to a precise location, which translates to an easier fix.

Improved Performance

With fewer hosts and endpoints per subnet, local network traffic can be minimized. By segmenting all your network traffic to its own subnet, you’ll use fewer resources detecting any incident.

Improved Monitoring

With network segmentation, you can not only log events but monitor internal connections (both approved and denied) and even detect suspicious behavior. Monitoring and logging events give your IT team the capability to notice patterns of malicious activity, and in turn, make the right changes so that future breaches can be prevented.

To sum up, according to Soto, Zero Trust can be used to strengthen defenses within and outside the perimeter, reduce the attack surface, contain and isolate intruders as well as improve management of security operations.

However, Soto advises that such implementations go hand in hand with business objectives. “I have seen applications of Zero Trust model that break legacy applications becoming counterproductive for business,” he said.

A few lingering questions

Although we’ve covered all the bases on the field of Zero Trust, there are still several concepts that are often confused. For instance — what is the difference between Zero Trust security and Zero Trust architecture?

While the two can be seen as interchangeable, Soto views Zero Trust security as conceptual models, with Zero Trust architecture representing the translation in technology deployment and implementation of such models.

You may also be wondering where PAM (privileged access management) fits into the equation.

“PAM is simply a technology framework that allows the application and enforcement of Zero Trust models,” Soto explained.

If all this sounds too restrictive to your business, we don’t blame you. But when it comes to your endpoints, it’s unfortunately not a question of IF there will be a breach, but WHEN.

How to achieve Zero Trust

The bottom line is, if you don’t have visibility into all of your devices, you can’t answer the question of whether they are trustworthy. If you can’t extract intelligence from your endpoints - all you have is an inventory - you also cannot determine their trustworthiness.

Existing endpoint security tools, such as encryption, AV/AM, and client/patch management, fail - regularly and reliably. Unless you go deeper, into the firmware, and have a ceaseless grip you cannot ensure trustworthiness of a device and achieve a zero trust environment.

All of these questions can be answered when you have visibility and intelligence. Absolute acts as an informant. It lets you know about the trustworthiness of devices, data, apps, people, and networks.

Learn more about how Absolute provides Asset Intelligence and helps you achieve a Zero Trust environment.

Financial Services