Introduction to Zero Trust
Introdution
- Zero Trust is an end-to-end security strategy that monitors and controls the six main pillars of security: identity, endpoints, applications, network, infrastructure, and data.
- In practice, the “trust no one and verify everything” rule suggests that every request, device, or user must not be trusted and should be treated as a potential threat until verified by strong authentication methods, before allowing access to the network.
- This also means that users and devices are only allowed access to the specific applications or data that they need.
Key Principles of Zero Trust:
Verify explicitly
:- Zero Trust requires strict identity verification for every user and device attempting to access resources.
- With Zero Trust, the identity verification of users and devices is a continuous process, often at multiple levels.
- This ensures the constant monitoring and validating of who can access what.
Use least privilege access
:- The principle of least privilege access ensures that user access is minimized with Just-In-Time (JIT) and Just-Enough-Access (JEA).
- This means only granting access to systems and applications to authorized users for specific tasks for a minimum time.
Assume breach
:- This principle assumes attackers are already in your network and are looking to move laterally and get to get more information.
- It embodies a deny-all approach and uses real-time monitoring to assess every request against known behaviors to limit and control access.
- Assume breach is the mindset of creating the necessary segregation of access to contain the damage to a small area, and in doing so, minimizing the impact to your business.
Zero Trust Components
Identities
- An identity in the Zero Trust approach is defined as users, services, and the credentials used by applications, and Internet of Things (IoT) devices.
- In the Zero Trust approach, identities control and administer access to critical data and resources.
- This means that when an identity attempts to access a resource, organizations must verify it through strong authentication methods, ensure access is compliant and typical for that identity, and enforce least privilege access principles.
Endpoints
- An endpoint is any device that connects to your network whether in the cloud, on-premises, or remotely.
- They include devices issued by the organization, IoT devices, smartphones, BYODs, and partner and guest devices.
- In the Zero Trust approach, the security policies are enforced uniformly across all endpoints. This is because when an identity is granted access to a resource, data can stream across different endpoints.
- If the endpoints aren’t secure, this can create a huge risk.
Applications
- Applications are productivity tools through which users access their data.
- Knowing how these apps and their application programming interfaces work is essential to understanding, managing, and controlling the flow of data.
- All apps used across your digital estate should be given tightly controlled in-app permissions and be monitored for abnormal behavior.
Networks
- Networks represent the means to access our data.
- Using network access controls and monitoring user and device behavior in real time can provide insights and visibility into threats and help cybercriminals to move laterally across your network.
- Network segmentation, using threat detection and prevention tools, and encrypting network traffic will reduce the likelihood of an attack and mitigate the fallout from a breach.
Infrastructure
- Your infrastructure covers every aspect of the digital domain, from on-premises servers to cloud-based virtual machines.
- The main focus and consideration for infrastructure is to manage the configuration and keep software updated.
- A robust configuration management approach will ensure that all deployed devices meet the minimum security and policy requirements.
Data
- Understanding your data and then applying the correct level of access control is essential if you want to protect it.
- By limiting access, and by implementing strong data usage policies, and using real-time monitoring, you can restrict or block sharing of sensitive data and files.
This post is licensed under CC BY 4.0 by the author.