Let TxMQ Accelerate your Zero Trust Networking Solution
For decades, security controls have been built around protecting a single, massive corporate perimeter. This method has proven unsuccessful at realizing its core intent, which is to protect the critical systems, data and personnel that allow companies to successfully and nimbly operate. Once the perimeter is breached, through a phishing attack or unpatched system, a threat actor can freely move across other security layers and systems, where data can be compromised.
In addition, this perimeter based model proves sorely lacking in today’s highly mobile ‘work remotely’ world. Not to mention it’s challenges in light of the now 100% remote office brought on by the global Covid 19 pandemic.
How does Zero Trust Work?
The Zero Trust model shifts us from a single, large perimeter and moves it to every endpoint and user within a company. The premise is built on strong identities, authentication, trusted endpoints, network segmentation, access controls, and user and system attribution to protect and regulate access to sensitive data and systems. The two primary principles that make up Zero Trust are that you don’t inherently trust anything on or off your network, and that you apply security controls only where they are needed, to compartmentalize and protect critical systems and data. We do the latter through context based authentication and access control.
When can Zero Trust be Effective?
When looking at Zero Trust from a breach perspective, the intent is that a compromise of one asset doesn’t compromise the entire company and that you only apply security controls to what matters most. In addition, by ensuring that all utilized protocols are secure, we make sure if a breach occurs, it is unable to lead to a furtherance of that hack.
Zero Trust has been around for a long time. It’s the ‘new-old idea’. Originally developed in academia, where tens of thousands of students need access to a university’s systems. This is a journey, not a destination. It is also not a product, or something one can ‘add on’ to an existing environment.
What does Zero Trust Protect?
In all security frameworks, one must first identify and understand what all of the assets are on the network. This is all endpoints, data stores, including any allowed BYOD. The system then is built around NOTHING but secure (encrypted) protocols for ALL communication (as a prototypical ideal, that many companies find hard to realize). This is coupled with intelligent, AI based context based authentication, including evaluating the health of the accessing device or system.
Is this the first time Jim is logging in at this time, from this area, on this device? Let’s only grant read only access today. Or perhaps let’s toss another multifactor authentication challenge at this attempt.
How can I use Zero Trust in my Environment?
While the following is a utopian ideal, it is worth laying out what this looks like at the ‘perfected extreme’. Actual mileage may vary, as most companies find exceptions must be made, oftentimes with legacy environments, or departments requiring ‘special handling’.
Zero Trust starts with strong subjects, role definitions and governance using identity and access management and privileged access management products in combination with a single source of truth for all subjects or identities and roles. We then apply stringent access controls to toxic or sensitive data, systems and applications and only provide permissions for assets needed for the employee to do their job. Then include attribute-based authentication (computer fingerprint, mobile device fingerprint, certificates, keys, login time, location, protective and detective apps and controls installed. Then we use user and entity behavior analytics (UEBA) as a compensating control to look for and alert on behaviors outside of normal for a specific user, system or device, and require step up authentication measures and other additional security checks to continue). Then you’ve got the making of a strong Zero Trust implementation.
Implementing Zero Trust doesn’t have to be a heavy lift.
We start with small proof of concept areas. Often companies will segment off complex legacy environments for later evaluation. Once organizations see the benefits in terms of an improved user experience, and ultimately simpler network management, the enhanced security posture is almost gravy.
Let’s look at some simple first steps.
The Six key steps for implementing Zero Trust:
- Identify your sensitive or toxic data sources
- Identify roles and assign people to a single role
- Map the transaction flows regarding the toxic data
- Architect a Zero Trust network based on the toxic data sources and the way they are used transactionally
- Write rules on your segmentation or policy gateway (e.g. Cloud Access Security Broker or CASB) based on expected behavior of the data (users and applications)
- Monitor the network; inspect and log the traffic; and update rules based on your behavior analytics
