If you’ve been around the security industry lately, you’ve surely heard the term “zero trust.” It has become a bit of a buzz term, as many new1 security concepts are wont to do, but based on the source of your information, you might not be clear on what “zero trust” really means (beyond the obvious). While we at Edgewise are admittedly a little biased, this post strives to disambiguate the term and provide a working definition for security practitioners who want to explore next-level security, especially those struggling with how to secure data, applications, hosts, and users in hybrid cloud or container environments.
At its core, the concept is simple: zero trust = no trust whatsoever. When applied to networking, zero trust becomes, “assume our network to be hostile.” While on the surface this sounds like a no-brainer approach, the notion is antithetical to how enterprises have been securing their networks for decades. Since at least the early 1990s companies have been surrounding their corporate networks with perimeter- and endpoint-based controls, relying on approved IP addresses, ports, and protocols to validate applications, data and/or users, which are then trusted to communicate inside the network. Once past the “security checkpoint,” layered internal security controls such as data leak protection, intrusion detection, and behavioral analytics help companies identify rogue and potentially malicious behavior. But these are effectively detection and response tools rather than protection for data and network; “protection” remains at the perimeter.
However, as networks have evolved over the years due to the (essentially) ubiquitous use of cloud, the explosion of software and applications, third-party system interconnectivity, and more, the need for more effective methods of securing networks—and the data and services that reside and communicate within them—has emerged. More specifically, data breaches have become commonplace front-page news, and with new regulations like GDPR shining a light on data, security practitioners have come to realize the necessity of moving protection closer to the workloads running inside the network.
A necessary evolution
Thus the emergence of the terms “zero trust security” and “zero trust networking.” In a nutshell, zero trust is a model of security that treats all network traffic, including traffic already inside the perimeter, as hostile. Unless and until workloads have been identified by a set of attributes—a workload fingerprint, if you will—they are untrusted and not allowed to communicate, regardless of their location: in the cloud, in an on-premises data center, in a virtual environment, in a container. One key benefit of zero trust is that it’s adaptable to any environment, which is necessary given today’s dynamic enterprise networks.
Zero trust architecture is grounded in a data-centric approach, starting with protecting workloads and services that access an organization’s valuable data assets in the cloud or data center. For example, it removes attackers’ abilities to piggyback on approved network security control policies such as those used by firewalls—because internal traffic isn’t trusted just because it’s internal. A key benefit of zero trust is least-privilege access, a concept that’s been widely discussed in regards to identity and access management (IAM). With zero trust, least privilege is not only applied to who is accessing the data, but also what—which services, devices, or connections—where, and when. If any of the above doesn’t meet specified criteria, the connection is not allowed. If any of the above changes in transit, the communication is denied on the receiving end. This point is a core difference between traditional and zero trust networking; the possibility of attackers moving laterally (“east-west”) inside the network is greatly diminished because any time a change occurs, the communication reverts to untrusted until its fingerprint is verified. This extension of least privilege (beyond IAM) greatly reduces the network attack surfaces, giving defenders a narrower scope of focus.
To summarize (for the TL;DR crew), key components of zero trust are:
- A “never trust, always verify” baseline. Networks are assumed to be hostile
- Workloads can’t communicate unless they’ve been verified by their workload fingerprint
- A data-centric, “inside-out” approach
- Brings protection closer to the workload
- Enforces least-privilege access to the data by application workloads and users
- Adaptability to any network environment: on-site, in the cloud, or in a container
Now that we’ve generally defined zero trust, in subsequent posts we’ll explore why you want to implement zero trust, how to get started with zero trust, and the business benefits of using zero trust (remember: no security strategy is a perfect fit unless it supports business goals and initiatives). The key here is that zero trust doesn’t have to be difficult, costly, or disruptive to implement. It is a methodology that requires a new security mindset, but one that achieves the goals security practitioners have been striving for: better security, simplification of network security, fewer breaches, and demonstrable risk reduction for the enterprise.