NEW VIDEO: Security Weekly - How to protect AWS metadata services (used in Capital One breach). Watch now!
search this site
 
 

At its core, the concept is simple: zero trust = no trust whatsoever. When applied to networking, zero trust becomes, “assume our network to be hostile.” While on the surface this sounds like a no-brainer approach, the notion is antithetical to how enterprises have been securing their networks for decades. Since at least the early 1990s companies have been surrounding their corporate networks with perimeter- and endpoint-based controls, relying on approved IP addresses, ports, and protocols to validate applications, data and/or users, which are then trusted to communicate inside the network. This approach has not proven effective at stopping breaches.

In contrast, zero trust is a model of security that treats all network traffic, including traffic already inside the perimeter, as hostile. Unless and until workloads have been identified by a set of attributes—a workload fingerprint or identity—they are untrusted and not allowed to communicate. One key benefit of zero trust is that it’s adaptable to any environment, which is necessary given today’s dynamic enterprise networks.

A main aspect of zero trust is least-privilege access. With zero trust, least privilege is not only applied to who is accessing the data, but also what—which services, devices, or connections—where, and when. This extension of least privilege greatly reduces network attack surfaces, giving defenders a narrower scope of focus.

Get your free copy of Zero Trust for Dummies:

Zero Trust Principles

Zero trust principles: Never trust, always verify

1. Assume

Assume the network is always hostile: Never trust, always verify
Zero Trust Principles: Implement least privilege access

2. Implement

Implement least privilege-access
Zero Trust Principles: Authenticate every device user and workload

3. Authenticate

Authenticate and authorize every device, user, workload each time it tries to connect
Zero Trust Principles: Dynamically update and adapt policies

4. Dynamically Update

Dynamically update and adapt policies to reflect environment using machine learning
Why implement zero trust?

Why Implement Zero Trust?

To understand why zero trust security has become a hot topic in recent years, it’s helpful to review how networks and early network security were built. In their early days, networks were defined user spaces with fully managed physical systems.
The people and systems using and accessing the corporate network were generally known quantities, therefore, IT security teams could reliably operate on a “trust but verify model,” meaning, any user or system that wanted to access system resources needed only to authenticate once to gain access and then were free to use resources as necessary. Network security, in other words, worked like a “castle and moat” system of defense; build a strong perimeter, generally a firewall, to keep the bad guys out, but once someone was inside the perimeter, that user was assumed trustworthy.

Over the years, networks and networking grew significantly and became more complicated. A “network” was not necessarily an on-site, hardware-based entity, and users were not necessarily sitting in a central office that could be defined by geography. Laptops then smartphones and tablets meant that employees could work from anywhere in the world. Companies began using cloud and virtual for the speed, efficiency, and cost savings they offered. Geographic location of the person or system became irrelevant.

Fast forward 20 or 30 years.
Today's zero trust networks

Network Security Today

Today’s networks are hostile places. They host business-critical data, apps, and services that help the company operate. As such, cyber criminals want access to those networks to steal, destroy, ruin personally identifiable information (PII), intellectual property (IP), and finance information for personal gain.

Organizations need to prevent unauthorized users (generally cyber criminals but also occasionally insiders) from accessing the data, apps, services, and users communicating on their networks to maintain the confidentiality, integrity, and availability of data/apps and services. Zero trust is a methodology that helps companies achieve increased visibility into what’s happening on their networks (to determine risk), and apply protection to system/data that prevent compromise and data breach (to lower risk).

In a zero trust network, security and/or networking teams implement “security checkpoints” throughout the network through which every communication must pass to send or receive data. Zero trust can be applied to users, devices, hosts, and applications. What this does is ensure that malicious users or software—if they manage to get onto the network through phishing or a system vulnerability—can’t continue a cyber attack progression.

The unfortunate reality is that breaches are an inevitability that can negatively impact companies’ operations, finances, and reputation; zero trust limits the “blast radius,” i.e., impact and severity, of cyber attacker, which allows the company to lower costs of protecting its business-critical data and systems and responding to and cleaning up after a breach. Zero trust also helps organizations with compliance initiatives because zero trust creates “secure zones” around regulated data, giving businesses better auditability and accountability.

Benefits of Zero Trust

Security’s main purpose in an organization is to decrease organizational risk so other business units can innovate and expand market share. These teams need to be agile and efficient, which relies on having access to the tools and resources which allow them to perform their jobs. In today’s world, many of these tools and resources are databases, collaboration software, digital data, and other IT systems which, if unavailable or inaccurate, could negatively impact the business.

Zero trust reduces business and organizational risk

Reduces business and organizational risk

Zero trust helps businesses reduce organizational risk because all applications and services that attempt to communicate inside the network are identified and their communication paths are mapped. This allows network and security teams to understand and baseline normal traffic flow.

Once assets have been discovered and data mapping has occurred, a zero trust network assumes all applications and services are malicious and disallowed from communicating until they can be positively verified by their identity attributes — immutable properties of the software or services themselves that meet predefined authentication and authorization requirements.

Zero trust networks, therefore, reduce risk because they uncover what’s on the network and how those assets are communicating. Further, as baselines are created, a zero trust network reduces risk by eliminating overprovisioned software and services and continuously checking the “credentials” of every communicating asset.
Gain control over cloud and container environments with zero trust networks

Gain control over cloud and container environments

Security practitioners’ biggest and longest-held fears of moving to and using the cloud are loss of visibility and lack of control. Despite the evolution in cloud service providers’ (CSPs’) security due diligence, workload security remains a shared responsibility between the CSP and the organization using the cloud. That said, there is only so much the organization can affect inside someone else’s cloud.

Zero trust was tailor-made for any type of network — including public or hybrid cloud. In a zero trust network, security policies are based on the identity of communicating workloads and are tied directly to the workload itself. In this way, security stays as close as possible to the assets which require protection and are not affected by network constructs such as IP addresses, ports, and protocols. As a result, protection not only travels with the workload where it tries to communicate, but does not change when the environment changes.
Achieve lower breach potential with the zero trust model

Achieve lower breach potential

Pursuant to the points above, because the zero trust model is focused on the workload, it’s easier for security teams to identify and stop malicious data-based activity. A zero trust network continuously inspects workloads for deviations from intended state and prevents those which are unverified from communicating anywhere on the system — to and from command and control, and between hosts, users, or applications (and any combination thereof). Any altered application or service, whether it’s a result of adversarial activity, misuse, or accident, is automatically untrusted until it can be verified again through a set of policies and controls. Additionally, even when verified and approved, communication is restricted to a “need-to-know” basis, i.e., access is locked down to only the users, hosts, or services that fundamentally require access.

This inherent distrust results in decreased breach potential and therefore decreased risk, not to mention lower costs for cleanup and mitigation (since there are fewer breaches to handle).
Aid compliance initiatives with zero trust segmentation

Aid compliance initiatives

With zero trust in place, auditors (and others in the organization) achieve clearer insight into what data flows the organization have and can see how workloads are protected throughout the network. Zero trust mitigates the number of places and ways network communications can be exploited, plus results in fewer negative audit findings and less remediation for the security team.

In addition, with zero trust segmentation implemented, organizations have the ability to perimeterize certain types of data (e.g., PCI or credit card data, data backups ) using fine-grained controls that keep regulated data separate from other, non-regulated data. When it comes time for an audit, or in the unfortunate event of a breach, a zero trust segmentation strategy provides superior visibility and control over overly permissive, flat networks.
Increase business speed and agility

Increase business speed and agility with a zero trust network

Today’s businesses strive to operate at lightning speed, and address- and port-based security controls can be contrary to those initiatives. Whenever a port is blocked or a host is shut down because of a possible intrusion, for instance, employees are unable to access data or services required to do their jobs. When a breach occurs, multiple disruptions accompany it. If the development team goes to deploy an app and security says, “No, stop. That’s insecure,” release is halted (and frustrations flare).

The ability to move continually forward and pivot on a dime is a highly-coveted business goal, and a zero trust network allows that to happen because it works seamlessly in the background. Protection travels alongside the workload rather than at the security “checkpoint” (i.e., perimeter), meaning that any blocking or disallowed communication is isolated and interruptions to speed and agility are finite. In other words, in a zero trust network, security is not constrained by static network constructs that slow it down.
Alleviates organizational friction

Zero trust alleviates organizational friction

Software and applications dominate business, and the formation of DevOps paved the pathway for today’s rapid development. The advent of containers and other dynamic, distributed development and staging environments have allowed DevOps teams to work even more efficiently but have introduced increased numbers of vulnerabilities which are near-impossible for security teams to manage with traditional controls.

In the past, security either tried to nose its way into the DevOps process or bolted protections onto already-deployed software, neither of which worked well. The problem with both approaches is translating application “speak” into network “speak"; too much manual intervention is required and slows down what is meant to be an accelerated process.

Zero trust knocks out these issues by effectively enveloping applications in protection. As applications are deployed, they are assigned an identity. Provided that identity remains the same or matches that of an already-verified application, it is allowed to communicate freely. Changes or updates to the app don’t necessarily change the identity the same way that a new outfit or business trips doesn’t alter a person’s identity—which means that DevOps can conduct business as usual and not have to worry about security interference.

What is Zero Trust Segmentation?

What is Zero Trust Segmentation?

In a zero trust architecture, segmentation gateways are added to existing networks. In an Edgewise-managed network, these control points are regulated by granular policies which, in turn, are dictated by the identity of workloads, applications, services, or processes. Every time an asset requests a communication, Edgewise symmetrically verifies the identity before the asset is allowed to send or receive communication. Workloads are segmented by their identity rather than network constructs, and this happens each and every time a workload needs to be authenticated or authorized on a network.

To understand how “never trust, always verify” is achieved, it’s helpful to understand how Edgewise builds identities. With Edgewise, an identity is created from a collection of asset attributes such as the SHA256 hash, file name, file path, product version, UUID of the BIOS, loaded modules, etc. Using application-aware attributes as the control—rather than network constructs—ties security directly to communicating network assets instead of the environment in which they are communicating (as is typical of traditional network security products like firewalls).

Identity-based policies result in stronger security control that travels with the workload wherever it communicates — in a public cloud, a hybrid environment, a container, or an on-premises, traditional network. Because protection is environment-agnostic and workload-dependent, applications and services are secured even if they communicate across network environments — no need for architectural changes or policy updates from users. Edgewise policies can be applied in one click, which is a departure from the complexity and difficulty of traditional microsegmentation projects. Further, unlike address-based microsegmentation which requires network/security teams to constantly tune rules based on network constructs, changes to the environment, or exceptions, Edgewise policies automatically adapt to software updates and architectural changes, thereby significantly reducing the amount of time it takes to microsegment and manage your environment.

Using all of the principles listed above, zero trust segmentation with Edgewise ensures that:

• Only approved applications and services can communicate on your networks
• Applications/services are verified for proper authentication and authorization before each send/connect request
• All assets are accessed with least privilege
• You always have an up-to-date communications map of your networks
• Policies can be applied in one click
 
Getting Started with Zero Trust
 

Getting Started with Zero Trust

Before you begin thinking about how to implement zero trust, it’s important to recognize that it is a strategy, not a technology or even a process. It’s tempting for security practitioners to want to plug and play, but there is no zero trust tool available for purchase, and no one way to accomplish zero trust. Zero trust is a framework, a philosophy on which networks—and even security tools—can be built. To get started with zero trust, it’s helpful to frame it as an overall approach rather than a component. Designing for zero trust requires security and IT teams to focus on business concepts: What are we trying to protect? From whom? Recognize that zero trust underpins the entire security program; technologies and processes are layered on top of the strategy, not the other way around.  

That said, architecting for zero trust does not require a “rip and replace” of the existing network. Zero trust can be implemented in stages. Organizations can start with the most critical assets first, or they can start with non-critical assets as a test case and gain lessons learned before zero trusting other parts of the network. You might want to start with zero trust at the user or device level or at the application level (which is Edgewise’s strong recommendation). Regardless of your starting point, implementing zero trust in any part of your network incrementally returns immediate gains in risk reduction and security control.

The most important aspect of a zero trust plan is gaining buy-in from other areas of the organization, from the CEO and CIO through networking and operations administrators, before you start. Communication is key; bring leaders together and explain what, if anything, will change for their users. Speak in plain language (see: “Benefits of Zero trust,” above) to explain how zero trust will help the company, and give colleagues a chance to air their grievances. Worse than not implementing zero trust at all is implementing a program that has to be rolled back because one decision maker can’t see the value. The benefits of zero trust are quite clear, but only to those who fully understand what it is and how it works.