Zero Trust strategy
Zero trust architectures are a new approach to security. In this architecture, all applications and services are treated as untrusted and the infrastructure is built in such a way that it can detect and stop any intrusion.
The idea of zero trust is to make sure that no layer of the stack trusts the underlying components. For example, in a traditional network, an administrator would set up an access control list on a firewall to allow access to a service from one IP address only. This means that the firewall is trusting the IP address as being legitimate and not malicious. With zero trust architecture, there is no such trust because all traffic is treated as hostile. The firewall will then use other methods like packet inspection to determine if traffic coming from this IP address should be allowed or not.
Zero Trust seeks to address the following key principles based on the NIST guidelines:- Continuous verification. Always verify access, all the time, for all resources.
- Limit the “blast radius.” Minimize impact if an external or insider breach does occur.
- Automate context collection and response. Incorporate behavioral data and get context from the entire IT stack (identity, endpoint, workload, etc..) for the most accurate response.
- Passwords: Unfortunately, passwords are still part of many MFA systems despite being vulnerable to attacks such as phishing, account takeover, SIM-swapping and credential stuffing.
- Remote Zero Trust Authentication: Remote work has increased greatly in recent years, meaning viable Zero Trust security for remote entry points (VPN, VDI, RDP) is vital for risk reduction.
- Strong Authentication into Desktop: Logging in to an enterprise desktop and then subsequently having to log in via SSO or a separate authenticator in order to access resources creates a time-consuming redundancy. It can also cause integration issues.
- Secure Application Access: Integrating secure Zero Trust Authentication across all enterprise applications, especially legacy apps, can create considerable compatibility problems.
- Usability Issues: Added friction creates frustration and adoption resistance in users. It can also affect productivity and lead users to try to take shortcuts around Zero Trust security measures.
Implementing a Zero Trust architecture within your organization has wide-ranging benefits. However, it’s important to remember that Zero Trust isn’t simply a magic bullet in terms of cyber defense. Here are the core benefits of Zero Trust as well as potential limitations that you should be aware of.
Because Zero Trust never assumes that any device or user is trusted, you get to decide what resources and activities need coverage in your security strategy. All data and computing sources should be protected optimally. And once you have the proper monitoring installed to cover both resources and activity under a Zero Trust framework, you’ll have even more visibility into system activity. You’ll now know the time, location, and application involvement of every access request and be better equipped to flag and respond to suspicious activity.
Benefit 2: A More Secure Remote Workforce
Remote work has exploded in the past two years and cybersecurity concerns along with it. As users and devices access critical data from across the globe and outside the physical workspace, employing Zero Trust helps ensure the security of a distributed workforce. Zero Trust goes above and beyond traditional firewalls and security measures that aren’t necessarily adequate in a remote work environment. Under Zero Trust, identity is attached to users, devices, and applications that seek access, offering robust protection for both work and data in any location.
Benefit 3: Effective Ongoing Compliance
Zero Trust helps ensure continuous compliance across multiple industries and regulatory frameworks. Every access request being evaluated and logged is a huge aid in compliance documentation, for instance. Tracking the time, location, and applications involved in each access request creates a seamless and transparent audit trail. With continuous compliance, audits are streamlined as there is a visible chain of evidence for all access requests. This minimizes the effort required to produce evidence, making governance operations faster and more efficient.
Limitation 1: Coping with BYOD Trends and Workplaces
In the era of BYOD policies and environments -- along with the “always-on” mentality of many remote employees -- organizations need to allow for greater data and system access flexibility. Each individual device has its own properties, requirements, and communication protocols, which need to be tracked and secured under the Zero Trust model. While this is more than feasible, it may require a bit more legwork upfront to configure your Zero Trust security measures in a workplace that relies heavily on BYOD.
Limitation 2: Accounting for High Number of Applications
Another challenging factor to consider when adopting Zero Trust is the number of applications you’re using across the organization for people and teams to communicate and collaborate. You’re likely employing versatile and flexible cloud-based apps, but a high number of applications in use can make implementing Zero Trust somewhat of an uphill battle. Consider what third parties are handling your data, how it’s being stored, and whether or not each application is absolutely necessary before placing 100+ applications in your tech stack that will all need to be monitored and secured under Zero Trust standards.
Limitation 3: Authentication Doesn’t Verify Intention
The unfortunate fact is that, even if users are fully authenticated, Zero Trust can’t discern their intentions. Malicious insiders seeking to do damage to their own organization -- for whatever reason -- may still do so with the data or systems that they have authorized access to. The same principle holds true for public-facing web applications. Certain users may sign up for accounts, provide the right information, and gain proper access. But that doesn’t mean that they don’t have malicious intentions of compromising systems or data with what access they do have.
Comments
Post a Comment