Zero Trust Architecture is one of the internet’s most highly overused buzzwords. At its core, it is a set of recommendations to secure an organization by:
- removing implicit trust
- enforcing least privileged access, and
- applying continuous risk evaluation and monitoring.
NIST 800-207 formally documents the architecture. In this post we will attempt to simplify the complexity by focusing only on high-level concepts.
What is it?
In traditional security models, anything connected to an organization’s network was implicitly trusted. Not so long ago, when networks were smaller, more static, and easier to manage, this model was reliable.
Fast forward to today. Organizations now include a mix of on-premise equipment, clouds, mobile devices, IoT, and constantly evolving applications, protocols and threats. This complexity makes the old models impractical and insufficient.
As of May 2022, most major vendors are now offering products and services to support zero trust architecture. However, this is not something a single product can solve. Each vendor sells a piece of the puzzle. Every organization will have differing needs based on their attack surface, business model, and customer relationships. Implementing zero trust is as much about company’s governance and practices as it is about the technology itself. Next, we’ll focus in on the major influencing factors.
Three Pillars of Zero Trust
Frequently summarized as “never trust, always verify,” the three pillars of zero trust architecture are:
Zero Trust designs to secure modern environments by:
- removing implicit network trust (and adding segmentation),
- using least privilege authentication and authorization methods, and
- intense monitoring and auditing.
In the next sections, we will take a brief look at each of these topics.
Never Trust A Network
Would you ever check-in to a hotel and start using the shared computer in the lobby to access your bank? Most of us would cringe at the thought, but conversely wouldn’t think twice about banking from your office computer. And yet IT staffs are continually under-staffed, under-budgeted, and over-worked. Having complete trust in your network’s security is now a luxury reserved only for the largest of companies or government agencies. And even they are fighting a losing battle against insider threats.
The current rate of cyberattacks is unprecedented, and assuming that your network is secure is dangerous. Even if you do everything right in advance (and few do), you are still vulnerable to 0-day attacks. At this point, it is simply more practical to assume your network is insecure, and move forward with planning from that perspective.
Now that we have a healthy distrust of our network, next up is to control the access to data and assets on the network.
Enforce Least Privilege Access
We need to protect high-value data and assets. To accomplish this goal, the principle of least privilege recommends that you only assign the minimum necessary rights to a subject (users, networks, systems, files, etc.) in order to function. Ideally, these restrictions should also factor in time, granting permissions only when needed and for minimal durations.
Through careful access delegation, any potential damage posed via an activity is limited, regardless of whether it is sanctioned, unsanctioned, intentional or unintentional.
Laziness often works against the principle of least privilege. Granting bulk permissions beyond the scope of the necessary rights is convenient, but can come with disastrous effects when a breach occurs.
Audit and Monitor Everything
The days of “set it and forget it” are over. Perform continuous risk evaluation and monitoring vigilantly; Without this, you have no hope of minimizing your attack surface against ever evolving threats.
A dry run is the best way to determine if your monitoring and auditing posture is sufficient; Assume a network breach. Next run through your audit logs and determine whether there is enough information to find an attacker’s footprint.