Information Security

Apr 30th, 2017 | | Information Security | No Comments

What is ‘Zero Trust’?

Traditional network security approaches are no longer adequate in today’s ecosystem and a new method to protect your network is needed. Many security professionals have begun implementing a new architecture called Zero-Trust Networking, which changes the entire security paradigm.

The underlying principle of Zero-Trust Networking, originally developed by Forrester Research, is exactly as it sounds: Trust Nothing. A Zero-Trust network abolishes the notion that everything inside your corporate perimeter can be trusted. Instead, Zero-trust establishes micro-perimeters or security zones around sensitive data or user enclaves, which allow different levels of control or visibility through the use of next-generation firewalls. Controlling the flow of data and user access to the different zones protects both the data and users from compromise.

As a simple example, your guest wireless network should not have unfettered access to data center resources or other systems, but instead be limited to Internet access and possibly some shared services, such as domain name services and printers, if deemed necessary. In that case you would create a Guest, Shared Services and Internet zone. Users or devices assigned to the Guest zone could query DNS servers located in Shared Services and then access the Internet.

All data flows and traffic between any zones would be monitored and inspected for malicious activity, plus with appropriate rules and policies in place that limit and also inspect lateral traffic inside a network, suspicious activity would be readily identified. Many of the high profile breaches over the past few years, such as OPM and Target, could have been prevented or the impact significantly reduced.

After the OPM breach, the US House of Representatives Committee on Oversight and Government Reform issued a recommendation that all federal agencies adopt the Zero Trust model.

Implementing Zero-Trust is easier than it sounds, with the primary steps being:

  1. Identify Data and User Zones
  2. Map the Data Flows
  3. Segment the Networks
  4. Create Policies and Rules to match Data Flows needed
  5. Monitor the Network and Traffic Patterns allowing Continuous Improvement

Using these relatively simple steps, traffic and data networks can be protected from malicious activity, compromise and exfiltration by cybercriminals that are becoming more sophisticated and effective. Zero-Trust is an approach that stays ahead of the attackers and protects an organization’s most valuable asset – data and information.

 

 

Upcoming Book: Zero Trust Networks: Building Secure Systems in Untrusted Networks


Comments are closed.