Never trust, always verify: The Zero Trust security model

The Zero Trust model has been gaining popularity among organizations in recent years. According to 2019 data, 78% of information security teams had implemented this model or at least were planning to make the move. Here, we break down the Zero Trust concept to see what makes it attractive for business.

The perimeter is no more

Perimeter security, a common term in corporate infrastructure protection, encapsulates the use of thorough checks for any and all attempts to connect to corporate resources from outside that infrastructure. Essentially, it establishes a border between the corporate network and the rest of the world. Inside the perimeter — inside the corporate network — however, becomes a trusted zone in which users, devices, and applications enjoy a certain freedom.

Perimeter security worked — as long as the trusted zone was limited to the local access network and stationary devices connected to it. But the “perimeter” concept blurred as the number of mobile gadgets and cloud services in use by employees grew. These days, at least a portion of corporate resources is located outside of the office or even abroad. Trying to hide them behind even the tallest of walls is impractical at best. Penetrating the trusted zone and moving around unhindered has become much easier.

Back in 2010, Forrester Research Principal Analyst John Kindervag put forward the concept of Zero Trust as an alternative to perimeter security. He proposed giving up the external-versus-internal distinction and focusing instead on resources. Zero Trust is, in essence, an absence of trust zones of any kind. In this model, users, devices and applications are subject to checks every time they request access to a corporate resource.

Zero Trust in practice

There is no single approach to deploying a security system based on Zero Trust. Despite this, one can identify several core principles that can help build a system like that.

Protect surface instead of attack surface

The Zero Trust concept typically involves a “protect surface,” which includes everything the organization must protect from unauthorized access: confidential data, infrastructure components, and so on. The protect surface is significantly smaller than the attack surface, which includes all potentially vulnerable infrastructure assets, processes, and actors. It is thus easier to ensure the protect surface is secure than to reduce the attack surface to zero.

Microsegmentation

Unlike the classic approach, which provides for external perimeter protection, the Zero Trust model breaks down corporate infrastructure and other resources into small nodes, which can consist of as few as one device or application. The result is lots of microscopic perimeters, each with its own security policies and access permissions, allowing flexibility in managing access and enabling companies to block the uncontrollable spread of a threat within the network.

Least-privilege principle

Each user is granted only the privileges required to perform their own tasks. Thus, an individual user account being hacked compromises only part of the infrastructure.

Authentication

The Zero Trust doctrine says one must treat any attempt at gaining access to corporate information as a potential threat until it’s proven otherwise. So, for each session, every user, device, and application must pass the authentication procedure and prove that it has the right to access the data at hand.

Total control

For a Zero Trust implementation to be effective, the IT team must have the ability to control every work device and application. Essential, too, is recording and analyzing information about every event on endpoints and other infrastructure components.

Benefits of Zero Trust

In addition to eliminating the need to protect the perimeter, which gets increasingly blurry as the business grows increasingly mobile, Zero Trust solves some other problems. In particular, with every process actor being checked and rechecked continuously, companies can more easily adapt to change, for example by removing departing employees’ access privileges or adjusting the privileges of those whose responsibilities have changed.

Challenges in implementing Zero Trust

Transition to Zero Trust can prove lengthy and fraught with difficulty for some organizations. If your employees use both office equipment and personal devices for work, then all equipment must be inventoried; corporate policies need to be set up on devices required for work; and others need to be blocked from accessing corporate resources. For large companies with branches in multiple cities and countries, the process will take some time.

Not all systems are equally well adapted to a Zero Trust transition. If your company has a complex infrastructure, for example, it may include obsolete devices or software that cannot support current security standards. Replacing these systems will take time and money.

Your employees, including members of your IT and infosec teams, may not be ready for the change of framework. After all, they are the ones who will become responsible for access control and management of your infrastructure.

That means in many cases companies may need a gradual Zero Trust transition plan. For example, Google needed seven years to build the BeyondCorp framework based on Zero Trust. Implementation time may be substantially shorter for less-branched corporate organizations, but you shouldn’t expect to squeeze the process into a couple of weeks — or even months.

Zero Trust, security of the future

Thus, transition from traditional perimeter security to ensuring a protect surface under the Zero Trust framework, albeit assuming the use of available technology, may still be a less-than-simple or quick project, both in engineering terms and in terms of changing employee mindset. However, it will ensure that the company benefits from lower infosec expenses as well as a reduced number of incidents and their associated damage.