NetworkTigers discusses zero trust theory and practice.
Zero trust security has become one of the biggest buzzwords in cybersecurity practices today, but it remains commonly misunderstood. When implemented correctly, zero trust policies can help reduce evolving threats, modernize data privacy, and increase information security in companies both large and small. On its own, zero trust is a concept that can inform cybersecurity best practices and network updates.
What is zero trust theory?
Imagine a spy who’s been given confidential information about national security at a high clearance level. You would expect them to be discreet about who they talk about this information with, but instead they trust everyone that they’ve ever met. Whether it’s someone as personal as a spouse or sibling, someone who used to live on their block, or a fellow coworker, they give the same level of disclosure to everybody. This person would obviously not make a very good spy, because they would not discriminate based on kinds of disclosure and clearance levels.
Likewise, zero trust aims to reduce the threat of information sharing within a larger network. Zero trust understands that in order to have a good spy, or a secure cyber network, you need to act to reduce lateral threat. The ability to easily share information is one of the greatest weaknesses within a company or network, according to the principle of zero trust. Instead, zero trust tolerance assumes that at any access point there may be a breach or an undetected issue. Zero trust security acts accordingly to create checkpoints or constant verification in order to catch cybersecurity risks before they can permeate too deeply. Zero trust in the previous example would have the spy constantly check and verify the identities of even those who are closest to them, as well as restrict access to what kinds of information they might share in the first place. This reduction of assumption or implicit trust can help limit the scope of damage in real time in the event of a data breach.
The principle of zero trust theory
Zero trust operates under a principle of continuous authentication. It eliminates the understanding of a trusted network, such as one created by an VPN or home base data server. “Never trust, always verify” is the watchword of zero trust cybersecurity.
Real world benefits of zero trust cybersecurity
One of the greatest threats to cybersecurity is often a company’s own employees. Studies show that a reported 88% of data breaches are due to human error, and not inherent risk within a system’s architecture. Some common methods of employee-driven data breaches may look like:
- Vulnerability to phishing scams
- Use of remote networks with lower security protocols
- Use of shared devices or data networks
- Outdated or shared passwords
- Lack of relevant cybersecurity training
Additionally, some of the worst cybercrimes and hacks can be traced back to disgruntled ex-employees who retain passwords or keep clearance levels that should be otherwise restricted. Zero trust security, with its emphasis on multi factor authentication, should act to reduce these kinds of ongoing risk.
Zero trust practice
The first step to implementing a zero trust architecture is to identify critical data, assets, and what must be protected. From there, data privacy can be winnowed down into a “need to know” basis. Information must be restricted based on who requires access, instead of sharing freely in an outdated model.
Secondly, multi factor authentication processes must be put into place. Even trusted users, networks, or known entities must be re-verified under zero trust architecture. These authentication portals should be consistently maintained and required at various timed points of access. No part of the network, no matter how central, should be assumed to be free of a breach or weakness.
Security clearance under zero trust may look like a second factor verification. For instance, one common example of zero trust architecture is requiring a second sign in code that can be sent to a backup email or mobile device in the event of a new log in or attempt to access information from another physical location or device.
Assessing the benefits and downsides of zero trust cybersecurity
Zero trust may require re-investments to be made into existing infrastructure. It can be a top-down overhaul of an approach to IT for a company. Some examples of what must be reconfigured under the zero trust architecture approach include:
- Routers
- Switches
- Cloud-based storage systems
- Cloud-based access points
- IoT
- Supply chain processes
Additionally, zero trust authentication should be as seamless as possible. Because it is a continuous checking of identity and security, it can quickly become prohibitive if it limits necessary data sharing, or hinders workflow.
On the positive side, zero trust aims to reduce the “blast radius” of a breach. The concept can help minimize threats that have already occurred, prevent new ones, and thwart bad actors in real time. Zero trust architecture is becoming more and more standard in both new and refurbished network gear to address evolving threats and increased need for cybersecurity in today’s internet age.