With the increase in frequency, sophistication, and cost of cyberattacks, the global focus on cybersecurity is at an all-time high. However, the goalposts for those tasked with protecting businesses have shifted. Hackers have a growing number of ways they can compromise a business and are frequently looking to move laterally within an organization, using credentialed (and often elevated) access. On top of this, insider threats are on the rise where trusted users take advantage of their access for nefarious purposes.
This means that the tried-and-tested concept of perimeter-based security and defenses (where anything located on the corporate network is assumed to be trusted) is no longer enough. Security teams need to shift their thinking from the perimeter to the authentication and access of resources. This means looking at methods of both restricting access and monitoring access requests to ensure those utilizing the environment are doing so appropriately.
This is where Zero Trust Architecture comes in.
What is Zero Trust Architecture?
Zero Trust Architecture should be a core part of a company’s cybersecurity planning, combining identify, access policy, authentication, and more. The concept of Zero Trust is “never trust, always verify”, which effectively means assuming that all devices and users represent a potential threat and cannot be trusted until they can be properly authenticated. Once authenticated users are allowed access only to the bare minimum, they need to perform their job efficiently. Therefore, if a device (or user account) is compromised, Zero Trust aims to ensure that the damage is either mitigated (by not allowing access) or, at worst, is limited in scope.
The concept of Zero Trust has been growing over the past decade; however, the challenge has been implementing it without sacrificing user experience and productivity. Zero Trust Architecture relies heavily on some critical capabilities – namely identity management, asset management, application authentication, network segmentation, and threat intelligence. The technologies needed to achieve these were once only available to larger organizations but are now readily available in the mainstream.
How can an organization implement Zero Trust Architecture?
Successfully implementing Zero Trust Architecture means going beyond rolling out a series of integrated tools and technologies, which are supported by a set of operational policies and authentication requirements. This must be a strategic initiative that supports the formation of the Zero Trust architecture outside of a tool and technologies acquisition.
The latter should outline what Zero Trust will look like as it relates to authorization to specific resources both on-premises and in the cloud, as well as how Zero Trust technologies will interact with data, threat intelligence, public key infrastructure, identity management, and vulnerability management systems. Once this foundation has been established, companies can determine how further to define their Zero Trust Architecture: for example, using software-defined perimeters, micro-segmentation, by identity, or a combination therein.
In terms of setting user policy, understating accountability, authority, and capability are critical to establishing the level of trust of an individual user. The implementation of a trust algorithm can involve a score-based approach, as well as contextual based or an approach involving certain criteria that must first be met.
When it comes to rolling out the technology to support your Zero Trust environment, it’s advisable to run a pilot program first. This will allow you to get the kinks out, adjust KPIs and teach you how to operate in a ZTA overall with limited impact to your business. Pilot programs should focus on the least sensitive data elements first before moving on to the more mission-critical crown jewel systems and networks.
An established Zero Trust environment will require on-going monitoring and analysis, with the goal being to automate the dynamically adjusting of established policy based on current activity and emerging threats. Monitoring can also be used to determine whether the resources dedicated to your Zero Trust Architecture are able to handle the activity load and identify those parts of the ZTA that require attention. This is critical to ensure a proper defense via automation and to ensure an effective Zero Trust state continually remains in place.
Benefits of Zero Trust Architecture
Implementing a Zero Trust Architecture will bring several key benefits for all businesses, including:
- Reduced threat surface
- Maximized use and authority of authentication
- Increased visibility into all user activities
- The ability to dynamically provide access based on current use case
- Reduce an attacker’s ability to move laterally within your organization
- Limit possibility for data exfiltration
- Protection against both internal and external threats
- Lowered reliance on point solutions designed to detect/stop specific types of threat activity
- Improved overall security posture both on-premises and in the cloud
Comparing Zero Trust to NIST and other frameworks
Cybersecurity Frameworks, such as the one developed by the U.S. Government’s National Institute of Standards and Technology (NIST), provide organizations with a set of cybersecurity activities and outcomes to specifically manage cybersecurity risk, along with standards, guidelines, and best practices to help organizations achieve their desired outcomes.
In contrast, a Zero Trust Architecture focuses on implementing Zero Trust principles to specifically achieve a state where every access request (including the user and device making the request, as well as the asset or resource being requested) is scrutinized, and access is allowed on a per session basis. This ensures the entire environment remains in a state where no access is granted, until it is properly authenticated.
About David Rice
David Rice - vCISO for Tailwind
David is a dynamic, innovative, and results-driven leader with deep security and technology experience. David is not the superhero that prevents all security risks, but the pathfinder who guides organizations to responsibly embrace risk for a competitive advantage.
David is a thoughtful and experienced leader who specializes in Security, Product, Technology, and Operations. David can establish and grow outstanding teams that can bring to life complex, innovative ideas while scaling mission-driven, customer-centric businesses. David brings clarity, vision, and execution to fast-paced and growth-oriented organizations. He is a master at establishing connections and building cross-functional workflow strategies that enable growth and scale.
About Tailwind
Tailwind is a global provider of managed IT services and cybersecurity solutions, offering industry-leading support, cybersecurity, cloud, salesforce, infrastructure and compliance services. As one of the top MSPs, Tailwind's 24/7/365 US-staffed support team designs technology solutions to accelerate business and reduce IT risks.
Tailwind IT
