Zero Trust Security

Never trust, always check – the zero trust model

Cyberattacks and data breaches have become commonplace. This threat scenario has given rise to a new security model known as the zero trust model. #Cybersecurity is playing an increasingly important role in digitalization.

We are all taught from childhood to trust each other – albeit with some precautions towards strangers. Building trust is necessary for individuals and companies to work efficiently. Trusting someone means that you think they are reliable, that you feel safe with them. Trustworthiness is also an essential quality for anyone who is part of an organization. However, if you look at how modern digital companies work, you can see a paradigm shift in this thought process: companies have started to work with a principle that “never trusts” and “always verifies”.

Traditional security models assumed that everything on an organization’s network (MPLS) could be trusted, but this trust is now seen as a weakness. It treats users, whether internal or external, as “complete strangers”, and if the organization does not verify who they are, they are “not authorized to access anything”.

The Zero Trust model is becoming a widely accepted framework at a time when the cost of data breaches is rising even as organizations spend more and more on their cybersecurity efforts. IBM’s 2020 Cost of a Data Breach Report estimates that the global average total cost of a data breach in 2022 will be $4.35 million per incident.

Core principles behind the Zero Trust model

Strict identity verification for any person attempting to access resources on a private network, regardless of whether they are inside or outside the organization.

Access with the least rights by granting users only as much access as they need.

Micro-segmentation by dividing security perimeters into small zones to maintain separate access for separate parts of the network.

Multi-factor authentication, which requires more than one credential to authenticate a user; a single password cannot actually authorize a person to access.

Controls device access by monitoring how many different devices are trying to access your network and ensuring that each device is authorized.

How to achieve Zero Trust

Zero Trust can build on an existing architecture without replacing existing technology and utilize security products that work well in a Zero Trust environment. This is a transformation that, when implemented by design, delivers better results than retrofitting. Implementing technologies that can help achieve Zero Trust and replace old legacy systems will be a big step in this direction. CISOs, CIOs and other levels of management need to be equally involved to decide which elements need to be moved into this model as a priority and which can wait.

5-step methodology for Zero Trust Network deployment(Source: Palo Alto Networks)

Define protected area

First and foremost, step defines the sensitive data, applications, assets and services (DAAS) that an organization must protect, which constitutes the protection surface.

Mapping transaction flows

The traffic across the network in the protected interface determines how it should be protected. This understanding comes from scanning and mapping the transaction flows on your network to determine how different DAAS components interact with other resources on your network, and this allows you to know where controls need to be added.

Build a zero-trust network

The architecture of the network is the third step. Key components of the architecture will be a segmentation gateway to enforce granular Layer 7 access, followed by least privilege access control, inspection and logging of each packet through Layer 7, by inspecting all network traffic for malicious content with multiple built-in security services, including Intrusion Prevention Systems (IPS), sandboxing, URL filtering, DNS security and Data Loss Prevention (DLP) capabilities.

Create the zero trust policy

The next step involves creating the zero trust policies that should answer who, what, when, where, why and how your network needs to support and allow only known traffic or legitimate application communications on the network.

Monitoring and maintenance of the network

The final step is to continuously inspect all internal and external protocols over Layer 7 and focus on the operational aspects of Zero Trust. Inspecting and logging all traffic on your network is a key aspect of Zero Trust, and all of this traffic data will provide insight into how the Zero Trust network can be improved over time.

Conclusion

To protect organizations from the ever-evolving threat landscape, you need to transform your security management. Adopting the Zero Trust model is an important step in strengthening your security systems. It is indeed a powerful prevention strategy when implemented across the entire environment – on the network, at the endpoint and in the cloud.

I look forward to your questions!

Frank Frommknecht

Key Account Consultant