Zero trust is a security model that enforces strict verification for any user or device attempting to access a network and its assets. The purpose of zero trust security is to ensure the network remains protected from within. To achieve this, all entities are treated as suspicious, regardless of whether the user or device has been previously verified.
The zero trust security model was first introduced in 2010 by Forrester analysts. At the time, IT security was implemented using the traditional castle-and-moat methodology, which assumes that everyone inside the network can be trusted. This model protected the network from external threats but completely trusted internal entities, exposing organizations to insider threats and compromised accounts.
During the past two decades, the IT landscape has changed dramatically—with today’s multi-cloud and hybrid-cloud environments, the IT landscape has become highly sophisticated. Networks are no longer restricted to a clear perimeter with clearly defined borders.
Today’s networks are distributed, complex, location-agnostic, and sometimes vendor-agnostic. On the one hand, these cloud environments help users access network assets from any device and any location. On the other hand, the network no longer has clear boundaries to defend and cyber criminals are taking advantage of this vulnerability, tricking users and systems into providing unauthorized access.
Zero trust security can help organizations protect their IT assets. By not granting implicit trust to anyone with access to the network, the organization can prevent insider threats of any kind—including malicious threats and careless or accidental damage—from risking the network and its assets.
There is no one zero trust technology. Rather, it is a concept that is implemented using a wide range of technologies in a flexible architecture, designed around an organization’s protected assets.
A zero trust model assumes that threats exist inside as well as outside the network. This is why no one with access to the network should be trusted. Each request to access the network should be strictly authenticated, properly authorized, and also encrypted.
Here are some preventative measures every zero trust model should employ:
The goal of implementing preventative security is to block breaches and minimize damage. In addition to the above techniques, organizations should also employ measures such as encryption, email security, and cloud access security brokers.
In addition to implementing preventative measures, a zero trust model should also incorporate real-time monitoring capabilities, and react to threats discovered in real time. This technology can help organizations quickly detect, investigate, and remediate intrusions, ideally before intruders can move laterally across the network.
Instead of passively logging and passing events to a security information and event management (SIEM) solution, organizations should set up real-time identity challenges. Identifying suspicious authentication events in real time can help detect brute force attacks and credential spoofing, and block attacks in a timely manner.
A zero trust architecture does not replace other security measures. It provides certain aspects of security but does not cover all. This is why a zero trust model should be incorporated as part of a holistic security strategy, including a range of technologies like endpoint protection, detection and response, real-time monitoring, and more.
Ideally, your security strategy should incorporate a wide range of models, chosen especially for the architecture of the network and the unique needs of the organization. All security tools and models should work together to ensure the network is secured. All employees, stakeholders, and third parties with access should be trained in proper security protocols.
This five-step process is abbreviated from the zero trust methodology published by Palo Alto Networks.
The traditional concept of a threat surface is becoming less relevant in modern IT environments. Because environments are so dynamic and made up of many elements outside an organization’s control, it is impossible to address the complete threat surface. Instead, focus on the “protect surface”—the most critical assets your organization needs to defend:
Identify how traffic flows within your network and other related networks. Define traffic flows that are required for business operations—these need to be protected, while other flows should be blocked or mitigated.
There is no universal model for a zero trust network (ZTN). Your ZTN must be built around your protect surface and known transaction flows. Put a mechanism in place to enforce microsegmentation, and use microsegmentation to create a micro-perimeter around critical assets, enforce access control, and enable monitoring across all communication layers (from the network to the application layer).
With a ZTN in place, define your zero trust policies. Use the 5 W’s method to ensure a policy answers all possible questions about network traffic—who is allowed to access resources, via what application, when they should be allowed to access it, where the location or address of the assets is, and why or for what purpose they need to access it and how (for example, which data or features they need to access).
On an ongoing basis, review logs and identify anomalies in traffic, both at the network level (for example, traffic accessing a forbidden IP) and at the application level (for example, an application user trying to access a forbidden URL). This will give you important insights for evolving the network and its policies.
Carry out these five steps on your most critical assets first—then gradually extend to additional assets and networks to expand zero trust protection.
The following best practices can help you implement zero trust security more effectively:
Calico Enterprise and Calico Cloud enable a zero trust environment built on three core capabilities: encryption, least privilege access controls, and defense-in-depth.