The Zero Trust security principle is centered around the presumption that everything and everyone within your IT environment is potentially malicious, hence the phrase “never trust, always verify!”. The Zero Trust model runs counter to the traditional moat-castle approach, which presumes that the “bad guys” are on the outside, and the goal is to prevent them from getting in.
The Zero Trust security principle is centered around the presumption that everything and everyone within your IT environment is potentially malicious, hence the phrase “never trust, always verify!”. The Zero Trust model runs counter to the traditional moat-castle approach, which presumes that the “bad guys” are on the outside, and the goal is to prevent them from getting in.
The Main Components of a Zero Trust Model
- Preventing unauthorized interactions between users and applications in different segments of the network.
- Enforcing ‘least privilege‘ access to ensure that user and service accounts are granted the least access rights necessary to perform their role.
- Monitoring and reporting on suspicious network traffic, account access, and anomalous file and folder activity.
The Benefits of Zero Trust in the Cloud
Increasingly more companies are using cloud services because it is generally cheaper and easier to host applications in the cloud than it is to host them on their own dedicated servers. By adopting a Zero Trust approach, you can establish boundaries that essentially shield applications and data from attackers seeking to move laterally throughout your network. By providing a detailed audit trail of user behavior, the Zero Trust approach delivers greater visibility into the operations performed on your network, which in turn means more control over how it is used.
Tips for Implementing Zero Trust in the Cloud
The Zero Trust approach is, in most part, data-centric, in that, most cyber-attacks are an attempt to gain authorized access to sensitive data. Of course, this isn’t always the case, as some attack vectors, such as DDoS and ransomware attacks, are often carried out in order to create disruption, for financial gain or other nefarious reasons.
The point is, it is important to prioritize your cybersecurity strategy based on the assets and resources that are the most valuable, and those that are most at risk. It would thus make more sense to divide your network into logical partitions based on the data, as opposed to the underlying technology or physical location of the data centers.
Map out your entire infrastructure
You will need to start off by mapping out your IT environment, which includes keeping an inventory of all servers (both on-premise and in the cloud), applications, users, devices, peripherals, and so on. The map should also provide information about how traffic flows from one system to another, and the authentication/authorization protocols used to control these flows. Using this map, you can establish policies to determine which accounts can access which parts of the network, and how.
Discover and classify your most critical assets
Without some form of data classification schema in place, you will struggle to establish logical partitions within your environment. Use an automated solution that will scan your repositories for sensitive data, and classify the data according to your chosen schema. The solution should also classify data at the point of creation/modification. Even though we are focusing more on the data itself, we must also ensure that we have an up-to-date inventory of all devices that are allowed to access our network and a means by which to block those that are not.
Enforce “least privilege” access
The principle of “least privilege” stipulates that users, devices, services, and applications, should be granted the least privileges they need to adequately perform their role. Of course, this must be done carefully, as the more granular your access controls are, the more complicated, and thus error-prone, your identify access management (IAM) system will be. A common technique that is used to restrict access rights is Role-Based Access Control (RBAC). With RBAC, users are assigned to roles (or groups) and privileges are assigned to those roles, which allows for a simpler and more robust IAM strategy. You must ensure that logins are set to periodically expire, thus prompting the relevant user to re-authenticate themselves. You will also need procedures in place for granting temporary access to systems, apps, and data.
Implement micro-segmentation
Micro-segmentation plays a key role in implementing an effective Zero Trust policy. Micro-segmentation is about identifying your most valuable network segments and then developing policies that determine how these different segments can interact with each other. However, micro-segmentation isn’t necessarily about preventing these systems (or segments) from communicating with each other, but about gaining visibility into how they communicate with each other, when, why, and for what reason. Micro-segmentation offers more granularity than other methods of segmentation, such as network segmentation or application segmentation. Some popular cloud service providers offer security features that enable us to implement micro-segmentation in the cloud, which includes controls based on environment type, regulatory scope, application, and infrastructure tier. They also make it possible to apply the principle of “least privilege” more extensively across cloud environments. The following article explains how to implement micro-segmentation on the AWS platform.
Monitor everything
As mentioned already, Zero Trust is more about enhancing visibility as opposed to preventing siloed systems from interacting with each other. As such, you must ensure that you know exactly who is accessing what systems and data, when, why, and how. Doing so requires the right tools and technologies. Given that cloud providers manage the security of their own infrastructure, and typically do so to a high standard, an organization that relies heavily on cloud services may find that a full-blown SIEM solution is unnecessarily complicated and expensive. A simpler (and often more effective) approach would be to use a Data Security Platform which monitors access to privileged accounts and sensitive data.
A Data Security Platform will aggregate and correlate event logs from multiple cloud platforms (as well as on-premise environments) and display a summary of events via a single dashboard. Anytime a network resource is accessed in a way that violates your Zero Trust policy, or when a users’ actions deviate from their typical usage pattern, an alert is sent to the administrator, who will then launch an investigation into the incident.
In addition to monitoring single events, most solutions are able to automatically detect and respond to events that match a pre-defined threshold condition, such as multiple failed logon attempts, or when a large number of files have been encrypted within a given time frame.
If you’d like to see how the Lepide Data Security Platform can help you implement Zero Trust security in the cloud, schedule a demo with one of our engineers or start your free trial today.
Important Group Policy Settings & Best Practices to Prevent Security Breaches
15 Most Common Cyber Attack Types and How to Prevent Them
Why Active Directory Account Getting Locked Out Frequently – Causes
