The Zero Trust Network, or Zero Trust Architecture, model was created by a Forrester Research based analyst, John Kindervag, in 2010. In the last few years, Zero Trust has become a staple cybersecurity strategy for many enterprises. Chase Cunningham, a principal analyst at Forrester, said of Zero Trust, “in three years, I think [it] will be cited as one of the big-time frameworks in cyber security. Period.”
So, what is a Zero Trust Model and why has a concept that was created in 2010 become so popular recently?
What is Zero Trust?
Pretty much what is says on the tin. Zero Trust is a model that essentially requires organizations to not trust anything inside or outside their network or infrastructure. Instead, to operate on a Zero Trust model, you should be auditing, monitoring, tracking and alerting on every aspect of your IT infrastructure.
Don’t trust anyone.
Access should only be given to users that require it, and you should take every precaution to verify who that user is and whether that authorization is required. In many ways, Zero Trust is similar to the Principle of Least Privilege, in that you should only be giving privileged access to those users who require it to do their job. Zero Trust goes a bit further though and ensures that you are monitoring the activities of all users, especially the most privileged ones. Don’t assume that your most privileged users are the most trustworthy ones.
Why is Zero Trust a Useful Cybersecurity Policy?
The Zero Trust policy has been propped up as a mainstream cybersecurity policy over the last few years for one simple reason; the most likely data breach scenario you will see is one that is caused by your users. Insider threats consistently are the biggest cause of data breaches in mid-market and enterprise organizations.
Users who already have access to sensitive data can easily take advantage of its black-market value for personal profit. Humans are also careless quite a lot of the time; accidental misuse of sensitive data is a massive cause of data breaches. We see an alarmingly large number of organizations awarding privileged access to junior admins and the like. This kind of practice leaves yourself open to privilege abuse and other insider threats.
The Zero Trust model is a way in which you can mitigate the risk of insider threats by assuming that all users are a data breach waiting to happen and limiting access accordingly.
Applying the Principles of Zero Trust
There are essentially three steps to implementing a Zero Trust policy, but it is a continuous process. This isn’t something you can do once and then never revisit. If you are going to succeed in mitigating insider threats it is going to require vigilance.
Firstly, identify where your sensitive data is. You’re going to need to know where data containing personally identifiable information, confidential business information, financial statements etc. resides. There are many data discovery and classification tools on the market that will do exactly this. They will search through your IT infrastructure and identify where your “at risk” data resides, what it contains, and the associated risk levels.
Once you know this, you should find out which of your users has access to this data. To operate on a Zero Trust model, you will need to analyze all of your users and their respective access levels. Does that user really need access to that PII? Does a junior administrator really need to be able to see the company’s financial statements? Strict access controls will ensure that you limit the risk of insider abuse.
Lastly, ensure you are constantly monitoring your IT environment, from interactions with sensitive data to your user behaviour and permissions. You will more than likely need to deploy an auditing and monitoring solution, like LepideAuditor, to enable you to do this in a continuous and proactive way. If you detect any changes to permissions or to the data itself, they need to be investigated and reversed where necessary.
For more information on how you can implement a Zero Trust model, come and speak to Lepide.