The term Zero Trust was coined by then-Forrester analyst, John Kindervag in 2009, who posited that trust was a vulnerability and security should follow a strategy of “Never trust, always verify.”
Today, trust is assumed throughout a typical organization’s infrastructure. Notably:
- After a single authentication, users, devices, services, and workloads are trusted to be legitimate and are granted access to a broad range of resources.
- The ubiquitous use of denylists in security tools inherently trusts that all activity is legitimate unless known to be malicious.
This is a problem.
The Trouble with Trust
Breaches of the corporate perimeter are inevitable, and blacklist-centric security tools can only detect a fraction of the threats faced by today’s organizations. This is precisely why John Kindervag stated that trust is a vulnerability.
When an organization implicitly trusts that a user, device, application, workload, or connection is legitimate, unless proven otherwise, it opens itself up to a huge amount of risk—the approach will inevitably fail to detect a high percentage of malicious activity.
Principles for Zero Trust Success
At its core, a Zero Trust strategy aims to improve on this approach by adhering to three principles:
Assume breach
Organizations should assume at all times that there is a malicious presence inside their environment, and implement security controls to minimize the impact.
Verify, don't trust
Instead of assuming legitimacy, organizations should continuously verify all components within their IT infrastructure to ensure they haven’t been compromised. This includes:
- Reauthorizing users and devices every time they try to access a resource to prevent hijacked accounts, devices, and sessions from going unchecked.
- Continuously monitoring and enforcing the health and configuration of all enterprise assets—including devices, applications, services, endpoints, cloud instances, and more—to ensure they remain in a known and accepted state.
- Assuming by default that everything that is and happens within an IT environment is malicious—unless it has been expressly authorized.
Put simply, a Zero Trust strategy means moving to a ‘deny-by-default’ approach instead of the more trusting ‘allow-by-default’ approach used in most cybersecurity strategies. Kathleen Moriarty, CTO at the Center for Internet Security, explains:
“Allowlists are more secure and lower maintenance than denylists. Instead of assuming everything is legitimate unless proven otherwise, an allowlist blocks everything unless it meets an expected set of policies and measurements. This means threats are blocked even if they aren’t known, and also, managing allowlists by exception requires far less human effort than constantly updating huge denylists of known threats.”
Least privilege
Once verified, users, devices, and services should be granted the minimum possible access required to complete their function—and for the shortest possible period. This minimizes the potential impact of malicious activity.
By adhering to these three principles, organizations can dramatically reduce the risk of being breached.
However, we still face a challenge. These principles are similar to most compliance frameworks in that they are descriptive rather than prescriptive—they tell organizations what to do, but not how to do it. In the next article, we’ll look at the seven core tenets of Zero Trust (as laid out in NIST SP 800-207) which explain what Zero Trust should look like in the real world.
The Missing Components of Zero Trust
Our new report, ‘The Missing Components of Zero Trust,’ explains what Zero Trust really is, examines some significant gaps in existing guidance, and details the most important concepts and capabilities required for an effective Zero Trust Architecture.
Download the report to learn:
- How Zero Trust differs from traditional perimeter security strategies, and why that matters.
- What’s missing from President Biden’s Executive Order and NIST guidance, including some of the critical capabilities required to realize the full value proposition.
- The three types of proof demanded whenever a resource is requested under a Zero Trust Architecture, and why access is never “inherited” from a previous authorization.
- Why Zero Trust Architecture must enforce dynamic cybersecurity policies across four layers—but most only operate on two.
- Why an over-focus on access and authorization is damaging Zero Trust implementations—and what else should be considered to ensure effective implementation.
Adopt an effective Zero Trust strategy - Download your free copy today:
Tags:
Zero TrustJuly 6, 2022