Zero Trust is a security model based on the “Never trust, Always verify” principle. This means that all users, devices, and applications must be verified before they are granted access. Zero Trust is not a product that can be purchased but rather a strategy for securing networks, infrastructure, data and applications. However, some products, such as Azure, can be used to follow the principles of Zero Trust. John Kindervag developed the security model in 2010, but it took almost a decade before the industry started to embrace it. This was due to a combination of factors, including a shift to mobile and cloud solutions and the professionalization of cybercrime. The Zero Trust model is now widely accepted and used by many organizations and governments.
After the SolarWinds hack, the US government decided to adopt the Zero Trust security model. In May 2021, President Joe Biden signed an executive order that enforced federated agencies to apply the principles of Zero Trust.
Traditionally, we would build a perimeter around our network and trust everything inside the perimeter. Simply said placing a firewall in front of the network and implicit trust everything inside the network. This is no longer a viable option, as the perimeter is no longer well-defined. With the rise of cloud computing, mobile devices, and remote work, the perimeter has become more fluid. The Zero Trust model assumes that there are malicious actors both inside and outside the network. Therefore, we must verify every identity, regardless of whether the request comes from inside or outside the network.
Each application has different requirements and needs. Therefore, we must understand the application and its dependencies before we can design a Zero Trust architecture. We must also understand the data that the application uses and how it flows through the network. This is why we must break down the environment into smaller pieces that we need to protect. We call this the protect surface.
The traditional security model relied on implicit trust, assuming everything on the network was safe and anyone inside the network had unrestricted access. However, this assumption is outdated, and we can no longer rely on the idea that everything is safe behind the firewall. With Zero Trust, we verify every identity, regardless of whether the request comes from inside or outside the network. We aim to authenticate and authorize all data points, as Zero Trust assumes that bad actors can be found everywhere, including inside your organization.
Least privilege access
Instead of granting sweeping access to identities, Zero Trust principles dictate that we should provide the least privileged access. Use Identity Access Management (IAM) to assign an identity only the minimal access rights required to complete an operation. In many cases, it is not necessary to give an identity permanent access, especially when dealing with highly privileged access. Instead, use Just-In-Time (JIT) and Just-Enough-Access (JEA) mechanisms.
Assume that there are malicious actors on the network and take steps to protect resources accordingly. When dealing with a hack, minimizing the blast radius is important. One way to achieve this is to isolate workloads as much as possible through network segmentation. However, be careful to keep your architecture simple, as complexity can introduce additional security risks.
The five steps methodology
- Define the protect surface. Break down your environment into smaller pieces that you need to protect e.g. intranet, corporate website, HR system, etc.
- Map the transaction flows. Investigate dependencies, inbound and outbound connections and how data flows through the application and network.
- Architect a Zero Trust environment. Use the Zero Trust principles to design an architecture to protect your protect surface.
- Create Zero Trust security policies. Use the Kipling method (who, what, when, where, why, how) to develop security policies.
- Monitor and maintain. Monitor signals to detect any risks, remediate risks and improve the Zero Trust Architecture and security policies.
The hotel analogy
- Each arriving guest is verified explicitly before granted access to the hotel (room).
- A hotel assumes breach by placing a safe into each room. If an intruder manages to get access to the room, the safe will protect the guest's belongings.
- A hotel follows the concept of least privileged access by allowing guests only access to their room. Guests can't use their card to access any other room.
- Cleaners only have access to rooms during specific time - least privileged access.
- Signals are monitored to detect any risks
The SmartMoney demo
I will showcase how to implement the Zero Trust principles and approach in a real-world scenario through the SmartMoney demo.