TLDR #3: Zero Trust Security

Zero Trust Security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are within or outside of the network perimeter.

“Zero trust” is a phrase first coined by John Kindervag, in a research for Forrester Research Inc., in 2010 [1].
Kindervag used this phrase to describe the need to move security leaders from a perimeter-centric approach and guide them to a model that relies on continuous verification of trust across every device, user and application, pivoting on a “never trust/always verify” approach.

“Zero trust” isn’t associated to a specific technology: it is a holistic approach to network security that incorporates several different principles and technologies.


What are the main principles of zero trust security?

In order to explain the principles behind Zero Trust security approach, I took some quotes from an interesting paper by Tony Kueh (on ThreatPost) [2]:

When talking to customers about steps they can take to build a zero-trust security architecture, I focus on five main pillars – device trust, user trust, transport/session trust, application trust and data trust.

Device Trust: For zero trust, as an IT administrator, you need to know your devices before you can trust them.

User Trust: Time after time, password-based user authentication has been proven inefficient and ineffective. Therefore, as a part of zero trust, organizations must make use of more secure user authentication methods.

Transport/Session Trust: Another key component of zero trust is the concept of least-privilege access. The idea is that a user or system should have access to only those resources that are specifically required to perform the task at hand. No more, no less.

Application Trust: Enabling employees to securely and seamlessly access any application, including traditional Windows applications, from any device is key to creating a digital workspace and enforcing zero trust.

Data Trust: At the end of the day, it is the data that is of utmost importance — and the whole reason we need strong security. We must protect against data breaches and leaks, and make sure it is the correct, unmodified data that our users are interacting with.

Once trust is established across all five pillars, informed decisions can be made to grant or deny access. Once the decision of granting access has been made, it is critical to constantly re-verify. If the trust level changes, organizations must be able to immediately act. In addition, by establishing trust across the five pillars, we gain visibility and can gather analytics across the digital workspace environment. And with visibility and analytics, we can build automation and orchestration.


Zero Trust in a DevOps environment

In a useful post on DarkReadings [3], Peter Smith shows an identity-based approach for protecting workloads in an enterprise environment based on containerization:

When Docker classic was introduced, Docker needed a low-friction way to introduce containers, so it used network address translation (NAT), which modifies network address information in the IP header during transit in order to remap the address space. It simplifies management for IT by hiding the network complexity behind the host machine, but it also makes the nuts and bolts of its networking opaque. Containers can have different IP addresses than their hosts, not even residing in the same subnet.

Another method, called bridging, is more transparent. In this method, everything acts as if it has an IP address in the same network — even though some things are hosts, others are containers, and containers may be moving between hosts — but the underlying network complexity is visible to IT.

In addition, many containers use overlay networks. This creates a distributed network that sits on top of host-specific networks, which enables containers to communicate easily, as if they were right next to one another, while the infrastructure moves them around to different hosts. It’s similar to what VMware NSX did for virtualization infrastructure.

The key takeaway is that container networking is very pluggable and customizable, but its variability and complexity make applying firewall policy based on network addresses very hard to do.


Weaknesses of the Zero Trust model

According to a post by Pieter Arntz on Malwarebytes Blog [4], the Zero Trust model also has some weakness:

Overhauling to a Zero Trust security framework isn’t easily accomplished, but it’s one we feel strengthen’s an organization’s overall security posture and awareness. IT teams looking to convince executives of the old guard might look for prime opportunities, then, to make their argument. For example, if there’s already a planned move to cloud-based resources is often conducted alongside One of the reasons why a move to using cloud-based resources, that’s a good time to suggest also adopting Zero Trust.

Changes in the threat landscape, including recent vulnerabilities in VPNs and Citrix, plus ransomware being delivered through Remote Desktop Protocol (RDP), might encourage more organizations to investigate a Zero Trust solution, if only for identity and access management. These organizations will have to allow for a transition period and be prepared for some major changes.

A proper Zero Trust framework that doesn’t automatically allow traffic inside the perimeter will certainly hinder the lateral threat movement that hackers use to tighten their grip on a breached network. Top business-focused threats such as Emotet and TrickBot would be hindered from spreading, as they’d be unable to work their way from server to server in a segmented network. Since the point of infiltration is usually not the target location of an attacker, setting up internal perimeters can also limit the severity of a successful attack.

Add to these layers strong data security hygiene and intelligent orchestration that provides wide coverage across threat types, operating systems, and platforms, and businesses have a security framework that’d be pretty tough to beat today. In our eyes, that makes Zero Trust a hero.


References

  1. John Kindervag – Forrester
  2. A Practical Guide to Zero-Trust Security
  3. Securing Containers with Zero Trust
  4. Explained: the strengths and weaknesses of the Zero Trust model

Related posts

  1. TLDR #2: Cross-Site Request Forgery