As technology becomes more advanced, and more democratized, malicious actors find new ways to breach the networks of enterprises. Changing business practices and new ways of working also create needs for protecting sensitive data in enterprises. This ongoing “tug of war” results in more improved and sophisticated cybersecurity practices overall.
Zero trust is one such model that has caught the attention of enterprises in recent years. With the number of cyber attacks on enterprises rising drastically, many enterprises are exploring zero trust architectures to protect their data.
What is Zero Trust?
Zero trust security is a cyber security model that asks every user trying to access a network to verify their identity. This is a strict requirement and applies to all users within and outside the network.
The term “zero trust” comes from John Kindervag, a Forrester Research analyst and thought leader who explained how security risks can come from both inside and outside an organization’s network.
Why is Zero Trust Security Necessary?
Until now, businesses have generally tried to thwart cyber attacks by focusing on the perimeters of their networks. The standard practice was based on a “trust but verify” method where users and devices within a network were automatically trusted. These trusted users were allowed inside a network, after which they didn’t have to re-authenticate themselves every time.
This posed a risk for enterprises from malicious internal actors and when the credentials of legitimate internal users were taken over by attackers. The risk became more severe since the start of the pandemic as businesses accelerated their digital transformation and cloud migration efforts while working arrangements became remote. In the US alone, cyber attacks increased by 300% in the first nine months of 2021, according to the World Economic Forum while in Singapore, there were 16,117 cases of cybercrime in 2020, up from 9,349 cases recorded in 2019, as per a report from the Cyber Security Agency of Singapore (CSA).
These trends clearly suggest that businesses need stricter ways to authenticating and trust users entering a network. This is the basis for a “zero trust architecture” where users, both internal and external, have to prove their authenticity by entering their access privileges every time they attempt to access the network.
How Zero Trust Architecture Works
The zero trust architecture is based on the maxim of “never trust, always verify” proposed by John Kindervag. This involves a combination of different techniques such as multi-factor authentication, endpoint security, identity protection, data encryption and email security among others.
The first step involves identifying the network’s most critical and valuable data, including files, workloads and services. This is followed by prioritization and creation of zero trust policies to protect the high priority-assets.
Next, it is necessary to understand who the users are, which applications they are using and how they attempt to connect to the network. This helps determine and enforce policy that ensures secure access to your critical assets.
This is followed by constant monitoring and visibility over the traffic and users within the network environment. There is also an emphasis on control of the traffic, especially those between different parts of the network, including encrypted traffic.
Zero Trust Model: Key Principles
The zero trust model relies on a few key principles that all work together to reduce each user’s exposure to other more sensitive parts of the network or which may not be within the purview of that individual user. These principles include:
Terminating every connection
Zero trust security solutions terminate every connection to allow the inspection of traffic, including that which is encrypted, in real-time, before sending it to the destination. This has an advantage over solutions like firewalls which inspect files as they are delivered, where it may be too late to alert if the files are found to be malicious.
The context in which the user is requesting access plays a major role in zero trust policies. Various attributes such as the user’s identity, device, location, the type of content being accessed and application being requested are taken into consideration before allowing access.
Device access control
In a zero trust model, there is strict control and monitoring of devices. It monitors how many different devices are attempting access, and if they are authorized. This makes sure that the devices are not compromised and minimizes the attack surface of the network.
Microsegmentation is the practice of dividing security perimeters into small zones so that different parts of the network can maintain their separate access rules. A zero trust architecture usually employs software-defined microsegmentation, keeping your data secure irrespective of its location, be it in a data center or distributed hybrid and multi-cloud environments.
Multi-factor authentication (MFA)
Another core principle of zero trust security is multi-factor authentication (MFA). MFA requires users to present more than one piece of evidence for authentication – merely entering a password is not sufficient. A simple application of this can be when users are asked to enter a passcode sent to one device that they own, like a mobile phone or token, in addition to the password.
Secure Your Enterprise with Zero Trust Network Access
CDNetworks offers Enterprise Secure Access (ESA), a cloud-based secure remote access service. It uses a zero trust implementation with a Software-Defined Perimeter(SDP) infrastructure to control access to and from any platform in any environment on any device.
It also comes integrated with all the necessary features including identity authentication, application acceleration and unified management, ensuring that only authorized users get to access specific applications. With ESA, businesses can confidently implement remote and hybrid work arrangements while securing the devices of its distributed workforce, while also protecting the network from cyber attacks. ESA shields the origin’s IP address and ports behind a security gateway, and intercepts network attacks before they can reach their destination.