Zero Trust: A Solution to Enterprise Cybersecurity Concerns?
Published on 16 Mar, 2020
Technological advancements have ensured constant connectivity for enterprises and facilitated remote access. However, this has also increased threats of data breaches, hacks and malware attacks. Various cybersecurity solutions have been developed to beat hackers who are increasingly using advanced tools. One of these solutions is the Zero Trust model, equipped with features to create more layers of safety.
Data security breaches and hacking have plagued Internet-based applications from their very inception. Currently, technologies such as IoT and connected devices are widely being implemented across enterprises. However, vulnerability to cybercrimes poses a major concern in their adoption. As hacking becomes increasingly sophisticated, there is growing pressure to implement high security platforms.
Cybercrimes are growing rapidly. As per the 2017 Annual Cybercrime Report from Cybersecurity Ventures, by 2021, the world will be spending $6 trillion to fight cybercrimes globally. This is double the amount spent on data security in 2015.
Zero Trust, developed by John Kindervag, is fast gaining traction as a solution to the problem. The framework is structured around the concept that organizations should not automatically trust any device or user within or outside its perimeters. Security custodians must verify every device or user trying to connect to its systems before granting access.
Zero Trust employs technologies and governance processes to establish a secure enterprise IT environment. Advanced technologies such as Multi Factor Authentication (MFA), orchestration, analytics, encryption, scoring and file system permissions are used to design the security pyramid. It also ensures strict compliance with governance policies, such as giving users the minimal access required to accomplish a specific task.
The main advantages of Zero Trust are:
Secure access to data and resources – Data traffic needs to be investigated thoroughly. A network’s critical components are valuable data, assets, applications and services (DAAS), which require complete security. The details of these components must be present with the company’s IT security system. The security should also have all user information, such as to whom access should be granted or which devices are being used to connect. Enforcing security policy as well as allowing access is their discretion alone.
Verification and log of traffic – Inspection points must be built at all high traffic junctures of your system. This helps in spotting unusual activity or an unknown visitor quickly and accordingly stop entry. Identification and approval for entry help in tracking users and preventing threats.
Multi Factor Authentication (MFA) – MFA is the most intrinsic aspect of Zero Trust. It ensures that only the actual user can enter the system via a multiple-layer user-authentication process. Every user logging into the system is double-checked. A site employing Zero Trust will at times send a unique code on a separate device after a user logs in. Hence, only the password is not enough. Most banking sites use this to enhance security.
Zero Trust simply restricts the number of pathways for malware and attackers from entering your system. Since all devices are assumed to be untrustworthy, the system provides protection from dormant hackers that tend to latch on to devices.
Certain misconceptions regarding the Zero Trust architecture have hampered its implementation. These are:
Expensive model – The Zero Trust architecture is a scalable model which is usually implemented by augmenting the existing network and adding segmentation gateways and granular policies based on users, application and data types. It does not need a costly, time- consuming, and disruptive technical overhaul. For advance feature enablement, a minimal investment in new systems may be required. Overall, it is a simple and cost-effective security model.
Needed only at endpoint – Zero Trust makes the entire network secure by effectively enforcing security across it, not just at end points. It is present at all important junctures and ensures secure flow of data.
Cannot be adapted on public cloud – Zero Trust can be created for your company’s data and workload on public cloud as well. The company needs to re-create the systems it has for its onground security on cloud as well. It can insert a Virtual Segmentation Gateway into the virtualization stack of the public cloud service and then apply Zero Trust rules to segment the traffic based on users, applications, or data types.
Zero Trust does not follow the traditional approach of only securing the perimeter of the company’s data centers. The technologies that follow the old method are unable to spot and contain the damage if a hacker manages to penetrate the firewalls and enter the system. Moreover, the underlying assumption is that a company’s data centers exist in isolation. On the other hand, today, most applications are present in the cloud with users – employees, partners, customers – accessing applications from a range of devices from multiple locations and even (potentially) from around the globe.
Zero Trust is cost-effective and easy to use. Amid fast-paced technological development as hacks become more advanced and malicious, the notion of trust needs to be examined when it comes to accessing data. This architecture not only identifies the weaknesses but specifies the exact gaps in current security models at the very root level and plugs them there itself.
Zero Trust is in fact an efficient and enhanced security model relevant in the current times.