July 14, 2022
What is a Zero-Trust Security Model?
Traditional computer security models ensure that people without the proper authorization cannot access an organization’s network. However, a single set of compromised login credentials can lead to a breach of the entire network.
A Zero-Trust Security Model goes some way to solving this problem by requiring users to continually verify their identity, even if they’re already inside the secure digital perimeter. This approach restricts users to the minimum amount of information necessary to do their job. In the event of a breach, hackers will find it difficult or impossible to move laterally through a network and gain access to more information.
A Zero-Trust Security Model doesn’t mean that you don’t trust the people you’re sharing data with. Instead, a zero-trust security model implements checkpoints throughout a system so you can be confident that your trust in each user is justified.
What is a Zero-Trust Security Model?
Imagine for a moment that a computer network is like a country. In a traditional security model, the country would have border checkpoints around its perimeter. Employees who presented the correct login info would be allowed to enter, and bad actors trying to gain access would be kept outside.
While this is a good idea in theory, in practice, problems emerge. For example, bad actors who breached the perimeter would get much or all of the information inside the network. Likewise, employees who are past the first barrier may gain access to documents or other information that they shouldn’t see.
These problems with the traditional model of cybersecurity drove the U.S. Department of Defense to adopt a new strategy in the early 2000s. Those responsible for network security treated their systems as though they had already been breached, and then asked the question: “Given that the system has been breached, how do we limit the collateral damage?”
To meet that objective, they developed an approach that required users, consisting of both humans and machines, to continually prove that they were allowed to be present every time they attempted to access a new resource. To return to our metaphor from earlier, employees would have to show ID at the country’s border, and show ID every time they tried to access a new building, which in this example represents resources within the system. This approach meant that bad actors would find it harder to move through the system with a single breach, and also made it easy to restrict employees to the appropriate areas in the network based on their security clearance.
Zero-Trust Security Comes of Age
The external and internal benefits of a Zero-Trust Security Model quickly became clear to the private sector, too. While many businesses adapted the system for their own use, or offered it as a service to others, it wasn’t until August 2020 that the National Institute of Standards and Technology (NIST) released the first formal specification for Zero-Trust Security Model implementation.
NIST Special Publication 800-207 details how to implement a Zero-Trust Architecture (ZTA) in a system. The Seven Tenets of Zero Trust form the core of this approach.
- All data sources and computing services are resources
- All communication is secured regardless of network location
- Access to individual enterprise resources is granted on a per-session basis
- Access to resources is determined by a dynamic policy
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed
- The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses that information to improve its security posture
Of these seven tenets, two especially speak to what’s different between ZTA and more traditional approaches. Session-based access (#3) means that access permissions are reevaluated each time a new resource is accessed, or if sufficient time has passed between access requests to the same resource. This approach reduces the potential for bad actors to exploit lost devices or gain access through an unattended workstation.
Dynamic policy controls (#6) look beyond user credentials, such as a username and password. For example, a dynamic policy may also consider other factors such as the type of device, what network it is on, and possibly previous activity on the network to determine if the request is legitimate. This kind of observation improves detection of external malicious actors, even when the correct login credentials are provided.
Access control is run through a Policy Decision Point. The Policy Decision Point is composed of a Policy Engine, which holds the rules for granting access, and the Policy Administrator, which carries out the allowance or disallowance of access to resources when a request is made.
Benefits of Zero-Trust Security
Many powerful benefits emerge when a system is set up to align with ZTA standards. Arguably, the most important of these is the compartmentalization of system resources. When resources are compartmentalized, hackers who gain access to one area of your network won’t gain access to other resources. For example, a breached email account wouldn’t give the hacker access to your project documentation or financial systems.
Compartmentalization also holds benefits for managing your employees. With a compartmentalized system, you won’t have to and shouldn’t give your employees access to more resources than they need to do their jobs. This approach reduces the risk of the employee intentionally or accidentally viewing sensitive information. Compartmentalization also minimizes the damage done by leaks, as employees generally won’t have access to documentation beyond their immediate needs.
Because a core policy of ZTA is the continuous collection of data about how each user behaves on the network, it becomes far easier to spot breaches. In many cases, organizations with ZTA systems detect breaches not because of failed authentication but rather because a feature of the access request, such as location, time, or type of resource requested, differs from regular operation and is flagged by the Policy Decision Point. For example, a request for a resource from Utah to a server for a company based in Virginia would raise flags, even if a bad actor provided a valid username and password.
Zero-Trust Security Model Integration
While Zero-Trust Security Models hold many benefits for many companies, it’s essential to acknowledge that it’s not a “plug-and-play” system. The approach differs significantly from traditional security practices. Most companies will need a total overhaul of their network to apply it. That can be a disruptive process and will likely lower productivity in the short term as new systems are implemented, and employees adapt to the new policies.
That doesn’t make moving to a Zero-Trust system the wrong choice, but it does mean that the transition has some tradeoffs. However, if you’re looking for the absolute best industry standard for security, Zero-Trust is the way to go.
If you’re contemplating increasing your security, you need to know exactly what data you’ll be securing. Mage data helps organizations find and catalog their data, including highlighting Personally Identifiable Information, which you’d want to provide an extra layer of security to in a Zero-Trust system. Schedule a demo today to see what Mage can do to help your organization better secure its data.