Developed by Forrester’s John Kindervag in 2010, this new approach to security and architecture design replaced the obsolete and inefficient perimeter based approach (Single Trust Boundary).
“Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.” Source CSO Online
Zero Trust Principles
- Never trust, always verify
- Network is always hostile
- Internal and external threats are always present
- Internal network is not sufficient to equal trusted
- Every device, user and network flow must be proven
- Access Control need to be strictly enforced
- Log and inspect all the traffic
Securing Your Network
Under zero trust all network traffic must be authenticated and encrypted.
For the majority of the cases, Simple TLS is not enough as it is a one-way only authentication, we should implement Mutual TLS, where both client and server verify each other.
As we assume that every device is outside the corporate network, they should be treated in isolation so that if they were hacked or compromised, this would limit the damage and avoid lateral movements.
Recommendations include using:
- Segment your network using Segmentation Gateways, which are just next generation FW but not necessarely placed at the perimeter
- Single authorised sources: Single sign-on (SSO)
- Multi Factor Authentication (MFA)
- Least Privilege Access
- Remove user admin privilege unless strictly required
- Log all activies by implementing automation and analytics
How to Implement Zero Trust
Below are the key steps required to re-engineer your network in order to implement a zero trust approach:
- Discovery: define the surface and the scope of your network.
- Map the permissable network flow and identify network segments.
Traffic based (netflow, network sniffers) or content based analysis - Implement new policies to enforce the acceptable traffic flow
- Continue Monitoring the perimeter and the inside of your network for anomalies and unexpected behaviours.
Where to Start?
The best way is to look for toxic data that needs to be protected and start designing a zero trust network around it.
Toxic data is that type of data that if compromised or stolen can cause serious damage to your organisation (e.g. personal data, healthcare data, intellectual property, credit cards ).
One of the first areas where zero trust has been implemeneted are PCI data and government sensitive data.
An Hybrid Model
As moving to zero trust is not a straight forward exercise and not all of your network might be suitable for it, the best way is to approach it gradually, starting, as mentioned, with toxic data segments and then upgrading the rest of your network according to your budget, timelines and business priorities.