Zero Access Trust – The Vulnerability of Trust
The year 2020 came to a close with the devastating SolarWinds Supply chain breach, affecting 18,000 of SolarWind’s customers. These attacks affected critical infrastructure, government entities and a wide range of private industry organizations. With the size and scale of this compromise the IT industry is seeing a shift in threat tactics and a push for techniques that can affectively defend against unknown risks and vulnerabilities. With the currently accepted model of perimeter security no longer cutting it, how can your network maintain integrity from the inside-out?
What is Zero Trust Access?
Zero Trust Access is the idea that trust is a vulnerability. It offers a means to maintain integrity and to enforce restrictions within a network to ensure security.
With Zero Trust, an enterprise network can regulate, manage, or halt internal traffic—granting access only when it’s necessary and narrowing down crucial protection surfaces that require higher levels of security, thus, saving itself from the inherent idea that everyone inside the network belongs there.
To Trust or Not to Trust
Zero Trust access comes down to restricting data flow and user access. Using micro-segmentation to create more granular perimeter enforcement on users, their locations and other data would determine the trust of the user application or machines seeking access. Having internal networks segmented into smaller surfaces and applying strict user and application access to those surfaces decreases the attack surface.
There is no one standard for Zero Trust, so several methods of applying network access and restrictions can be established. Starting from initial access to a network, either from a switch on the LAN to VPN access from outside the network, checks such as Network Access Controls (NAC) and Multi-Factor Authentication (MFA) allow for authorized access only, better monitoring of access and can reduce and deter unwanted access to a network.
How to Design a Zero Trust Model
But once inside, what is stopping someone from going where they please? When designing a Zero Trust model it’s important to define the “protection surface”. This includes the most critical and valuable data, assets, applications and services that require strict access and monitoring. Defining these surfaces and implementing a zero trust around them will clearly define where access should be narrow and limited. And once defined, segmentation of these surfaces coupled with either Software Defined Perimeter (SDP) or Identity-Aware Proxies (IAP) or other access authentication methods will provide monitoring and control of the data flow and user access.
The notion of zero trust does put a burden on the user. As a result, users—either employees or third parties—may feel extra stress and frustration as their access changes and management of that access is limited to what is necessary. However, with those frustrations and changes come a safer environment for your data, assets, and the users themselves. With trust being considered a vulnerability, it’s necessary to place a burden somewhere other than on the data and integrity of the network itself.
The cyber world is ever evolving and threat actors always seem to be one step ahead of the defenses we rely on. When the trust of an industry is shaken on such a large scale from incidents such as the SolarWinds supply chain attack, it’s important to discuss bold new initiatives in design and defense. Zero Trust Access is one of those initiatives, taking security beyond just border security and to a realm of better protection from the inside out.