Zero trust

Zero trust is a broad framework conceptualized in 2010 by John Kindervag, a principal analyst at Forrester Research. It aims to help organizations protect their most valuable assets by assuming that all external or internal connections and endpoints could become a threat. Making data and resources inaccessible by default is a core tenet of this security model.

A zero trust network logs and inspects corporate network traffic; verifies and secures network resources; and limits and controls access to the network. It employs least-privilege access to ensure users access resources and data on a limited basis and only under certain circumstances.

Zero trust security requires verifying and authorizing all connections, including human users attempting to connect to an application, and software programs using an API to access network resources. It involves checking if each interaction meets the requirements specified by the organization’s security policies. Zero trust security systems authenticate and authorize any device, connection, and network flow according to dynamic policies and the current security context.

Zero trust is one of the most effective ways for organizations to control access to their networks, applications, and data. 

The primary goal of the zero trust model is to enable organizations to authorize any user and any device as soon as they request network access. The system needs to have a clear understanding of who does what, why, and how. Combining this with least-privileged access allows organizations to closely monitor all network users and devices and their activities, which dramatically improves security.

A zero trust strategy divides networks by identities, groups, and functions, strictly controlling user access. This helps organizations contain breaches, minimize potential harm, and reduce the “blast radius” of successful breaches when they do occur. A key benefit of zero trust is that it limits an attacker’s ability to move laterally on the network.

A zero trust architecture is a key security measure that helps organizations manage the growing number of endpoints on their network, and securely scale their infrastructure to include cloud-based applications and services. Zero trust networks do not rely on a perimeter – they apply security principles equally to all users and devices, regardless of location.

When implemented properly, the zero trust model can provide an improved user experience compared to VPNs, which limit application usage, impact system performance, and require frequent updates and authentication. In many cases, zero trust systems use a combination of multi-factor authentication (MFA) and single sign-on (SSO) tools to reduce MFA fatigue and simplify the user experience.

Continuous verification

This process requires continuously verifying all assets and utilizing conditional access and policies to monitor and control all zones, devices, and credentials continuously. 

Risk-based conditional access ensures the workflow is interrupted only when risk levels change, achieving continual verification while maintaining a positive user experience. Continuous verification also requires using dynamic policies to cover certain risks even as conditions change and maintain compliance and IT requirements. 

Microsegmentation

Zero trust networks employ microsegmentation to break security perimeters into smaller zones. It enables maintaining separate access for different parts of the network. For example, a network containing files that live within one data center can use microsegmentation to break it into dozens of separate zones. A user or program with access to one zone cannot access the other zones without going through a separate authorization process.

Least privilege

Least-privilege access allows users only the access needed to perform their job to minimize each user’s exposure to the sensitive areas of a network. It involves careful management of user permissions. You should not use virtual private networks (VPNs) for least-privilege authorization because logging in to a VPN provides a user with access to the entire connected network.

Device access control

Zero trust requires setting strict controls not only on user privileges, but also on device access. Zero trust tools monitor the number of different devices trying to access the protected network to ensure each device is truly authorized, assessing all devices to ensure none of them have been compromised. The goal is to minimize the network’s attack surface.

Preventing lateral movement

Lateral movement occurs when a threat actor gains access to a network and can move within it. Tools and security analysts often struggle to detect lateral movement, even after discovering the threat actor’s entry point. Moving laterally means the threat actor has already moved on to compromise other network areas.

Zero trust helps contain threat actors and prevent them from moving laterally. Zero trust access is segmented and re-established periodically, ensuring threat actors cannot move to other micro-segments. After detecting the presence of a potential threat actor, a zero trust architecture enables quarantining the compromised device or user account, cutting the threat off from further access.

Zero trust network access (ZTNA) technology uses identity-based authentication to keep the network location (its IP address) hidden while providing access. ZTNA can adapt access to certain data or applications and specific conditions such as time, device, and location. 

ZTNA provides centralized control and flexibility to secure distributed IT environments. It helps organizations secure their environment and identify abnormal behavior, like attempted access to highly sensitive data or downloads of unusual amounts of data.

Complex infrastructure

The modern infrastructure consists of many proxies, servers, databases, Software as a Service (SaaS) solutions, and internal applications. Some of these operations run in the cloud, while others are kept on-premises. 

It can prove difficult to secure each segment of a hybrid network while meeting the needs of an on-premises and a cloud environment and protecting systems composed of legacy and new applications and hardware. All these factors can complicate a zero trust implementation.

Cumbersome tools

Building infrastructure to support a zero trust model in a modern organization requires implementing many different tools for microsegmentation, identity-aware proxies, and software-defined perimeter. Common tools include multi-factor authentication (MFA), intrusion prevention systems (IPS), device approval, and single sign-on (SSO).

These tools are often specific to operating systems, devices, and cloud providers. However, many organizations do not support only one set of devices. Rather, they run across multiple clouds and data centers, allowing usage of both Windows and Mac, with servers running multiple Windows Server versions or Linux distributions, supporting various network-connected devices.

Many vendors require their customers to buy redundant technologies to support all these environments. Additionally, some vendors focus on the network layer, adding unnecessary complexity instead of placing controls near applications and users.

Cost and effort

Implementing zero trust requires financial resources and time investment. Organizations need to determine how to segment their network and define access to roles for specific areas of the network. 

It also involves identifying the most effective ways to verify each user and device before allowing access. Hiring external or internal staff to perform this process can require significant funds, especially when implementation tools cannot easily integrate with the network.

Adjusting mindsets

Organizations trying to implement zero trust must involve their stakeholders and get them to promote this change to ensure teams plan, train, and implement the model properly. Since zero trust implementation affects almost everyone in an organization, all leaders must agree on this plan. Since many organizations are slow to implement such a change, the political aspect can significantly strain the project’s performance.

1. Define the protect surface

Today’s attack landscape is constantly changing. It is not realistic to attempt to eliminate it entirely. However, organizations can define the protect surface and work to defend it. A protect surface should consist of the most valuable critical data, applications, assets, and services (DAAS). After defining the protect surface, the organization can move security controls close to that surface to create a microperimeter with precise, understandable, and limited policy statements.

2. Map the transaction flows

Organizations must assess how their systems work when designing a network. The way in which traffic passes through the network, especially the data within a protected surface, determines how the organization should protect it. 

Organizations can learn how DAAS components interact with resources on the network by scanning and mapping all transaction flows inside it. Another technique for approximating flows involves documenting all information about how certain resources interact. This information offers valuable insights to prevent arbitrarily implementing controls.

Zero trust is a flow-based architecture that requires using flow maps to learn where to insert controls. There is no need to delay a zero trust implementation if the organization does not have all the information. Since it is an iterative process, organizations can begin with what they know and gather more information as they move through the steps. 

3. Architect a zero trust network

Organizations can completely customize their zero trust network rather than using a universal design. Ideally, organizations should construct the architecture around their protect surface. After defining the protect surface and mapping flows relative to business needs, the organization can start mapping a zero trust architecture. 

Every zero trust network requires a next-generation firewall, which serves as a segmentation gateway that creates a microperimeter around the organization’s protect surface. This segmentation gateway enables organizations to enforce more inspection layers and access control, including layer 7, for any entity attempting to access resources in the protect surface.

4. Create the zero trust policy

After architecting the network, organizations need to create zero trust policies. Ideally, organizations should use the Kipling method to allowlist the resources approved for access. Kipling, a 19th-century novelist, introduced the concept of ‘who, what, when, where, why, and how’ in a poem called ‘Six Serving Men.’ 

The Kipling method enables organizations to define the following aspects:

• Who is allowed to access a resource?
• What application should be used when accessing a certain resource in the protect surface?
• When can an approved entity access the resource?
• Where is the packet’s destination?
• Why is the packet attempting to access a certain resource in the protect surface?
• How can the packet access the protect surface through a certain application?

This level of granular policy enforcement enables organizations to be sure the network permits only known approved traffic and legitimate application communication.

5. Monitor and maintain the network

The final step in this process involves reviewing all internal and external logs in all layers, including layer 7, while focusing on the operational aspects of this security model. By inspecting and logging traffic, organizations can determine how to improve their zero trust network over time.

After completing this five-step method for implementing a zero trust network for the first protect surface, organizations can iteratively move other DAAS from their legacy network to the new zero trust network in a non-disruptive and cost-effective manner.

Solo.io’s Gloo Mesh and Gloo Gateway can help you secure your APIs by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive security. Encryption alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing security features forever.

Solo adds comprehensive security controls to your service mesh and API gateways, giving you the capabilities you need and confidence that your environment is as secure as possible.

Learn more about Zero Trust using Gloo Mesh / Gloo Gateway.