Zero Trust Explained: What It Is and How It Can Benefit Your Company
Never trust, always verify.
In the digital world, security is a top priority. The internet is riddled with hackers, phishers, and other cybercriminals who are always looking for ways to steal data and money and eventually disrupt businesses. The zero trust technology is a way of securing an organization’s network.
Read on to find more about this security model, its principles, benefits, and how zero trust implementation can help you remain a step ahead of malicious actors.
What Is Zero Trust Security?
Zero Trust is a security model based on the notion that organizations should not trust anyone or any device, system, or workload by default, neither inside nor outside the organization’s security perimeter, and thus, they must verify every single connection before allowing access to their network.
The zero trust security model runs on the belief that one should “never trust and always verify” which means that applications and data can only be accessed by authenticated and authorized users and devices. This contrasts with traditional approaches to network security, which assume that all users inside the organization are trustworthy and any outside users are untrusted.
The key idea behind the zero trust security framework is to make it more difficult for attackers to move laterally through a network by limiting their access rights as they move from one subnet to another. Context (e.g., user identity and location, endpoint security posture, app or service being requested) is used to establish trust, with policy checks at each stage.
What Are the Zero Trust Security Principles?
Much better understood as a security framework, zero trust security embodies many principles that indicate its functionality. Here they are:
Never Trust, Always Verify
The zero trust model encompasses the “never trust, always verify” notion which means that no activity or user is intrinsically trusted as every access request should come with a form of authentication in order to be approved.
Monitoring and Verification Are Ongoing
Since the zero trust model concept is based upon the so-called “never trust, always verify” notion, the verification for users and machines identity and privileges is a continuous process of monitoring and validating of who or what has what access, and of user behavior, changes in the network or different data alterations or movement.
Zero trust encompasses a nowadays bigger range of data, risk principles, and dynamic risk-based policies to give a solid foundation for access decisions and ongoing monitoring as it has evolved to a much more nuanced strategy.
Zero Trust Based on the Principle of Least Privilege
The zero trust security framework relies upon a very well-known principle, known as the principle of least privilege or briefly POLP. This concept makes sure that the attack surface is restricted because users are given only the necessary access to complete a specific task and nothing else beyond. To put it simply, an HR employee will not have access to the DevSecOps database for instance.
The control over access is extended to devices too, as zero trust systems must keep track of how many distinct devices are attempting to connect to their network, check their validity, and assess their status in order to establish these do not pose a risk to the network.
A Network That Is Zero Trusted
The zero trust network principle involves discovering your valuable assets and implementing microsegmentation. Through microsegmentation, the network perimeter is divided into small zones called subnets, a good method to implement separate access to different network areas. This successfully prevents a very threatening security issue which is lateral movement of infiltrated malicious actors across the network and it also works on limiting data breaches. An attacker cannot move across the network’s microsegments since zero trust access is segmented and must be re-established on a regular basis.
Security for Workloads
This is another principle of zero trust that says that workloads, especially cloud-based ones, should be properly secured as they serve as potential targets to malicious actors.
Zero Trust Data
The goal of zero trust is to keep data safe while it moves between desktops, mobile devices, application servers, databases, SaaS services, and so on. Thus, data usage controls are put in place once access is granted.
Another essential principle of the zero trust security is multi-factor authentication. Multi-factor authentication is a way to protect your account by requiring more than one form of identification. For example, you may need to enter your password and a code from an app on your phone.
Why Is Zero Trust Security Important? Benefits of the Zero-Trust Model
The benefits of the security model called zero trust include:
Improved Business Security and Reduced Attack Surface
The zero-trust model has been shown to improve security by eliminating potential vulnerabilities in the network. With zero trust implementation, all applications and services are blocked to establish communication before they are verified. Since a zero-trust strategy performs ongoing monitoring, business security is improved and the attack surface is reduced.
It also supports a lower risk of data breaches, since every authentication is checked to see if it’s trustworthy. This means fewer chances for a hacker to perform data exfiltration.
Besides, zero trust contributes to a clean cybersecurity posture by limiting the risk and detecting much faster malicious attempts like phishing emails, credentials theft, or abuse of privileged accounts like keylogger installation by means of privilege escalation attempts.
The cybersecurity expert Joseph Shenouda also supports the idea that what mainly zero trust security does is to reduce the attack surface:
Using Zero Trust results in users connecting directly to the apps and resources they need. Thus, you’ve eliminated the need to connect to whole networks and the possibility of lateral movement. Your attack surface is effectively reduced.
It Facilitates Control Over Cloud and Container Environments
When implementing a zero-trust security model, security policies are enabled in accordance with the workloads’ identities. This means that potential at-risk assets will not be impacted by ports, protocols, or IP addresses, since security is strictly correlated with the workload itself, this points out the fact that it will not be impacted if the environment suffers modifications.
Since zero trust means fewer data breaches, this also reduces costs as well as the number of necessary security updates.
Faster Response Times Due to Continuous Monitoring
The zero trust model has been shown to improve response times by minimizing the time it takes for detection and containment when there are breaches. Zero trust features a continuous strategy of monitoring and validation, thus facilitating a timely response to signs of compromise.
Helps Your Business Meet Compliance
With zero trust, no user or workload internet connections face the risk of exposure to malicious hackers which also triggers another benefit of the zero-trust model: meeting compliance and helping you provide a spotless audit trail.
It Enhances Visibility into the Network Perimeter
With zero trust you achieve a holistic view into your users, devices, components, and workloads throughout your whole ecosystem.
How Does Zero-Trust Work?
The zero trust security model works by using a combination of technologies like identity protection, risk-based multi-factor authentication, reliable cloud workload technology together with next-gen endpoint security to perform a check on the identity of the user. Zero trust functions on the notion “never trust, always verify”, thus operating on the assumption that every connection and endpoint is a potential danger and employing access policies based on context. The context might mean, as mentioned above, the role and the location of the user, or what data they need access to, thus facilitating visibility and control across the traffic and users in the specific environment.
Every connection, for instance, when a user connects to an application or software to a data set via an application programming interface, is verified and authorized by a zero trust security architecture. The communication between the two should be on the same page with the organization’s enforced security policies.
Traditional Security Architecture vs. Zero Trust Architecture
The difference between traditional security architecture and zero trust architecture is quite straightforward. The first says “trust, but verify”, the second “never trust, always verify”, basically not even giving the benefit of the doubt to users and devices. To put it simply, traditional security assumes that anything within the perimeter could be trusted relying on firewalls to block what comes from outside, therefore insider users and resources were given access by default, while the focus stayed on the risk posed by “anything” outside the perimeter. Zero trust security is quite the opposite, nothing is trusted until verification, be it an insider or an outsider.
The traditional security architecture is often referred to as the perimeter model after the castle-with-moat approach encountered in physical security. Through this model, protection is given by building multiple lines of defenses that attackers must go past before eventually gaining access, while possible insider threats are not taken into account. The traditional network security architecture divides networks into zones within one or more firewalls. In this case, each zone is assigned a certain level of trust, that decides which network resources are allowed to reach. Through this model, high-risk resources (like web servers connected to the public internet) are put into an exclusion zone (oftentimes known as “DMZ” or “demilitarized zone”). Here, traffic can be closely monitored and controlled. Below you can see a representation of standard security architecture:
Source: Traditional network security architecture, Zero Trust Networks by Doug Barth, Evan Gilman
By contrast, this is what a Zero Trust network would look like:
Source: Traditional network security architecture, Zero Trust Networks by Doug Barth, Evan Gilman
Here, the supporting system is called the control plane, and every other component is referred to as the data plane, which is being coordinated and configured by the control plane. The latter allows requests for access to restricted resources only from authenticated and authorized devices and users. At this layer, fine-grained policies based on “role in the organization, time of day, or type of device” can be applied. Furthermore, accessing even more secure resources can require stronger authentication. As soon as the control plane has granted access to a request, the data plane will be configured to accept traffic from that client only. The main idea here is that even though some compromises in regards to the strength of these measures can be made, a third party is given permission to authenticate based on a variety of inputs.
Zero Trust History Background
The “zero trust” concept was coined in 2010 by John Kindervag, a former Forrester analyst. Its architecture allows companies to map out both external and internal security threats and maximize the chances of timely mitigation.
Many of the concepts articulated in zero trust networking, on the other hand, may be traced back to a far earlier idea termed de-perimeterization, which was proposed by the Jericho Forum in 2004. De-perimeterization is a cybersec strategy that promotes a segmented and multi-layered security system that relies upon authentication and encryption instead of the traditional protection that separates a network from the internet.
Zero Trust Best Practices
If you wonder what’s the best approach to zero trust security, here are some best practices that might help you:
#1. Know Your Architecture
The first and most important thing you should do is create an inventory of your assets and know everything about every single component of your architecture, including your users, their devices, and the data they are accessing. Moreover, before transitioning to a Zero Trust architecture, you need to take into account all your existing services since they may not have been designed for the Zero Trust scenario and therefore may be unsafe in front of potential attackers.
#2. Create a Single Strong User Identity
Your organization should use a single user directory and know which accounts are connected to which individuals. For granular access control, you should be creating specific roles for each user. This way, in case of an attack, it’s crucial for you to understand exactly which user is responsible, what they are trying to access, and if they do have the necessary permissions to access certain data.
#3. Create a Strong Device Identity
Besides users and accounts, every device owned by your organization should be uniquely identifiable in a single device directory. Furthermore, zero trust systems have to monitor what devices are trying to access their network and make sure that every single one of them is authorized. This practice will further minimize the attack surface of your network.
#4. Authenticate Everywhere
In your zero trust architecture, all connections should require authentication. At the same time, authentication should be stronger than just a username and password. Multi-factor (or two-factor) authentication is considered to be a core value of Zero Trust. So, besides entering a password, users should be able to provide additional proof that they are who they claim to be, for instance, through submitting a code received on their mobile device as evidence.
#5. Know the Health of Your Devices and Services
To be able to know the health of your devices and services in real-time is crucial. You should be asking yourself different questions, such as: Are the latest operating system updates installed? Are the latest software patches applied? Do I have a complete overview of my environment available at all times? Your systems need to be kept up-to-date with the latest patches and you should be able to determine the version and patch level of the services you are using. For instance, a tool like Heimdal Patch & Asset Management can help you automate both Windows and 3rd party software updates.
#6. Focus Your Monitoring on Devices and Services
Given that devices and services are more exposed to network attacks than in traditional architectures it’s important that comprehensive monitoring for attacks is carried out.
#7. Set Policies According to the Value of Services or Data
The access policies you set up define the power of your zero trust architecture. This means that your policies should be defined in accordance with the value of the data accessed or taken action. For instance, actions such as creating new admin roles should require a stricter policy than low-impact operations, like checking out the lunch menu, NCSS is saying.
#8. Control Access to Your Services and Data
You should not be granting your users access to a service unless the request is authorized against a policy. What’s more, always make sure your transmitted data is protected with encryption.
#9. Don’t Trust the Network, Including the Local Network
In order to remove trust from the network, you need to build trust in the devices and services. Do not automatically trust any network between the device and the service it is trying to access, including your local network. Devices should be configured to prevent DNS spoofing, Man in the Middle attacks, unsolicited inbound connections, etc.
#10. Choose Services Designed for Zero Trust
Last but not least, always opt for services specifically designed to support Zero Trust. Keep in mind that legacy services may require additional components to enable Zero Trust, so always make sure you have the resources to handle this.
Heimdal™ Privileged Access Management
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
How to Implement Zero-Trust in Your Organization. Get Started with Heimdal™
Following the last recommended best practice, we want to let you know that we have a product that facilitates zero-trust implementation effortlessly: it’s called Privileged Access Management and supports a zero-trust function.
PAM is an automated tool that permits you to escalate and deescalate user rights, giving you full control and protection over privileged permissions within your organization.
In the Privileges & App Control – Privileged Access Management view, you can find the Zero – Trust Execution Protection display that includes many details like the processes (non-signed executable files) that the zero trust execution protection engine intercepted with data on Hostname, Username, Process Name, MD5 Hash, Timestamp, and Status.
The Zero trust execution process within the Heimdal Privileged and Access Management allows you to safeguard your environment from zero-hour threats (it can be enabled/disabled from the Endpoint Detection -> Next-Gen Antivirus module as well as the Privileges & App Control -> Application Control module).
What is a zero-hour threat? A zero-hour threat is any type of cyber attack that can happen at any time. It is often used to describe advanced persistent threats. These types of attacks are typically undetected and the victim may not know they are under attack until it is too late.
Zero Trust is quite a new approach to network security and at the same time, it’s also part of a broader philosophy, which implies that you must not automatically trust your network. Instead, you should first think that any connection can potentially be malicious, and only after you’ve verified it, you can be confident that you can trust it. So, consider redesigning and rebuilding your security strategy based on the Zero Trust concept to reduce the chances of breaches and strengthen your defenses.
This article was initially written by Bianca Soare in 2019 and updated by Andra Andrioaie in 2022.