Network security is evolving and constantly being challenged by new technology, cybersecurity threats, and the world in general.
The pandemic has pushed many businesses to move from a cybersecurity approach focused on securing the perimeter to one called a zero-trust model. A zero trust model is a strategic means of securing an infrastructure.
Below are some of the important things to know about the zero trust model, how it works, and also the pros and cons.
What is Zero Trust Security?
The idea of zero-trust security dates back to 2010 when it was developed by John Kindervag. It’s also called zero-trust network architecture. It opposes the traditional idea of perimeter-based security because all traffic is viewed and treated as a possible threat.
Perimeter-based security strategies were designed and implemented with the idea of operating on-premises. The network would have a defense shell that would protect internal resources.
Now, with cloud-based infrastructures, the proliferation of web applications, and also dispersed work environments, an on-premises-driven security approach isn’t cutting it.
The current climate served as a motivator for both large and small businesses to adopt something closer to a zero-trust model, according to a Forrester report.
The report found that companies were looking at the zero-trust approach as a way to support their security practices when they had remote workers. With the adoption of this type of security model, companies were able to speedup their cloud transformations without making security sacrifices.
The pandemic opened a new potential attack surface for cybercriminals. More than half of the companies in the Forrester survey experienced data breaches. Companies have widely reported an increase in phishing attempts, and ransomware affected nearly 30% of Forrester survey respondents.
The sudden shift to remote work during the pandemic required a cloud transformation, but at the time, existing IT practices made it difficult to support the productivity of employees without having to compromise on security. Thus, the shift to zero trust.
Around 82% of survey respondents said they were committed to moving to zero-trust security architecture, but nearly 80% said their biggest challenge was identity and access management (IAM).
Why the Cloud and Zero Trust Work Well Together
Data is stored in the cloud, and applications are similarly cloud-hosted. So many organizations are moving their resources to cloud-based infrastructures.
When zero trust is used, it verifies and authenticates each user. There is ongoing monitoring and limiting of network traffic, and authentication is layered to secure credentials. IT teams can use segmentation to provide access to resources.
The underlying principle of zero trust is that you never trust, and you always verify.
The goal is the prevention of lateral movement through the leveraging of network segmentation, as well as highly granular access control.
This is all in contrast to the perimeter model of security, which works on the premise that everything within the network should be inherently trusted. The perimeter model assumes that no user’s identities are compromised and that all users will behave appropriately.
Zero trust assumes trust equates to a potential vulnerability.
Once a bad actor was able to access the network in a traditional perimeter model, they could move laterally within it.
Typically, the infiltration point is not the location actually being targeted.
Implementing Zero Trust
In a zero trust model, you start usually by identifying a protect surface. This contains the most critical assets, data, applications and services that are part of a network. This is much smaller than the attack surface.
Then, from there, you can start to see how traffic moves across an organization relative to the protect surface. This gives insight into who the users are and what applications they’re using, as well as how they’re connecting to the network. You have to understand the chain of interconnectivity so that you can start to develop a microperimeter.
What Are the Pros of Zero Trust?
Strengths of the increasingly popular zero trust model include:
- A zero trust model means a network and an organization are less vulnerable, especially from lateral threats that come from within the network.
- A zero trust model requires strong user management, so there are more secure accounts. They often use multi-factor authentication or even biometrics.
- Data is segmented so that there’s not only more security, but better analytics.
- The potential attack surface is decreased.
- There’s improved monitoring so that an organization can detect threats faster and respond to them in a more timely way.
What About the Challenges?
While zero trust does seem to be the way of the future, that doesn’t mean it isn’t without some downsides.
Potentially challenges of zero trust include:
- It takes quite a bit of time and resources to set up a zero-trust security model. Sometimes organizations find that it’s easier for them to create a new network and start fresh than to try and transition. If you have legacy systems that aren’t compatible with zero trust, you might not have another option.
- You’re going to have to rethink your user controls and how you give access to not only employees but also potential customers and vendors as well. You need a specific policy for each group of users.
- Along with grouping users, you also have to give consideration to the devices being utilized. Every device is going to have its own requirements and properties. They’re going to have to be tracked and secured if you’re using the zero trust model.
- Another challenge is the number of applications that are probably being used across the organization.
Overall, the big takeaway is that it’s certainly not easy to use a zero-trust framework, but it’s probably the optimal option right now. If there’s already a transitional shift happening in an organization, such as a move to a hybrid workplace or you’re moving to cloud-based systems, it might be a good time to also start planning for zero-trust.
It gives wide coverage across broad threats, which is what’s needed right now.
The post Understanding the Pros and Cons of the Zero-Trust Model first appeared on Feedster.
No comments:
Post a Comment