Zero Trust: Security Model for A Fluid Perimeter
By Debanjali Ghosh, Technical Evangelist, ManageEngine
The concept of a network being fully enclosed within a building, and therefore easier to defend is gone. Recent trends in cloud computing, BYOD, IoT and remote work have forced organizations to rapidly adjust their security strategies to accommodate the new threat landscape. External attacks and malicious insider threats emerge one after another, and traditional security perimeters fail to fulfil the urgent need for comprehensive network security.
With remote work comes a string of considerations that require security professionals to change their approach towards perimeter-based security models. Everyone within the corporate perimeter is trusted by default in a castle-and-moat approach. Therefore, once the attacker gains access to the network, they are free to move around, initiate ransomware attacks, and exfiltrate sensitive data onto their systems. This is where Zero Trust emerges. The Zero Trust security model considers all resources with suspicion, irrespective of the location. All inbound traffic and entities undergo strict authentication before access is granted. In a Zero Trust security model, the fundamental basis of “trust” is based on fine-grained access control and contextual authentication.
NIST, the National Institute of Standards and Technology, is among the most widely recognized federal agencies for cybersecurity guidance. NIST’s Special Publication 800-57 provides organizations with a detailed blueprint for implementing Zero Trust architecture to tackle organizational security risks. Zero Trust is a journey involving assessing, planning, and constructing the new generation network security architecture gradually. This whitepaper provides an overview of the fundamentals of Zero Trust and the components of migration methodology. Furthermore, it discusses the deployment scenarios of Zero Trust in detail, where risk-based adaptive authentication and policy-driven algorithm optimizations are crucial constituents to reduce implicit trust zones.
What is causing the perimeter to vanish?
As the organizational network expands, the number of devices located outside its perimeter increases. Organizations are increasingly migrating to the cloud and adopting software-as-a-service (SaaS) products for business continuity, cost efficiencies and digital transformation initiatives, making it extremely difficult to manage endpoint security and monitor all user activity. The network perimeter protected the on-premise data centers and corporate resources, which are now easily accessible through unmonitored private networks. Hybrid data models where data is stored on-premises partially and partially on the cloud make it difficult to enforce access controls around the network boundary. The rise in the number of IoT devices has resulted in poor security management.
Challenges associated with perimeter-based security models
- The insider risk: When an insider is planning a malicious activity, there isn’t any need for intruding on the trusted network. The traditional perimeter-based model is not sufficient to deal with this type of risk. Insider threats are difficult to defend as they have an added advantage of being familiar with the organization’s security structure. The level of visibility and granularity required to mitigate insider threats cannot be fulfilled through traditional methods.
- Policy gaps: Certain business-critical data gets stored in two different systems using different levels of access policies, and such instances often get unnoticed by security teams. External attackers exploit these gaps between different policies or enforcement that apply to the same asset. They leverage outdated policies or flawed authentication methods to break the perimeter.
- Vulnerable Endpoints: Vulnerable endpoints or software that contain security flaws can be exploited by attackers. Endpoints should be monitored and updated regularly. Every device connected to a private network can be a potential threat surface for attackers to execute code and exploit vulnerabilities. These threat surfaces are sometimes used to gain access to business-critical resources or hold hostage and steal sensitive information. This can be a security nightmare for the enterprise.
- Dynamic Workloads: Most workloads are now either deployed on virtual machines or container models, or cloud platforms. Hybrid cloud models allow workloads to be on either side of the network boundary while allowing them to move around dynamically between on-premise and cloud data centers. In such cases, obtaining visibility over workloads and creating relevant access policies with the traditional network perimeter model can be challenging.
The solution is Zero Trust
Organizations worldwide are embracing digital transformation to ensure business continuity, and most times, security is neglected. Cybercrime is now highly organized, and bad actors are sophisticated enough to deploy APTs and move laterally within an organization’s network. Traditional approaches are failing to protect organizations in the new normal of remote work and industry-wide cloud adoption. Securing modern enterprises from today’s threat landscape, which aligns with the cloud environment, requires a shared responsibility model.
A Zero Trust model can fulfil this cybersecurity need by deploying security controls that assume that the network is already compromised. Legacy’ network perimeter security and visibility solutions that keep attackers out are no longer practical or robust enough. The concept of implicit trust is no longer effective while depending on basic IAM solutions, is no longer practical. Zero Trust employs the least-privilege principle and strong authentication methods to enforce access controls and enhance the network’s granular visibility.
A well-executed Zero Trust strategy is based on the principle of access, limit and monitoring. By enabling organizations to precisely manage identities and monitor user activity, especially those with elevated privileges, Zero Trust can act as the overarching system of organization’s security framework.
With IoT devices eavesdropping and Wi-Fi router not being configured to WPA-2 , remote workforce brings significant cyber risks. Productivity and security of employees working remotely can no longer be ensured — or controlled. Enterprise-owned devices are traditionally managed, patched, and kept up to date with security tools and policies. Even if Zero Trust security can’t force employees working at home to maintain basic cyber-hygiene, it can prevent a security breach because it fundamentally enforces access controls at every segment within the network.
The only solution to this complex cyber threat landscape is the new-generation Zero Trust security framework, which offers granular visibility and continuous monitoring of the network. Moreover, it establishes trust that is dynamic and contextual risk-based, and grants access requests only if certain access policy parameters are met.
Gartner’s CARTA takes Zero Trust further by introducing continuous adaptation beyond the basic allow or deny models to provide contextually relevant access. With context as king, CARTA’s additional security measures reduce breach risk and improve containment if a hacker gains access to the network.
The continuous improvement of Zero Trust in theory and practice has gone beyond micro-segmentation, software-defined perimeter, and evolved into adaptive identity-based security solutions.
Steps to building a Zero Trust for a perimeter-based network
For an organization looking to deploy Zero Trust, a survey of assets, subjects, data flows, and workflows is a good place to start. This will provide enterprises with detailed information on the current state of assets before introducing any new business processes. The implementation of ZTA can be broken down into several steps:
Identify enterprise subjects: The policy engine must possess knowledge regarding all enterprise subjects, especially privileged users. The architecture is built in an inclusive way to provide IT administrators the flexibility to perform business-critical tasks.
Identify enterprise-owned assets: The key component of ZTA requires identifying and monitoring both enterprise-owned and non-enterprise-owned devices on the enterprise network. Hardware components, virtual assets and BYOD assets are continuously logged and monitored to ensure that the policy engine has detailed information while making resource access decisions.
Identify key processes: The enterprise identifies and ranks business processes as perceived by their importance. Low-risk business processes are transitioned during the initial migration, whereas mission-critical processes are migrated later. In a perimeter-based architecture, it is often difficult to make enterprise resources available to remote employees. In such cases, transitioning cloud-based resources to Zero Trust architecture benefits remote employees in availability and security. The policy enforcement points ensure that all subject requests follow access policies to gain access to resources.
Creating policies for the Zero Trust environment: The enterprise identifies the value of subjects, workflows, and business processes based on the risk associated with them. After this point, the IT administrators determine which trust algorithm variation can be followed to ensure that all enterprise policies are extensive and effective.
Identify solutions: The enterprise architects decide on the deployment model and the solution components based on key business processes and their valuation.
Initial deployment and monitoring: During the initial deployment, the Zero Trust model can operate in reporting-only mode to ensure that the key process and their related policies are operative and comprehensive. In this mode, access is granted for most requests, and these sessions are logged and continuously monitored to detect baseline patterns for the workflows. With a substantial understanding of the baseline behavior of every asset and subject of the enterprise, it is easier for security teams to spot an anomaly and prevent attacks.
Expanding the Zero Trust architecture: Once the enterprise enters a steady operational phase, it can expand the architecture by including new devices, changes in network infrastructure and replacement of legacy systems. However, the network, its subjects, and assets are still monitored, and policies are refined to improve the model’s efficiency.
Shortcomings of the Zero Trust security model
Eliminating cybersecurity risk entirely is a far-fetched expectation. Although enterprises can reduce the overall risk of cyberattacks by properly implementing and continuously monitoring the Zero Trust security model, the architecture is prone to challenges, and organizations need to learn to overcome them. While customizing the Zero Trust architecture in a piecemeal approach, legacy solutions can create policy gaps that bad actors use as loopholes to control the network.
Cybersecurity professionals must be extensively trained to configure and monitor the policy engine and policy administrator properly because these components are responsible for making access-related decisions. Any changes in these components’ configuration must be logged and audited to ensure that the decision-making process is flawless. Enterprise resources cannot interact with each other without the policy administrator’s approval. DoS attacks often block the communication path or traffic to policy enforcement points from many users to disrupt the enterprise operations.
Enterprises that have security analytics to monitor and analyze the network traffic store the metadata for forensics and build contextual policies. This data becomes a target for attackers as gaining insights into the enterprise architecture can be a great advantage for further attacks. Zero Trust architecture is heavily dependent on artificial intelligence and other software-based agents to improve the enterprise’s security posture. However, authenticating these components is an underlying issue. An attacker could gain access to a software agent’s credentials and launch a botnet attack to infect other systems.
In the current scenario, Zero Trust is the most comprehensive approach to complement the perimeter-based security architecture. The key principle of Zero Trust is based on the concept that no user, device or application/services will be trusted by default, irrespective of its location. This technology is expected to have widespread adoption in the current year as it accommodates the security principles required to combat the increasing number of sophisticated attacks. All network-related entities must be contextually authenticated on a continual basis to ensure that all diversions in their behavioral patterns are spotted before a breach happens. Zero Trust fulfills the demands of a unified remote working experience through hyper-converged technology and infrastructure. Looking past a pandemic-forced remote work towards a hybrid workplace, the “built-in security” Zero Trust is a must-have project in 2022.
About the Author
Debanjali Ghosh, a technical evangelist at ManageEngine, helps IT leaders and global enterprises to take on the evolving cybersecurity challenges. She is a sought speaker on the key IAM and cybersecurity trends in international platforms. Her research studies on the topics of Zero Trust, advanced authentication, and building an enterprise-grade cybersecurity framework have received much acclaim internationally. Her insight and advice on leveraging the latest technology for better IAM and cybersecurity have helped many Fortune 500 companies.
Debanjali can be reached online at (debanjali@manageengine.com,etc..) and at our company website (www.manageengine.com)
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.