What is Zero Trust Security?
Zero trust security helps organizations enforce policies and processes that authenticate, authorize, and continuously validate all users and devices. It is based on the notion that no user, device or application on the network should be trusted, even if it is within the organization’s security perimeter.
To implement zero trust security, organizations typically leverage a set of tools, including multi-factor authentication, granular access control, and endpoint security systems. Ideally, a zero-trust implementation should help organizations protect the network from advanced threats and improve compliance with standards like GDPR, FISMA, PCI, HIPAA, and CCPA.
In this article
Zero Trust Architecture Components
Zero trust is a comprehensive security model that can be used to secure the entire organization. At the heart of the model is data security. Data is an asset that is valuable to an attacker—this can include personally identifiable data (PII), protected health information (PHI), payment card information (PCI), or intellectual property (IP).
Beyond protecting data, zero trust security provides control measures for securing networks, workloads, and devices.
Zero Trust Data
The zero trust approach requires first protecting your data where it is stored, then setting up extra security layers.
Access to valuable data should be severely restricted, operating on the assumption that attackers can breach the security perimeter, leverage misconfigured controls, or compromise insider accounts. Control measures should be introduced to detect and respond to abnormal data access before a breach occurs.
Since data is the ultimate target of most attackers and insider threats, it is the heart of the zero trust framework. To protect data, companies must understand where sensitive data is located, how it can be accessed, and monitor data access to detect and respond to potential threats.
Zero Trust Networks
Under zero trust, attackers are assumed to have access to the network. Networks designed with a zero trust approach use technologies such as next-generation firewalls (NGFW) to segment, isolate, and limit access to the network, making it as difficult as possible for attackers to access sensitive data or critical systems.
Zero Trust Workloads
In a zero trust model, “workloads” are applications and backend software that are either directly used by customers or employees, or serve an important business function. Customer-facing applications or mission critical applications with known security vulnerabilities are a common attack vector. The organization must treat the entire stack, including storage, operating system, back end components like databases, and front end components, as vulnerable. Each layer of the stack must be protected with zero trust controls.
Zero Trust Devices
With the advent of the Internet of Things, there are many devices that may have access to company systems, including smartphones, sensors, smart building systems, connected cars, and smart consumer devices. Each of these connected devices represents an entry point that an attacker can use to break into the network. In a zero trust model, the security team must be able to isolate, protect and control all devices on your network, whether company owned or not.
How to Implement Zero Trust Security
Zero trust is a major shift for most organizations, compared to traditional security approaches. Here are three ways to start implementing a zero trust model in your organization.
Evaluate and Bolster Security Tools
In most cases, traditional network security tools are not compliant with the end-to-end zero trust architecture model.
Perform a security assessment of your security tools, and where you discover gaps, identify tools or technologies that can add another layer of protection. Fortunately, modern security tools integrate with each other and can share data to help cover for each other’s shortcomings.
Examples of tools commonly used to meet the requirements of the zero trust framework:
- Network micro-segmentation
- Single sign-on (SSO) for all applications and data
- Multi factor authentication (MFA)
- Advanced threat protection tools including endpoint protection platforms (EPP), endpoint detection and response (EDR), and eXtended detection and response (XDR)
Define and Apply Zero Trust Policies
Once you have the right tools in place, create a zero trust policy that will guide you when configuring and managing the tools. A zero trust policy is a strict set of rules that allow access to resources only when absolutely necessary.
Your policy should be highly detailed, describing exactly:
- When and which users can access data and services
- When and which devices and workloads can data and services
- Which network segments are allowed to access other segments
The general process is to define these policies at an abstract level, and then configure each security tool in line with the policies. Zero trust security platforms are emerging that will allow organizations to define these policies centrally, and automatically apply them to the entire ecosystem of security tools.
Monitor and Alert
A critical part of zero trust is thorough monitoring and effective alerting technology:
- Monitoring tools must give security personnel insight into whether the security policy is effective, and where there are gaps in the zero trust framework
- Alerting tools must capture malicious activity when it actually occurs, and escalate it to the appropriate staff for immediate action
It’s important to remember that even with a zero trust framework, nothing is completely safe. Security teams must be keenly aware of what is happening in the environment. When security incidents occur, they must perform root cause analysis, to identify and repair flaws in existing security mechanisms.
Zero Trust Implementation Example: BeyondCorp
BeyondCorp is a cybersecurity architecture developed at Google that shifts access control from the traditional network perimeter to individual devices and users. The goal is to enable users to securely work anytime, anywhere and on any device without having to use a virtual private network, or VPN, to access an organization’s resources.
The two most important tenets of BeyondCorp are:
Controlling access to the network and applications: In BeyondCorp, all decisions about whether to give a person or device access to a network are made through an access control engine. This engine sits in front of every network request and applies rules and access policies based on the context of each request – such as user identity, device information, and location – and the amount of sensitive data in an application. It provides organizations with an automated, scalable way to verify a user’s identity, confirm they’re an authorized user, and apply rules and access policies. However, access control alone is not enough to ensure effective security.
Visibility: Once a user has access to an organization’s network or applications, the organization must continually view and inspect all traffic to identify any unauthorized activity or malicious content. Otherwise, an attacker can easily move around within the network and take whatever data they want without anyone knowing.
Automation—user identity verification and authorization are automated and scalable. Rules and access policies are defined in one place and propagated to the entire network.
BeyondCorp provides a foundation to build a Zero Trust implementation. Inspection and logging of all traffic plays an important role to establish Zero Trust, because one should not presume all traffic from an endpoint is trustworthy or safe for data. For this reason, organizations implementing BeyondCorp should also consider implementing Zero Trust principles to further reduce risk.
Learn more about BeyondCorp and get Google collaterals that can help you implement it in your organization.
Zero Trust with Perception Point
Perception Point Advanced Browser Security adds enterprise-grade security to standard browsers like Chrome, Edge, and Safari. The solution fuses advanced threat detection with browser-level governance and DLP controls providing organizations of all sizes with unprecedented ability to detect, prevent and remediate web threats including sophisticated phishing attacks, ransomware, exploits, Zero-Days, and more.
By transforming the organizational browser into a protected work environment, the access to sensitive corporate infrastructure and SaaS applications is secure from data loss and insider threats. The solution is seamlessly deployed on the endpoints via a browser extension and is managed centrally from a cloud-based console. There is no need to tunnel/proxy traffic through Perception Point.
An all-included managed Incident Response service is available for all customers 24/7. Perception Point’s team of cybersecurity experts will manage incidents, provide analysis and reporting, and optimize detection on-the-fly. The service drastically minimizes the need for internal IT or SOC team resources, reducing the time required to react and mitigate web-borne attacks by up to 75%.
Customers deploying the solution will experience fewer breaches, while providing their users with a better experience as they have the freedom to browse the web, use SaaS applications that they require, and access privileged corporate data, confidently, securely, and without added latency.
Contact us for a demo of our Advanced Browser Security solution, today.