Zero Trust Strategy
The Zero Trust security strategy doesn’t take anything for granted when it comes to how much you can trust a network. The strategy uses a model with advanced segmentation and data protection.
IT security is changing. Time for a different approach
This new, fast, digital world requires an efficient and reliable approach to IT security. In the classic cybersecurity model, a line is drawn between ‘the unsafe outside world’ and the ‘familiar’ own network. Firewalls must keep out undesirable traffic and, once inside the network, all traffic is considered to be trustworthy.
The use of mobile devices, web applications and network access by customers, suppliers or patients requires a completely different IT security concept. In 2009, Forresters’ John Kindervag introduced his Zero Trust security strategy in the United States. Shortly thereafter, ON2IT was the first to promote the same strategy in Europe, where ON2IT is the prime adopter of the Zero Trust strategy.
Never trust, always verify
The Zero Trust approach uses the guiding principle of ‘never trust, always verify’. There is no assumption in advance about the degree of reliability, whether that concerns users, hosts or data sets. In addition, access to data is limited – provided on a need-to-know basis.
Based on insight into the data and traffic flows, the network and its protection are set up ‘from the inside out’ and all traffic within the network will be inspected and logged.
Combined with the extensive segmentation of the network, applications, users, data sets and ‘crown jewels’, the Zero Trust strategy offers the best possible and most efficient IT security that you could wish for.
Zero Trust principles
Zero Trust Security is based on five principles, where the main goal is to reduce the impact of cyberattacks. John Kindervag described them himself as follows:
- All resources are accessed in a secure manner, regardless of location
- Least privilege: Access control is on a ‘need-to-know’ basis and is strictly enforced
- Always verify and never trust
- Inspect and log all traffic
- The network is designed from the inside out
The impact of Zero Trust Security
With Zero Trust Security, you are choosing to effectively reduce the impact of the attacked area in the entire network. Divide the network into different segments and apply protection measures consistent with the sensitivity of the data within each segment.
Make sure you also have segments that are maximally separated from each other, so any security incident will only have an impact on that segment and not on the entire network.
Are you interested in the application of Zero Trust within your organization?
Zero Trust architecture
In structuring a solid Zero Trust architecture, our security specialists use a fixed action plan:
1. Identify the data to be protected
and analyze the risks
Identify where your company data is located, who is using this data, how sensitive the data is, and how employees, partners and customers use the data. If you don’t know where your data is located, it will be impossible for you to protect it properly. Identification of the data also simplifies data classification. In short: What are the ‘crown jewels’ and how should we handle them?
Considering protection requirements arising from the various national and international guidelines, we make a segmentation of different data sets and their associated protection:
- Customer data (with privacy directives such as NEN75xx and the GDPR)
- Employee data (with the corresponding privacy directives)
- Financial data (for example, for PCI)
- Data related to intellectual property (use of industry-specific guidelines)
- Process data (use of industry-specific guidelines, such as for SCADA)
2. Map the traffic flows
It is essential to know how the company information moves over the network and among the users. Application and network architects can present differing insights in this stage. Security teams can then measure the existing security protocols using the traffic flows and make adjustments where needed.
The inventory of applications and their connections to data sets are included in this stage. Which type of data is used where, within commercial applications as well as in house developed software? And which applications form a group because they are needed for one process?
The connection among functional applications and the sensitivity of a specific data set together form the foundation for segmentation of the network in accordance with Zero Trust.
3. Determine users’ rights and the CIA rating per data set / application
Confidentiality (C) of the data, Integrity (I) of the protection measures an Availability (A) of the data, determine, together, the CIA rating based on a high-medium-low risk classification. The CIA rating can be directly linked to the compliance requirements of the various directives. Security measures will have to consider compliance with various regulations, even those for external data centers or public cloud environments.
In many cases, a gap analysis in this regard will provide new insights about the use of applications and the users. As soon as the structure of rights and roles is clear for each application, the authorization matrix will also be established.
4. Design the network using
Zero Trust segmentation
The actual establishment of the format of Zero Trust segments. This stage gives the total picture of all applications and all data, wherever they may be found.
This design must be based on the combination of data traffic flows in the network and the degree of access to possibly toxic data. In an optimized traffic flow, it can be determined where micro-perimeters must be placed and whether segmentation is to occur using physical or virtual solutions.
5. Establish smart procedures and policies
for each Zero Trust segment
Which organizational and technical measures are required to implement optimal protection of each segment? Once the optimal traffic flows have been determined, it is important to employ access and inspection procedures. Here, too, the basic principle of Zero Trust applies: Access is limited to admission on a need-to-know basis.
To that end, designers need to know precisely which users should have access to which data. Security teams need to know the exact identity of both the user and the application. Originating and destination address, port and protocol are no longer relevant.
6. Verify all traffic continuously
Part of the Zero Trust Strategy is to inspect and log all traffic. Where, in the past, external traffic in particular was logged and analyzed, by now it has become clear that internal traffic must also meet these standards.
This is also possible with the Zero Trust network because all data traffic is visible, whether it goes from or to internal or external network segments.
Are you interested in implementing Zero Trust within your organization?
Where we use Zero Trust as a strategy, we use the Kipling method as a tactic:
“IT security looks a lot like water management”
Most of the Netherlands lies below sea level. This risk has been recognized and measures have been taken to protect us against the water. The Netherlands is divided into a number of areas, and dikes have been built around all of them. In a few cases, concerning vulnerable areas and/or very expensive contents, an extra dike has been added.
None of the dikes are of equal height. In determining the height, the local risk was taken into account. In fact, a risk analysis has been prepared for all parts of our country and measures have been taken based on that analysis. If a dike breaches, the damage will remain limited to that one part.
In IT security, we call these areas ‘security zone segments’. The extent of the protection of a segment depends on its vulnerability and the value of the data in that segment. Just as with the dikes, it’s all about having a proper analysis and a well-thought-out strategy.
– Lieuwe Jan Koning, CTO of ON2IT