Zero Trust Security
Trust is the belief in the strength, truth, and reliability of other things. The things that are trusted could be people, processes, or objects. Trust in the context of computers and IT means that the users and software trust that their actions will have their intended consequences and no harm will occur.
The traditional model assumed that after a person or software is authenticated and joined the network, they can interact with other processes and access data. Threat actors continually try to take advantage of the trust of people and processes to accomplish their goals. Eliminating the default trust between the people, processes, and technologies in a network describes Zero Trust.
Principles of Zero Trust
There is no single Zero Trust solution or product that an organization can simply install and then enjoy the benefits of the concept. Certain core principles and concepts guide organizations seeking to adopt Zero Trust in their cybersecurity. Common principles include:
- The least privilege required should be given to users.
- No asset or resource is inherently trusted.
- All data sources should be considered in planning.
- All communication should be secured in the highest way available.
- Access should be authorized or denied each subsequent time it is requested.
- Monitor the activity in the network to ensure proper setup.
- Segment the network to create places where authentication can be given.
Zero Trust in Action
Zero Trust can be manifested in different cybersecurity use-cases. Endpoints can run software that employ Zero Trust concepts which block certain actions action or processes from happening. Blocking malicious acts at the endpoint means EDR systems will not need to issue an alert in the first place. The identity and access management processes and guidelines can use Zero Trust concepts when handling logins, access, and other functions.
Zero Trust Architecture describes how whole networks and systems can be built using the concept. NIST 800-207 is an informative document from the government agency that describes the topic in detail. “A zero trust architecture is an enterprise cybersecurity architecture that is based on zero trust principles and designed to prevent data breaches and limit internal lateral movement,” according to NIST. The document also makes the point that Zero Trust is not a single thing, but rather a set of guiding principles.