The Importance of Zero Trust Network
Zero trust (ZT) is an important information security architecture. It brings us away from the perimeter defense-in-depth models of the past, to layers of control closer to what is valued most like information and data. ZT begins with infrastructure assurance; it has become universal across many applications and widely spread across multiple applications and up to different stack level. ZT assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location. ZT focuses on protecting resources (assets, services, workflows, network accounts, etc.
As the benefits of zero trust become increasingly clear, the pervasiveness of this model is evident, relying upon a trusted computing base and data centric controls as defined in NIST Special Publication 800-207 which was recently published for reference. Many organizations now referring this NIST standard as a guidance to ZT implementation. As per the publication NIST 800-207, the document is intended to describe zero trust for enterprise security architects. It is meant to provide a road map to migrate and deploy ZT security concepts to an enterprise environment. Cyber Security agency, cybersecurity managers, network administrators, and managers may also gain insight into zero trust and ZTA from this document. It is not intended to be a single deployment plan for ZTA as an enterprise will have unique business use cases and data assets that require safeguards. Starting with a solid understanding of the organization’s business and data will result in a strong approach to zero trust. (Source: NIST 800-207)
“As per Forrester research, zero trust network is focused on the network providing application isolation to prevent attacker lateral movement. It has evolved to become granular and pervasive, providing authentication and assurance between components including microservices.”
Source: CIS Security Blog
The critical features of Zero Trust are based on the concept of Authentication, Authorization, Identity, Access Control, encryption, etc. ZT network relates to the network with isolation of applications by network segmentation, ensuring controls such as strong encryption and dynamic authentication are met.
As per NIST 800-207, a ZT architecture is designed and deployed with adherence to the following zero trust basic tenets:
- All data sources and computing services are considered resources.
- All communication is secured regardless of network location.
- Access to individual enterprise resources is granted on a per-session basis.
- Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
- The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.
For a ZT deployment, there are several data sources used during policy enforcement, access decisions as mentioned below;
- Continuous diagnostics and mitigation (CDM) system
- Industry compliance system
- Threat intelligence feeds
- Network and system activity logs
- Data access policies
- Enterprise public key infrastructure (PKI)
- ID management system
- Security information and event management (SIEM)
Considering the current Pandemic situation, work from home or hybrid work pace system is mostly adopted by enterprises. In future many enterprises are going to continue this permanent work from home. Identity management is becoming more important and for that adoption of MFA (Multifactor Authentication) is being popular across may enterprises and corporates to defend the threat and protect their crucial data.
You can learn more from organizations on their Zero trust approach to become more familiar.
***
If you have any suggestions and comments, please provide.
-DR
No comments:
Post a Comment