The Zero Trust Framework

By Caleb Kwong | January 28, 2021

Introduction

As we see the number of COVID19 cases spike out of control, the concept of the remote workforce is going to be around for a long time to come, most likely even into early 2022. 

With this in mind, many businesses are now thoroughly assessing and taking stock of what they can do to protect their business as their perimeter has changed drastically with the remote workforce.

Since cyber criminals are always coming up with new ways to attack (e.g. SolarStorm) – in a covert fashion. What can we do to reduce the attack surface? This is where the Zero Trust Framework comes into play.

What Exactly Is Zero Trust?

Zero Trust is not a brand-new Cybersecurity technology, nor is it a product or service. Instead, it is a concept that has its roots in what is known as the “Principle of Least Privilege,” or also known simply as “PoLP.” 

This merely states that an end-user should not be given any more rights, accesses, and privileges to shared resources than what is absolutely necessary in order for that individual to conduct their daily job responsibilities.  But with this, there is an implied or implicit baseline of trust that is given. 

But with Zero Trust, it takes this principle to yet another extreme in which nobody at all is trusted in both the internal and the external environments to your company.  In other words, it is not just end-users, but even devices, and other end-user profiles cannot be trusted at all.  In order to gain access to what is needed, all of these entities must be fully vetted and authenticated to the maximum level possible. 

In this regard, even using Two Factor Authentication (2FA) is simply not enough.  The use of Multifactor Authentication (MFA) is required, in which at least three layers are used to order to 100% fully verify the device or the end-user in question. 

In fact, a key distinction with the Zero Trust Framework is that it is not typically used for just enhancing the primary lines of defense for the business.  Rather, this new way of thinking in Cybersecurity is further extended to protect each and every  server, workstation, and other assets that reside from within the IT infrastructure.

Although as just mentioned, making use of MFA is highly favored, other items can be used as well in order to fully enforce the Zero Trust Framework, which are as follows:

  • Implementing NextGen Firewalls in your data center
  • Implementing NextGen Endpoint Security;
  • Breaking up your entire Network infrastructure into smaller segments which are known as “Subnets”;
  • Identity and Access Management (IDAM);
  • Role-Based Access Control (RBAC);
  • Deploying high levels of encryption;
  • Logging and Analytic tools;
  • Making use of Policy Enforcement and Orchestration Engines.

How To Implement the Zero Trust Framework

It is important to keep in mind that deploying Zero Trust is not something that happens in just one fell swoop; rather, it is implemented in stages, using a phased-in approach.  The following are key areas that you need to keep in mind as you deploy it:

1) Understand and completely define what needs to be protected:

With Zero Trust, you don’t assume that your most vulnerable digital assets are at risk.  Rather, you take the position that everything is prone to a security breach, no matter how minimal it might be to your company.  In this regard, you are taking a more holistic view, in that you are not simply protecting what you think the different potential attack planes could be, but you are viewing this as an entire surface that needs 100% protection, on a 24 X 7 X 365 basis. Your security team needs to map out your assets and plan on how to protect it with layers of security. So rather than having the mindset of one overall arching line of defense for your business, you are now taking the approach of creating many different “Micro Perimeters” for each individual asset.

2) Determine the interconnections:

In today’s environment, your digital assets are not just isolated to themselves.  For example, your primary database will be connected with others, as well as to other servers, which are both physical and virtual in nature.  Because of this, you also need to ascertain how these assets work with one another, and from there, determine the types of controls that can be implemented in between these assets so that they can be protected.

3) Crafting the Zero Trust Framework:

It is important to keep in mind instituting this does not take a “One Size Fits All” approach.  Meaning, what may work for one company will not work for your business.  The primary reason for this is that not only do you have your own unique set of security requirements, but the protection surface (as defined in Step #1) and the linkages that you have determined (defined in Step #2) will also be unique to you as well.  Therefore, you need to take the mindset that you need to create your framework as to what your needs are, as well as considering projected future needs as well.

4) Drafting the Security Policies:

Once you have determined how your overall Zero Trust Framework will look like, you then need to create the Security Policies that will go along with it.  For example, it will be very detailed and granular in nature, given the “Micro Perimeters” approach that the Zero Trust uses.  So, you will need to determine the following for each and every digital asset that you have mapped out (which was accomplished in Step #1):

  • Who the end-users are (this will be your employees, contractors, outside third-party vendors and suppliers, etc.);
  • The types of shared resources that they will be accessing on a daily basis;
  • What those specific access mechanisms will be;
  • The security mechanisms (particularly the controls) that will be used to protect that level of access.

5) Monitoring Zero Trust Framework:

Once you have accomplished steps #1-#4, the final goal to be achieved is how it will be monitored on a real-time basis.  In this particular instance, you will want to make use of what is known as a Security Information and Event Management (SIEM) software package.  This is a tool that will collect all of the logging and activity information, as well as all of the warnings and alerts and put them into one central view.  The main advantage of this is that your IT Security Team will be able to triage and act upon those threat variants almost instantaneously.

Conclusions

Overall, this is an overview of the Zero Trust Framework and how it can be launched in your company.  Please let us know how we can help with your jouney today!

Posted in Cybersecurity

Leave a Comment

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.