Zero Trust Security

Zero Trust security is an IT security framework that requires all users and devices, whether in or outside the organization’s network perimeter, to be authenticated, authorized, and continuously validated before being granted or keeping access to applications and data. In a traditional IT network, it is hard to obtain access from outside the network, but once inside the network, everyone is trusted by default whereas a Zero Trust model trusts no one and nothing. The problem with traditional IT network is that once an attacker gains access to the network, they have free rein over everything inside.

The main principle of Zero Trust security are the following:

  1. Least privilege access. Give users only only the bare minimum level of access necessary to perform job-specific tasks. This will minimize each user’s exposure to sensitive parts of the network.
  2. Continuous monitoring and validation. Verify users and devices identity and privileges continuously and time out logins and connections periodically once established.
  3. Device access control. Ensure that every device in the network is authorized, and assess all devices to make sure they have not been compromised.
  4. Terminate every connection. Allow an inline proxy architecture to inspect all traffic, including encrypted traffic, in real time — before it reaches its destination — to prevent ransomware and malware.
  5. Microsegmentation. Break up security perimeters into small zones to maintain separate access for separate parts of the network.
  6. Multi factor authentication (MFA). Require users at least 2 sources of evidence to identify themselves. For example, in addition to entering a password, users must also enter a code sent to another device, such as a mobile phone, thus providing two pieces of evidence that they are who they claim to be.
  7. Prevent lateral movement. “Lateral movement” is when an attacker moves within a network after gaining access to that network. Zero Trust is designed to contain attackers so that they cannot move laterally. Once the attacker’s presence is detected, the compromised device or user account can be quarantined and cut off from further access.

These principles will reduce the organization’s security risk by minimizing or even eliminating the attack surface.

Sources:

https://www.cloudflare.com/learning/security/glossary/what-is-zero-.trust/

https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/

https://www.zscaler.com/resources/security-terms-glossary/what-is-zero-trust

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.