Request a Demo

Zero Trust Security: Key Principles and How to Implement Them

What Is Zero Trust Security?

Zero trust security helps protect complex, distributed networks that cannot be protected using traditional perimeter security tools. Today’s networks enable connectivity with a diverse range of systems and environments, allowing numerous devices, users, and third parties to access the network remotely.

Zero trust security models go beyond traditional perimeter security models, helping organizations improve their security coverage. It involves enforcing security measures and mechanisms that never trust and always verify. Common zero trust security measures include microsegmentation, multi-factor authentication, and context-based access control policies.

In this article:

Why Do Security Teams Need to Consider Zero Trust?

Zero trust adoption has been growing steadily over the past few years, and has peaked in the wake of the COVID-19 pandemic. Security and risk leaders understand they need to mature their digital risk management practices. There is a growing focus on securing remote work, accelerating onboarding, and assessing security threats posed by third parties. All this needs to be done efficiently and cost effectively, given the reduction in budgets and the security skills storage.

Zero Trust provides a foundation for a practical, proven approach to secure digital transformation, while dealing with the challenges of a rapidly changing IT environment. Whether an organization operates on-premises, in the cloud, supporting in-house employees, work-from-home employees, contractors, or customers, zero trust can provide a robust basis for securing the enterprise.

How the Zero Trust Security Model Works

The analyst John Kindervag introduced the zero trust framework in 2010 while working at Forrester. It proposes an architecture that strongly protects high-value and sensitive assets. The zero trust model assumes that all endpoints and connections represent potential threats. It protects against internal and external threats and sophisticated attacks that might be difficult to detect.

Zero trust requires applying the following capabilities to an organization’s network:

  • Logging and inspection of all network traffic
  • Restrictions and access controls throughout the network
  • Verification and protection of network resources

The primary principle of the zero trust security model is to block all access to resources and data by default. Assets become accessible only to users with specific privileges, often limited in terms of timeframe and scope. Organizations should restrict access to what is essential to complete prescribed tasks (the principle of least privilege).

Whenever a user or entity tries to connect to an application or data set, the zero trust network must verify and authorize the connection. This access control measure ensures that all communications meet the organization’s security requirements. The zero trust model also extends authentication and authorization to all devices and network flows, with access governed by dynamic, context-based security policies.

Successful zero trust implementation requires collecting contextual information from all security domains. The teams in an organization must coordinate and prioritize access policies and ensure all connections are secure. The zero trust architecture necessitates a comprehensive strategy for implementing and integrating security tools and focusing on specific business objectives.

When adopting the zero trust model, organizations should address the following:

  • Ensuring a unified front and commitment across the organization
  • Maintaining an inventory of all data and IT assets
  • Assigning role-based access privileges
  • Prioritizing widespread vulnerabilities
  • Classifying data to enable data-centric security management and prioritization
  • Implementing network segmentation to protect against lateral movement
  • Maintaining workload isolation to secure data transfer between virtual machines and cloud servers

While zero trust may be complicated to implement at first, it is the most effective strategy for dealing with a rapidly changing threat environment. Zero trust helps provide important threat context and insights that enable security teams to deal with sophisticated threats.

How to Implement Zero Trust Security

The best way to implement a zero trust architecture is to split the process into small, simple steps. This process should include these basic steps:

Defining Protected Surfaces

In a traditional network, it is important to define the attack surface of the overall network – covering all entry points that attackers could exploit. A security perimeter protects the attack surface using controls like intrusion detection systems and firewalls, but this approach is less effective for distributed networks with remote access. Identifying and defending every entry point is impractical.

In a zero trust network, security teams prioritize the specific assets, services, and data they want to protect. The focus is on the protected surface, not the attack surface. This approach enables specialized protection for each asset.

Mapping Interdependencies

It is important to know how traffic and data flow between applications and services. Understanding the interactions between resources helps inform security and access policies to defend each protected surface.

Establishing Micro-Perimeters

A zero trust model uses multiple micro-perimeters to protect each asset, rather than the traditional security perimeter encompassing the whole network. This granular approach involves segmenting the network and implementing separate security controls for each protected surface. It allows security experts to leverage different tools to protect different assets for a best-of-breed strategy.

Establishing Access Controls

Micro-perimeters rely on policies that determine access permissions and authorization measures. The Kipling method can help inform access control decisions based on considerations such as:

  • The purpose of access to a resource
  • Who can access the resource
  • What applications can access the resource
  • From where they are requesting access
  • When they can access the resource
  • What permissions are required to grant access

Monitoring the Network

Zero trust relies on continuously monitoring the segmented network to enforce the access control policies applied to each protected surface and micro-perimeter. Security overseers should frequently review logs to identify performance issues such as latency or inefficient operations. Monitoring helps inform optimization decisions to adjust policies and access controls.

Conclusion

In this article, we explained the basics of zero trust security and showed a 5-step process to implementing zero trust in your organization:

  1. Define protect surfaces – identify assets, resources, and data that needs to be protected by zero trust access controls.
  2. Map interdependencies – understand data flows in your organization to ensure that micro-segmentation does not interrupt essential communications.
  3. Construct micro-perimeters – set up micro-segments and access controls around each protect surface.
  4. Establish access control policies – define granular policies that are sensitive to the entity attempting access, the asset being accessed, and the current security context.
  5. Monitor and optimize – continuously monitor the network to identify anomalous behavior and respond to it.

We hope this will be useful as you take your first steps towards a zero trust security model.

Let’s Get Started

Ready to extend visibility, threat detection and response?

Request a Demo