Today’s working environments are no longer governed by the perimeters and boundaries they once were. As a result, security threats have multiplied and the pressure on IT teams to protect data has increased rapidly. Modern work happens in a mobile-cloud environment outside traditional security controls, and from the perspective of those controls it’s a zero trust environment.
As attacks become more sophisticated, security professionals are forced to reconsider the best practices on which they’ve previously relied. The more adaptable have realised the best solutions provide a secure contextual connection — based on device, app, user, environment, network, and everything else that’s involved in accessing their data.
The term ‘zero trust’ was coined by John Kindervag of Forrester Research in 2010. Around the same time, a similar idea was being embraced by Google as a way to connect its employees to their internal applications. The Google BeyondCorp methodology was born out of this need and led to a specific adaption of the software-defined perimeter (SDP).
The zero trust model treats all devices or ‘hosts’ as if they’re internet-facing, and considers the entire network to be compromised and hostile. It assumes that all access to corporate resources should be restricted until the user has proven their identity and access permissions and until the device has passed a security profile check.
Establishing and working in a zero trust environment
In order to establish trust in a zero trust environment, an organisation must first ensure:
- All resources are accessed in a secure manner regardless of location
- Access control is on a “need to know” basis and is strictly enforced
Context is central to establishing trust. This context comes from the posture of the OS, device, network, app, and location. This information can then be used to provide adaptive security flows that mitigate the risk of data loss. This is how ‘trust’ is established.
Building the trust ladder
A ladder is a good metaphor for trust. As you climb each rung, the level of trust increases and you feel more confident in providing the user access to data. If you have a trusted user and you have established full trust on the endpoint (OS, device, app, location), then you are in a position to provide access to any confidential information as long as the transport of that information is also secure. This is the desired state. You can now provide a fantastic user experience as well, with certificate-based authentication eliminating the need for a password on the trusted endpoint.
If you start climbing down the ladder, you will need to establish additional controls, for example, biometrics to ensure user identity. If that’s not possible and you are worried about credential theft, then a second factor through software-based multi-factor authentication might become important. Many organisations will use a smartphone as that second factor.
Credential theft will very often come from device and network compromise, once again demonstrating that user trust itself is dependent on the presence of contextual controls to prevent the capture of credentials.
What is your trust ladder? By clearly defining it in advance, you can more effectively design adaptive authentication into your security workflow.
Whenever possible, the trust ladder should be invisible to the user. When a user action is required, it should be simple and clear, and ideally the system should learn from, and adapt to their behaviour – without compromising security of course.
But lock-down is not an option, because it simply opens the door for a proliferation of shadow IT, which means data will actually be accessed in a truly zero trust environment. With the increasing consumerization of IT, employees expect the same functionality and experience at work that they get from the devices and apps they use at home. An environment that continuously hinders employee productivity will create frustration and negate security.
Maintaining this constant balance between security controls and user experience, not to mention legal and compliance considerations, is familiar territory for those managing IT infrastructure projects. A system that can achieve this, while still raising red flags when there is a deviation from the normal, should be the focus for anyone tasked with developing a trust ladder architecture.
Ultimately, the aim of zero trust framework is to protect data across an increasingly fragmented information fabric. Traditional security approaches cannot do this. The modern access decision requires continuous assessment because context is constantly changing. Moving to this dynamic model vs. the static “I’m in, you’re out” model of the firewall is the path forward. It gives users the freedom they need to get on with their work without needing to abandon company security protocols.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.