Decoding why ‘zero-trust’ makes the company security posture more trustworthy

• Instead of assuming everything behind the corporate firewall is safe, the zero-trust model assumes breach and verifies each request as though it originates from an open network
• The approach relies on various existing technologies and governance processes to accomplish its mission of securing the enterprise IT environment

The US cybersecurity executive order signed by President Joe Biden on May 12, 2021, calls for the US federal government to adopt a “zero-trust architecture.” The zero-trust network, or zero-trust security, model was created in 2010 by John Kindervag and now, 11 years later, CIOs, CISOs, and other corporate executives are increasingly implementing it as the pressure to protect enterprise systems and data grows significantly.

To put things into perspective, there were at least 2,354 ransomware attacks on local governments, health care facilities, and schools in the US last year. Although estimates vary, losses to ransomware seem to have tripled in 2020 to more than US$300,000 per incident. To top it off, ransomware attacks are growing more sophisticated.

What is zero-trust security after all?

Basically, zero-trust or ‘trustless’ has become known as a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters and instead must verify anything and everything trying to connect to its systems before granting access (. A zero-trust approach to cybersecurity assumes that an attack is a click away, and focuses on building an immune system. Put another way, instead of defending a castle, this model assumes that the invaders are already inside the walls.

The zero trust model of information security basically kicks to the curb the old castle-and-moat mentality that had organizations focused on defending their perimeters while assuming everything already inside didn’t pose a threat and therefore was cleared for access. Security and technology experts say the castle-and-moat approach isn’t working. They point to the fact that some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able to move through internal systems without much resistance.

The technologies behind zero-trust

The zero-trust security approach relies on various existing technologies and governance processes to accomplish its mission of securing the enterprise IT environment. It calls for enterprises to leverage micro-segmentation and granular perimeter enforcement based on users, their locations, and other data to determine whether to trust a user, machine, or application seeking access to a particular part of the enterprise.

Zero-trust draws on technologies such as multifactor authentication, identity and access management, orchestration, analytics, encryption, scoring, and file system permissions. It also calls for governance policies such as giving users the least amount of access they need to accomplish a specific task. Yet developing a zero-trust environment isn’t just about implementing these individual technologies. Instead, it’s about using these and other technologies to enforce the idea that no one and nothing has access until they’ve proven they should be trusted.

More than a line of defense

The idea of not trusting all of those exploited apps, missing devices, and unsuspecting users makes a lot of sense. Continuous verification helps keep the bad guys out certainly, and it brings additional benefits to the organizations that employ it. 

The benefits include improved operational intelligence whereby when the system is continually authenticating identity and access, these ‘security checkpoints’ produce valuable intelligence for security teams. Far beyond a log of who is doing what, these events also establish regular connections with IT and provide administrator insight into how well the security tools are working.

Containment becomes faster as well since zero-trust is often bundled with an architectural shift toward segmentation. With partitions in place, containment is easier and faster because you’re able to ‘trap’ threats within an individual segment and foreclose the opportunity for the threat to advance. Additionally, with fewer hosts and endpoints within each segment, system traffic is more easily modulated from one segment to the next. By segmenting, you use fewer resources and those resources are less likely to be overwhelmed.