What is Zero Trust, and How Does it Work?

Zero Trust

Zero trust security is a term you may have heard lately, but What is Zero Trust, and How Does it Work? Every user and device is treated the same, regardless of where they are or how they got there. This can be a difficult shift for organizations, but the benefits are many. Keep reading to learn more about zero-trust security and how it works.

What is Zero Trust, and How Does it Work?

 Zero Trust is a new approach to security that shifts the burden from the network to the endpoints. In this model, every user and device do treat the same, regardless of where they are or how they got there. This can be a difficult shift for organizations, but the benefits are many.

The Zero Trust security model uses by large organizations that have complex environments with a mix of employees, contractors, partners, vendor devices, and mobile devices.

Why Zero Trust?

Zero Trust Security’s primary benefit is its proactive stance against attackers. The traditional approach to security does refer to as “perimeter-based” or “domain-based” security. 

In perimeter-based security, you build a castle and protect its walls from attackers. The domain-based security, you identify users based on their location and make different rules for each area. In both models, you set up policies around what users can and can’t do based on their location.

Without having to think about it too much, you probably already know where these two models break down. It is perimeter security assumes that if an attacker penetrates your network perimeter, you’re already toasting. The domain-based security assumes that if someone does authorize to be in an area, they do authorize everywhere else. 

Neither assumption makes sense in today’s multi-tenant organizations. It is where employees carry their devices from office to office and connect to resources outside the office.

What is Zero Trust? 

The Zero Trust model shifts the burden from the network to the endpoints. In this model, every user and every device does treat the same. All traffic comes through your network perimeter and is subject to the same level of scrutiny regardless of IP address or previous activity. 

This makes it impossible for an attacker who has penetrated your network perimeter to move laterally. From a practical standpoint, each endpoint needs its authentication mechanism (like AD) and its authorization policies (like RBAC). 

The full accounting of all activities on an endpoint must be available for auditing purposes; this data need to store long enough for an audit trail without compromising endpoint performance or risking data breaches by keeping too much information around too long. You’ll need access control lists (ACLs) on your firewalls and load balancers to receive traffic from authorized endpoints rather than every IP address on your network.

For example, a contractor might be able to access your network and a particular resource while they’re in the office, but they shouldn’t access that resource from home. 

This is no great leap from the typical perimeter-based security model; a firewall rule might use an AD group to control access. The difference is that an attacker can get around your perimeter defenses and move laterally through your network; this forces you to treat all endpoints as untrusted and authorize their access on a case-by-case basis. 

Click to rate this post!
[Total: 0 Average: 0]