Zero Trust assumes that security measures will fail or have already been penetrated, and aims to mitigate the damage - or the “blast radius.” As part of Zero Trust, all network users and connected applications are required to be authenticated and continuously verified. This model is dramatically different from the “trust but verify” approach, which has traditionally exposed networks to breached end points, privilege escalation, lateral movements, and insider threats.
This shift to cloud or hybrid computing, the increase in the number of connected endpoints, and the prevalence of remote, distributed workforce have disrupted the traditional model of relying on perimeter security only. Today, organizations have to invest in cyber resiliency, which means gaining visibility over their infrastructure, applying a strict principle of least privilege, and deploying defense-in-depth solutions. Zero Trust is a key driver to help align different stakeholders with the same objective of frictionless and continuous access visibility and verification.
A core idea behind the Zero Trust network security model is to assume that a security breach is inevitable. As such, the model should include two foundations. First, a strict segmentation of the network. In the case of high-criticality zones, a micro-segmentation approach is strongly recommended. Second, the ability to continuously visualize and verify network access. A network modeling solution operated by an independent review team helps ensure the adoption of such capability.
To begin planning, I would recommend reviewing the following two documentation from the National Institute of Standards and Technology: NIST Special Publication 800-207 about Zero Trust Architecture, and NIST Special Publication 800-160, Volume 2 about Developing Cyber-Resilient Systems. The latter will help put in place a risk management strategy. The former will assist in defining the key principles to implement. Top 2022 Cybersecurity Tech Trends from Robin Berthier, CEO of Network Perception: Zero TrustThe Zero Trust security model is gaining rapid adoption among network administrators looking to address cybersecurity threats both internal and external. Today, more than 80 percent of all cyber attacks involve credentialed use or misuse in the network. Instead of trying to secure network perimeters, Zero Trust assumes that security measures will fail or have already been penetrated, and aims to mitigate the damage - or the "blast radius." As part of Zero Trust, data encryption is essential, and all network users and endpoint applications are required to be authenticated and continuously verified, constantly securing both remote workers and hybrid cloud environments. This model is dramatically different from the "trust but verify" approach, which has traditionally exposed networks to nefarious activity by internal actors.The uptake of this security architecture is due, in part, to the executive order issued by President Biden in May 2021 mandating that the Federal Government must advance its Zero Trust architecture. While there are currently many different interpretations of Zero Trust, standards are emerging, such as the NIST 800-207, Forrester's ZTX and Gartner's CARTA. Micro-segmentationAggressive segmentation of the network is a requirement for the control necessary to enable a Zero Trust architecture. Assuming that a security breach is inevitable, micro-segmentation limits the number of lateral movements that attackers can perform. Segmenting defines who can connect directly with others on the network. In the spirit of zero trust, you want systems to connect to other systems only if they are authorized, and segmenting is one way to implement that policy. Independent verificationOrganizations are beginning to understand that verified cybersecurity makes all the difference between catastrophic failure and operational resiliency. As a result, many organizations not only review controls, but are also investing in independent verification of their correct implementation. Network Access VisualizationThe visualization of network topology, including the analysis of network device configuration files from firewalls, routers, and switches, is the part of the cybersecurity playbook in 2022. Network access visualization enables anyone to understand compliance and security issues instantly. It models how each network device allows and denies communication. This model computes the complete set of possible paths among network assets.