Cybersecurity vendors across the industry have latched on to marketing buzzwords like “machine learning” and “AI” to captivate their target audience. Their latest buzzword: Zero Trust.
With the needs of today’s modern organizations, it’s no surprise that Zero Trust has become deceptively complex. Use this guide as a means to decipher Zero Trust terminology, and understand what Zero Trust is, and just as important, what Zero Trust isn’t.
Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating trust from your organization. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to prevent lateral movement. No matter which technology or vendor you use to deploy Zero Trust, the strategy remains the same.
A Zero Trust environment is the end-state of your Zero Trust architecture, consisting of a protect surface containing a single DAAS element. In most cases, given the state of cybersecurity technology, the protect surface will be protected by a micro-perimeter enforced at Layer 7 with Kipling Method policy by a segmentation gateway. This could be deployed across your enterprise – in your data center, public cloud, private cloud, branch office, etc.
Your Zero Trust architecture is the compilation of the tools and technologies used to deploy and build your Zero Trust environment. This technology set will vary depending on the differing needs of your business and the different use cases in which you choose to extend Zero Trust, such as to the cloud or endpoints. The architecture is completely bespoke, not derived from a single universal design. Instead, the architecture is constructed around the protect surface. Ultimately, your Zero Trust architecture should leverage network segmentation, prevent lateral movement, provide Layer 7 threat prevention and simplify granular user access control.
There are four design principles of Zero Trust:
The data, assets, applications and services, or DAAS for short, are all the things that either traverse or users access from within your organization. Each of these must be considered when defining a protect surface. Examples of DAAS elements include:
A protect surface contains a single DAAS element. The DAAS element in your protect surface is highly sensitive and critical to your business. You will have multiple DAAS elements that are critical to your business, resulting in multiple protect surfaces. The protect surface is orders of magnitude smaller than the attack surface and, because it is a single area of focus, is always knowable.
A segmentation gateway, more commonly known as a next-generation firewall, provides granular visibility into traffic and enforces additional layers of inspection and access control with granular Layer 7 policy that takes into account who the user is and whether or not they should have access to a particular resource. When used in Zero Trust, a segmentation gateway creates a microperimeter around the protect surface to monitor traffic, stop threats and enforce granular access control across north-south and east-west traffic within your on-premises data center and multi-cloud environments.
A microperimeter is what is generated around a protect surface in policy. This creates a point of control that ensures only known allowed traffic and legitimate applications have access to the protect surface. A microperimeter should be placed as close to the protect surface as possible and move with it.
Microsegmentation is the act of creating a microperimeter by enabling granular access control, whereby users, applications, workloads and devices are segmented based on logical, not physical, attributes.
The asserted identity is the validated and authenticated “who” that should be accessing a resource.
Most users are given too much access to too much data that is not essential to their job function. Least-privileged access is the principle in which users, systems, applications, processes and devices are given only enough access to perform their required jobs for their respective roles or functions.
Granular access control is the explicit defining of who can have access to what part of a network, or system resource, and what they can do with that access in policy.
Trust is binary. In the context of Zero Trust, when determining what should and should not have access to a protect surface, you consider whether something is “trusted” or “untrusted.” There are varying levels of trust. To say something is trusted less is essentially saying that it is untrusted
The concept of data toxicity refers to sensitive data that is “toxic” to your organization and has a negative impact on the business if exfiltrated, such as actions from legal and regulatory entities. Every organization has both toxic and non-toxic data. Examples include intellectual property, personally identifiable information (PII), patient health information (PHI) and credit card holder data (PCI).
Zero Trust policy determines who can transit the microperimeter at any point in time, preventing access from unauthorized users to your protect surface, and prevents the exfiltration of sensitive data. True Zero Trust can only be done at Layer 7. The Kipling Method of creating Zero Trust policy enables Layer 7 policy for granular enforcement so that only known allowed traffic or legitimate application communication is allowed. This method reduces the attack surface while also significantly reducing the number of port-based firewall rules. With the Kipling Method, you can easily write Zero Trust policy by answering:
As with any strategic initiative, it’s important to benchmark where you are as you begin your Zero Trust journey and measure your maturity as time goes on and as improvements are made to your Zero Trust environment. Designed using the Capability Maturity Model, the Zero Trust Maturity Model mirrors the 5-step methodology for implementing Zero Trust and should be used to measure the maturity of a single protect surface.
A software-defined perimeter secures all connections to services running on a network infrastructure at all layers, based on the level of security you define and establish. Devices and identity are given access on a need-to-know basis and must be verified before access is granted.
SDPs are commonly associated with the BeyondCorp model. Zero Trust and BeyondCorp are not one and the same. The fundamental difference between Zero Trust and BeyondCorp is that BeyondCorp views trust as the goal, whereas Zero Trust views the absence of trust as the goal. BeyondCorp focuses on authentication of the user and device identity as well as enforcement through APIs. Once authenticated, users are given access to move anywhere within the system. Identity is consumed within Zero Trust but is not equivalent to Zero Trust. Another notable difference between the two frameworks is that controls for BeyondCorp are at Layer 3, whereas Zero Trust operates at Layer 7.
CARTA is a Gartner methodology that is broken up into two areas of focus: adaptive attack protection and adaptive access protection. It leverages similar concepts of Zero Trust but with different methodology. With the CARTA methodology, once a user has been granted access, the risk and trust levels are continuously monitored throughout the entirety of an interaction or session. Should the risk or trust levels change, the controls are adapted accordingly.