What is a Zero Trust architecture and can you trust it?
Flaw one: No one knows where the network boundary is.
Flaw two: Zero Trust based networks are still susceptible to hacks.
By recognising this, the CISO must accept that not everything ‘inside’ the network can be trusted.
Flaw three: Rogue insiders will always be inside Zero Trust based networks.
So, if the conventional wisdom of corporate security is flawed, what are our options?
What does Zero Trust really mean?
A true Zero Trust model therefore turns this on its head by eliminating trust from the IT architecture. So, whenever an attempt is made to access an asset, for example a network segment, the user must authenticate to prove their identity and check their authority to be granted access. With this identity-aware approach to IT asset access, any successful cyber-attack has only limited scope.
In a Zero Trust architecture, it is assumed that nothing on the inside can be trusted implicitly. Each asset – like endpoints, applications and data stores – has a defined ‘protect surface’ that forms a security shield. To get through this shield, a transaction must conform to a policy that defines legal transaction flows which result in an access request, plus authentication and authorisation requirements.
What’s the business value of a true Zero Trust approach?
Business agility is also improved. Applications, data, and services can all be moved, modified, and merged without needing to be concerned about the security of its containing environment. The protected surface is an attribute of the asset, not where it happens to be.
Finally, risks are reduced, leading to a lower likelihood of an extensive cyberattack or data breach. This is achieved because Zero Trust limits the scope of any damage.
With a true Zero Trust model, risk-return is balanced
As an example, most Zero Trust implementations go hand-in-hand with some kind of Single Sign-On solution. This balances convenience and efficiency against the strength of security as users are not constantly pestered for their user credentials - authentication is managed behind the scenes on their behalf.
Without a Zero Trust model, if you tip the balance one way, productivity takes a dive, while the other way increases the risk of data theft and disruption.
Implementing a true Zero Trust model
However, this is often as far as organisations get . What if some external party manages to evade all these controls, then accesses IT assets? What if a member of staff decides to go rogue? What if a software vulnerability is exploited, leading to data theft? SolarWinds springs to mind.
The problem with most Zero Trust implementations is that they don’t take the concept far enough. They end up with a network that has many ring-fences, each with their own controls. However, the data inside the fences is not secured, so anyone that manages to get inside will have free reign over information stored.
It’s a little like security boxes inside a vault, where the individual must identify themselves at the bank, pass through locked doors then use their key plus a bank key to open the box. Once through all these layers of security the individual can simply walk out with the contents of the box. Which is fine, but only if they are the true owner.
It must be assumed that your organisation will be hacked
Leaving aside the significant problem of accurately defining, identifying, and segregating this most sensitive data, there’s one major pitfall with this concept. That is that humans are involved. The inconvenient truth is humans do what’s most convenient rather than what’s expected from an IT security point of view.
However, playing cat and mouse with the company IT security is a risk no business can afford. A ransomware attack that is becoming more prevalent is where a specific senior executive is targeted. Once the cybercriminal has gained system access, they look for information that will cause maximum embarrassment. This could be corporate – like legal action against the company – or personal. Either way, the information tends to be held locally and not in the supposedly secure vaults established by the IT department. I wonder what information was on Nancy Pelosi’s laptop that was stolen in Washington’s Capitol riots?
Organisations must implement an additional layer of technology in their Zero Trust architecture that builds security right into data – all data in all locations. This can be achieved by enforcing data authentication, and by encrypting every data file. This way, the ‘crown jewels’ that a Zero Trust architecture is built to protect, are being protected inherently, whether stored in the ‘secure vaults’ or anywhere else.
File-level data encryption
At the end of the day, it’s the information itself which we’re trying to protect. If the infrastructure can be organised so that, when data gets stolen, it’s in a form that is complete garbage to the thief, then the information remains protected even though it’s in the wrong hands.
Data encryption is traditionally seen as something complex, expensive and scary, so we tend to toy with it rather than embrace it. For example, full disk encryption is easy – we leave it up to the OS vendor and just forget about it. The catch is that full disk encryption doesn’t actually stop anyone stealing data from a live system. And Transparent Data Encryption for databases is also fit-and-forget – all it does is create another security silo outside of which data becomes unprotected.
File-level encryption seems to be treated as something dangerous; something a bit edgy that needs to be applied with care only to the most sensitive information. Which is odd, since modern file-level encryption, like the SecureAge Security Suite, should be applied universally.
The problem with only encrypting the most sensitive information is that it’s difficult to work out exactly, and reliably, what ‘sensitive information’ really is. And importantly, where it is. As previously mentioned, people will run reports, write documents and manipulate potentially sensitive information in spreadsheets, often storing them in unexpected and unprotected locations.
Don’t forget test environments – they aren’t safe either? Just look at how Equifax lost control over their users’ plaintext passwords? The reality is, you may think that you’re sure you’ve identified all sensitive data. But how sure can you possibly be?
Our data encryption solution is a tried and tested technology that balances security with useability and makes universal data encryption a reality.
Should we trust Zero Trust?
Yes… and no. If all a Zero Trust implementation does is to chop up a network, then it will reduce the scope of some cyber-attacks. What about insiders? Or compromised user accounts? Or socially engineered attacks? The list goes on.
The truth is, many data breaches are due to someone using a valid user account to access information. These so-called legitimate users have access to data that can then easily be stolen because the data has no inherent, built-in protection.
While the concept of Zero Trust is valid, the implementation must be taken right down into the data – all data, everywhere. Simply building more fences around data is just beefing up the old castle and moat architecture. By extending protection inside data itself we can truly say that Zero Trust is trustworthy.