fbpx

Zero Trust Architecture 101

by Damiru Siriwardana 21 Aug, 2019
When it comes to the Internet, better safe than sorry!

Networks were typically built up to guard information from external access, which is why firewalls and similar safeguards protect one’s network from unverified software and communications attempting the network. But insider attacks have become more prevalent with 60% percent of all attacks being carried out by individuals inside the network, according to IBM.

Such statistics have led firms to rethink their entire cyber security framework, which brings us to our blog topic – Zero Trust architecture. Quite simply, this means all information that enters or exits the network must be verified and focusses on preventing threats moving within the network, basically double-checking the data at every terminal.

Of course, this means a lot more work in maintaining security, especially if your IT environment is more complex than average. But correctly implementing this framework would make it easier to detect threats and even track attackers to prevent the attack from continuing.

Since its inception in 1998, Google has evolved to become a prominent multinational technology corporation today.

 

 

Google, for example, was one of the pioneer companies to introduce Zero Trust in 2013, where they chose to adopt a tiered system across the corporation using BeyondCorp. Four tiers of access, namely “untrusted” “basic access” “privileged access” and “highly-privileged access”, are used to differentiate who or what applications are given permission. This categorization allowed the system to be aware of the user’s role within the company and even the device being used in that instance.

SO HOW CAN YOUR FIRM IMPLEMENT A ZERO TRUST FRAMEWORK?

MICRO-SEGMENTATION FOR WORKLOADS

Keeping track of data processes within an organization can get difficult therefore ‘micro-segmenting’ workloads in data centres would make it easier to update permissions when devices and processes are added or removed. This prevents even minute missteps in the configuration affecting productivity of other individuals, as each process is located independently.

WHITE-LIST TRUSTED SITES

Although micro-segmentation manages to secure data comprehensively, isolation remains an issue, specifically when it comes to web-browsing. Many security professionals then suggest white-listing trusted sites as limiting access to all but known websites would allow users within the network to safely engage with the website.

USING NETWORK GATEWAYS

Although, white-listing has its shortcomings as well, as access requests interfere with employee productivity. IT staff must drop other important work to investigate and respond to such requests while users must wait on the approval of each request.

However, network gateways provided by your own securities firm of choice address this issue. Gateways would do away with the need for Virtual Private Networks and permit access to web applications and on-premises websites through a more convenient and securely monitored process.

REMOTE BROWSER ISOLATION

Coming up as an increasingly popular method to securely access the web, all browsing takes place remotely on a virtual browser, dubbed Remote Browser Isolation (RBI). Usually operated from within the cloud, this method of interaction makes sure no content touches the user device and does away with the need for whitelisting and access requests.

Zero Trust architecture remains to be a niche concept and proper implementation of which would involve months or even years of dedicated cyber security work. Nevertheless, small yet concrete mechanisms such as those mentioned above would greatly help in securing your network against both internal and external threats.