Security in the Real World
There’s a relatable metaphor that best describes how network security architectures have evolved. In other words, when you have limited risk, your network security architecture can be simple but as the risks become greater—when certainty in your security decreases—then you need to rethink how to keep your property safe. As a consequence, security becomes more complicated.
In the late ‘80s through the early ‘90s, network security was simple; once an entity (a person, a machine, a process) was inside your network and authenticated with your security service it was assumed that entity was trustworthy. Of course, this couldn’t last for long. As networks started to become more central to business operations and the need arose for external connections for business partners, network complexity increased exponentially. By the late ‘90s, these networks began connecting to the internet, and by the 2000s, hundreds of service providers complicated networks further by offering software-as-a-service (SaaS).
The End of Simple Network Security
By 2010, the network no longer had a single, unbroken network perimeter. It had become “porous” to support mobile and remote workers, as well as business partners and new third-party services. “One and done” authentication of entities requesting access became inadequate. You could no longer assume that anyone on your network, including your staff, could be trusted.
A Better Network Security Architecture
In 2010, John Kindervag, an analyst at Forrester Research, wrote a paper that popularised the idea of the Zero Trust architecture.
Over the next few years, as enterprise computing embraced cloud computing and the problems with perimeter security became more pressing, the concept of the Zero Trust architecture gained traction.
The fundamental concept of the Zero Trust architecture is simple: Never trust, always verify.
How to Build a Zero Trust Architecture?
Zero Trust network architectures have four main requirements:
· The use of micro-perimeters and micro-segments to restrict traffic flow and limit user privileges and access as much as possible.
o Micro-perimeters take the concept of a secured network perimeter that defines what is inside of the network and what is outside and applies similar access controls to smaller groupings of network entities, sometimes even to a single device.
o Micro-segmentation creates zones within data centers and cloud environments to isolate workloads and secure them individually.
· Effective incident detection and response using comprehensive analytics and automation.
· Integrated multi-vendor network solutions to ensure seamless compliance and unified cyber security.
· Comprehensive and centralized visibility into all entities and workflows including users, devices, data, the network itself, and workflows. Including visibility into all encrypted communications.
To reiterate, the Zero Trust security architectures are based on not trusting anyone or anything on your network. Every access attempt by any entity, even if known, must be validated at multiple points to make sure no unauthorized entity moves into or within the network without being detected.
Making a Zero Trust network work requires in-depth traffic inspection and analytics. Central to this is the use of SSL inspection solutions that decrypt and analyze encrypted network traffic (sometimes called “break and inspect”) to ensure policy compliance and maintain privacy standards.
By monitoring encrypted traffic to detect suspicious network communications and malware payloads as well as attempts to exfiltrate controlled data, for example, credit card and social security numbers, SSL inspection makes it possible for the Zero Trust model to protect networks from both internal and external threats.
Why You Need to Migrate to a Zero Trust Security Architecture
Here are the five crucial reasons to move to a Zero Trust network:
· The complexity of your network—the number of users, where they work, the devices they use, the number of workloads, your use of SaaS, a hybrid cloud environment, and so on—is just going to increase. A Zero Trust network reduces the complexity of securing your assets and isolating problems.
· Because the complexity of your network is increasing rapidly, the attack surface of the network has expanded. To reduce vulnerability and regain control, you must establish micro-perimeters and micro-segments.
· Third-party services such as SaaS and PaaS can’t be trusted: it takes one breach to compromise your network. Creating robust micro-perimeters around these services is an absolute must.
· The internet is, essentially, an unsecured network, and cyberattacks from amateurs, organized crime, and hostile state actors are increasing rapidly. In addition, the costs of mitigating a breach or a ransomware attack have increased enormously. The financial risks have become profound and will drastically change IT budgets.
· Insider threats have also increased rapidly. A mix of employees working from home and from branch offices and simultaneously providing access externally requires robust and well-structured security controls.
If you’ve started down the path to a Zero Trust network, are you moving fast enough? Does the C-suite understand the issues, and will it fund a strategy that might be all that stands between business success and irreversible failure?
If you’ve not yet started to plan and implement a Zero Trust architecture, there’s no time like the present.