What is Zero Trust?
Zero Trust Security Model
The Zero Trust Security model moves access control mechanisms from the network perimeter to the actual users, devices and systems. A centralized policy engine verifies the user identity and validates their device before granting access, and then intelligently limits the access and privileges they have on the target system.
Additionally, the policy engine factors other dynamic variables, such as the past behavior of the user, the current location of the user, time, day and more to ultimately form trust score for each access attempt. Based on the value of the trust score, the policy engine will either grant access to the system, challenge the user with MFA or block access entirely.
What about Zero Trust Networking?
Zero Trust Networking is a security model rooted on the principle of preventing lateral movement within the corporate network. This is accomplished by adding more granular perimeters, primarily through the use of micro-segmentation within the network. By adding more perimeters and requiring a user to be verified at more locations within the network, you can reduce the lateral movement from less sensitive systems into more valuable systems by bad actors.
The origin of Zero Trust Networking originated from weaknesses uncovered with traditional perimeter-based security models. Where trust is assumed for users within a private network, a Zero Trust model assumes threat actors already exist on the networks and thus, trust needs to be reduced or removed. So it made logical sense to continue adding perimeters and/or moving the perimeter closer and closer to the assets you are trying to protect.
Shortcomings of a Network Perimeter Approach
Traditionally, a network perimeter is a wall that isolates systems within a private network from the public internet. The challenge was, there were always systems within a private network - such as an email server, that needed to communicate externally to email servers in other private networks. External users and business partners also needed access to internal systems within a network. This left even the most robust network perimeter implementations, porous, with entry ways for outside attackers to gain access to systems within a private network.
And in modern times, there are many new challenges to relying on a network perimeter approach, no matter how granular:
- Users are increasingly mobile, accessing applications and data without crossing any corporate network perimeter
- Users use devices that are not owned or controlled by their organization
- Data and applications increasingly stored in the cloud and SaaS applications
Evolution of Zero Trust
Luckily, other adaptations of the Zero Trust concepts have emerged that focus more on access control that is effective regardless of the network. For example, Google built upon Zero Trust principles in their own model, known as Beyond Corp, which fundamentally shifts access control from the network perimeter to individual devices and users. Gartner formulated CARTA – Continuous Adaptive Risk and Trust Assessment, a higher-level risk management philosophy that heavily relies on data analytics and anomaly detection to facilitate faster detection and automatic response to security threats. While there are nuanced differences, all models recognize the changing threat landscape and acknowledge the need for a new security approach.
Benefits of Zero Trust Security
The Zero Trust Security model aims to solve challenges with traditional perimeter-based security models. The fundamental difference being enforcement mechanisms are moved from the network perimeter to the target system. Access control is an integral component of Zero Trust Security, with heavy emphasis on verifying the identity of the user and validating their device before access to a system is ever granted. Zero Trust still prescribes the need for network perimeters and other mechanisms such as encryption because they serve as another layer of security. However, with breaches happening at an alarming rate, cloud adoption on the rise, and great dependence for technology, the Zero Trust Security model will be the new security paradigm to combat against cyber threats.
Centrify helps achieve Zero Trust Security through the power of Next-Gen Access (NGA).
Any organization considering a Zero Trust Security approach should also plan for the use of NGA technology. Only looking at the network or data leaves gaps in security controls, ultimately failing to achieve any strategic security goals, much less a Zero Trust strategy. NGA technologies enable better insight and better situational awareness of who is doing what in a network and enforce the policies that should be in place for data access, all key components of a Zero Trust strategy. To learn more about Centrify’s Zero Trust Security solution, please visit https://www.centrify.com/zero-trust-security/.
- Zero Trust Identity and Access Management - A Fundamental Mind Shift (Video): https://www.centrify.com/resources/zero-trust-identity-and-access-management-a-fundamental-mind-shift/
- Centrify Resources - Zero Trust Security: https://www.centrify.com/resources/?tag="Zero Trust Security"