In the first article in this series, the authors explained why the password is no longer an effective weapon against Cyberattacks, and why two newer approaches—Perimeter Security and, even better, the Zero Trust Framework (ZTF)—are vastly more effective. In this article, the authors lay out the many advantages of the Zero Trust Framework as well as factors to consider before implementing ZTF in your organization.
The Advantages of the Zero Trust Framework
- ZTF facilitates the use of centralized monitoring: When security tools and technologies are used in conjunction with one another in an ill-planned manner, it can be very difficult for the IT Security team to track and respond in a timely fashion to the warnings and alerts. This creates difficulty in triaging and escalating the most serious cyber threats. With the Zero Trust methodology, since each device is accounted for in a logical manner, a centralized approach can now be utilized. One typical example of this is the Security Incident and Event Management software application. With this application, not only can the false positives be filtered out by making use of both Artificial Intelligence (AI) and Machine Learning (ML), but the legitimate warnings and alerts can be presented in a real-time basis through a centralized dashboard. Thus, ZTF allows the IT Security team to be far more proactive, and in turn, greatly reduce the response time in combating various threat vectors.
- Scalability is offered: With an increasing number of companies employing remote workforces, many are now opting to make greater usage of Cloud-based resources, such as those offered by the AWS or Microsoft Azure. Certain entities still choose to have a brick-and-mortar presence and, consequently, still have some remnants of an On Premises solution. Regardless of the option chosen, the ZTF allows for the seamless transfer for apps, digital assets, and even the confidential information and data (especially the Personal Identifiable Information [PII] datasets) from one place to another in a secure and safe fashion.
- Breaches become virtually impossible: Before the Covid-19 pandemic hit, many businesses adopted the “Perimeter Security” approach to protecting their digital assets, meaning there was only one line of defense separating the internal environment from the external environment. As a result, if the cybercriminal were to penetrate through this perimeter, they could gain access to just about anything in the IT and Network Infrastructure and move covertly through the organization, all the while accessing sensitive company information. But with the ZTF, the implementation of multiple layers of security means that it becomes that much harder for the cybercriminal to gain access to said information, as it will take significantly longer to break through every line of defense and easy for security teams to respond to said cybercriminal before the threat actor has accessed pertinent company data. In the end, the cybercriminal is likely to not see this particular endeavor as worth their time.
It is very important to note that the ZTF is not a product, nor does it take a one size fits all approach. Rather, it is deemed to be a methodology, of which the parts and components of it must be tailored to the security requirements of each individual entity. For example, although the ZTF explicitly states that each and every asset must be protected, commercial reality may dictate otherwise. Low risk digital assets may not have to become their own island – indeed it may be acceptable to combine multiple assets in one island.
In the next section, some of the critical variables in deploying a comprehensive ZTF are examined.
Zero Trust Framework Implementation – Consideration Factors
When implementing ZTF for a company, here are some prominent considerations:
- Determine what needs to be protected: One of the fundamental concepts behind the ZTF is that an entire IT and Network infrastructure has to be broken out into different segments. Although the overall goal is to have a 100% breakdown, this may not be feasible, depending upon a company’s security requirements. For this reason, companies should work with their IT Security teams and carefully map out what really needs to be protected, and how it can be further divided. It is important to note that this isn’t a one-time, static analysis, but rather should aim to be dynamic and scalable. For example, if the IT/Network infrastructure grows or shrinks over time, the ZTF that is deployed should follow in tandem. A micro view is required beyond a macro view, since each layer of separation will require its own needs and attention. This kind of approach is also known as “DAAS”, which stands for critical Data, Software Applications, Digital Assets and S
- Determine how data flows: Normally taken for granted, with ZTF how data flows within an IT/Network infrastructure must be carefully mapped. Since segmenting is occurring, there needs to be a clear and seamless flow for the data packets to avoid them being blocked off at one point and not being able to reach the other segment. This type of analysis yields a clearer picture of the controls that could potentially be needed, and how best they should fit into the model strategically.
- Create a tentative model: The next step is to actually formulate a working model of the ZTF. It is very important to keep in mind that at this stage, there is no one size fits all approach. A ZTF should be created according to individual security needs. At this stage, one of the key items to consider is the type of authentication mechanisms that will be needed, and where they should be placed so that they best support the controls that will be implemented. With this methodology, MFA is an absolute necessity, where at least three or more tools must be implemented in order to fully confirm the identity of an end user. Furthermore, they must also be different in nature, according to the following rules:
- Something you know
- Something you have
- Something you are
For example, a password could be used for the first, an RSA token could be used for the second, and a Biometric could be used for the third. Meaning, the end user has to present all three pieces before they will be granted access to the shared resources. Another key item to remember is that each segment in the ZTF should not repeat the same authentication sequencing from the previous layer. To illustrate this, the second layer should consist of a set of challenge/response questions, a smart card which contains more detailed information about the end user, and a different Biometric modality. Finally, if more than three authentication mechanisms are implemented, a greater level of security is attained.
- Creating the policies: Another key element of the ZTF is the creation of the Security Policy acts as its It should at minimum, consist of the following to enforce yet another layer of security:
- Which end users should be accessing what resources.
- An audit log of the resources and applications that are being accessed.
- The times of the day in which shared resources can be accessed.
- Implementation of the Next Generation Firewall to allow even more advanced filtering and blocking of malicious data packets.
- Daily Monitoring: Once a working model of ZTF is created, it should then be deployed. However, avoid rolling this out all at once and instead use a phased approach. For example, rather than deploying all of the authentication mechanisms for each segment, do them one at a time. That way, if any unforeseen issues come up, they can be resolved in an efficient and manageable fashion.
Next up: The next article in this series will delve into the topic of multi factor authentication and the use of biometrics in the Zero Trust Framework. From fingerprints to facial recognition to iris scans, prepare to be amazed by the technology.