In 2010 John Kindervag, a Forrester Research analyst, created the concept of ‘zero trust’ based on the idea that companies should not immediately trust entities outside or even inside of the business.
Zero trust security architecture is a widely recognized and used cybersecurity framework for businesses and is the most effective way to stop data breaches. As the name states, zero trust security comes down to the concept that an organization should not immediately trust any entity inside or outside of their system. This means that a new user, device, or connection is not granted any access permissions until it has been verified. Even after verification, this unit is only given the minimum access needed to complete the job it planned to do.
In a world where the cloud has become a key part of accessing, storing and managing an organizations systems; More people, devices and connected locations have access to this information than ever before. As a result of this, company data is often accessed outside of the private network, being connected to employees’ devices and shared with external partners.
Within a zero-trust approach verification is the focus, authenticating every attempting to connect to the system and providing the least access needed to run operations.
Before the proliferation of smart phones, businesses had the luxury of an established network perimeter which rarely extended beyond physical locations. The network perimeter of a business has changed drastically over the past decade. Through advancements in technology along and social forces, organizations’ systems have moved to a fast-paced digital blueprint featuring cloud storage, remote workforces and an assembly of countless device connections. While this has improved the speed and ease of business, it has also made the boundaries of a business’ internal and external system difficult to define and harder than ever to protect from cybercriminals.
As technology advances and more businesses move to online and cloud-based systems of operations, cybercrime has skyrocketed. Cyber criminals have more opportunity than even to infiltrate the systems of consumers and businesses. In a report by McAfee detailing the Hidden Costs of Cybercrime, it was estimated that in 2020 the average cost of cybercrime reached $945 billion globally, nearly $1 trillion dollars! This is a drastic increase when compared to 2018 where the global cost of cybercrime was estimated at $522 billion, detailing more than a 50% increase within only two years.
This report stresses the growing danger of cybercrime, not only from a financial perspective but in terms of data privacy. The pandemic has given employees more access to their business' systems in remote work settings, but it has also given cybercriminals more opportunities to breach those systems. As workers and businesses move into online work environments, new security systems and methods must be implemented to effectively defend them.
Historically, firewall security of an organization’s systems has focused on protecting the perimeter. Preventing external threats from infiltrating the data of the business. Zero-trust security on the other hand, is more favourable than many cybersecurity defenses as it does not assume that anything on the inside is secure and does not pose a threat.
Organizations with complex systems will find that the transition to a zero trust framework will take multiple phases, and may take years to fully integrate. Zero trust is an ongoing process that cannot be completed without a lot of effort. Developing new ways to effectively authenticate specific access to segmented business operations. It is safe to assume that the threat of a data breach or malware infection potentially stopping business will pose a much greater burden to the organization. Some of the components of the zero-trust security architecture are the following.
The traditional network security model automatically trusts users within the organizations internal system and withholds trust from the external network. This can be understood as a moat and castle defense, keeping threats on the outside of the system and assuming that everything on the inside is safe. Unfortunately a ‘trojan horse’ may breach the castle walls, moving through a seemingly safe device or endpoint, compromising the system and accessing different data sectors with ease. The weakness of these systems is that once these malicious actors have breached the firewall the system is vulnerable to malicious internal threats.
The idea of zero-trust security does not fully ignore the traditional security model but works alongside it, adding means for security that aim to protect against these internal threats before they get a chance to compromise the organizations system and data. This model is structured around the continuous monitoring and validation of user endpoints, controlling the specific privileges and access that each connection is permitted. The immediate assumption of the zero-trust security model is that every connection could be a malicious threat. This keeps a tight security channel and allows the organization to have a grasp on all of the connected endpoints and the duties they perform.
Multifactor authentication requires that the user to go through two or more verifications before gaining access to a given application, account or other parts of the system. In addition to providing a username and password, the user may be required to give an additional pin, answer a security question, verify through a registered phone number, fingerprint/face ID, or other means. In the case that a password has been stolen by third party data breached or attacks, MFA will keep the access secured by providing multiple levels of protection.
Identity and access management comes down to understanding and managing the different user identities and the access that they are permitted within the organizations system. Similar to how there are different membership levels and associated benefits at your local gym, employees should only be given the level of access needed to complete their job rather than entry to all of the companies' data. IAM helps monitor user activates, ensure compliance with security standards and control the secure access of company resources.
Endpoint security is designed to protect the endpoints from malware attacks. An endpoint can be described as any device that connects to a company network from outside of its firewall such as, laptops, mobile devices, IoT devices, POS systems and more. Endpoint security is an essential part of zero-trust framework as these endpoint connections can act as entry points for an attack on the corporate database. As cloud systems become an essential part of the organizational structure and remote work is becoming more common the number of endpoints is only growing.
Micro-segmentation is the process of creating several different security zones across the different organization sectors. Within the zero-trust architecture, this allows the business to manage the access controls and allocate for specific jobs and workloads. By creating these segments across the network, user identities can be more easily managed, creating multiple levels of protection and reducing the ability for hackers to move throughout all levels of the system.