The 5 Steps to Building a Zero Trust Network
by Robert Bond
The 5 Basic Steps to Building a Zero Trust Network
Zero Trust is a network security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data – period. It also protects those applications and users from advanced threats on the Internet. At the heart of Zero Trust is data security and specifically sensitive data or PII.
Data is the asset attackers want to steal, whether that’s personally identifiable data (PII), protected health information (PHI), payment card information (PCI), or intellectual property (IP), all of it obviously has value.
The Zero Trust model is the response to the realization that the perimeter security approach hasn’t been effective because many data breaches happened because attackers, once they got past the corporate firewalls, were able to move through internal systems without the risk of being uncovered and stopped. In addition, the perimeter itself is no longer clearly defined, because applications and data stores are on-premises and in the cloud, with users accessing them from a variety of new and evolving technologies.
Now that we’ve explained the why, let’s get into the how; but rather than getting into the details of how to set up a Zero Trust model right off the bat let’s introduce the 5 basic principles that will help protect your data:
- Identify sensitive data – where does it live on your systems and who has access to it?
- Limit access – now that you know who has access to PII, you may want to limit that access
- Detect threats – this goes without saying, however, monitor all activity related to data access including active directory, file and share access, and network perimeter telemetry
- Establish a baseline of network activity – having a baseline will allow you to better evaluate abnormalities in the activity. Not all abnormalities are incidents however, attacks will likely result in abnormalities
- Apply analytics – analytics have come a long way and can help identify attacks faster and more effectively than manually reviewing logs
How a Zero Trust Framework Better Protects Sensitive Assets
Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access. Micro-segmentation and least privileged access principles are applied to minimize lateral movement. Rich intelligence and analytics are utilized to detect and respond to anomalies in real-time.
Zero Trust is a buzzword and is used as a security marketing term with often flowery definitions that aren’t always accurate from a security perspective. This technology is, thus, crucial for many reasons. First, organizations implementing Zero Trust collapse or shrink attack surfaces. For example, a user logs into an application connected to a data storage server. The user authenticates through an Identity and Access Management (IAM) system and performs an activity then logs out. Upon logout, all IT services to the application and storage server shut down, and the attack surface closes. Even in a hostile network, lateral network traffic is stopped in its tracks and can no longer escalate privileges and move from system to system.
Second, the Zero-Trust model has become critical when organizations migrate on-prem systems to cloud-based environments. With most organizations, the internal network perimeter has expanded into the cloud; consequently, the security perimeter has become nearly non-existent as employees have become dependent on cloud services like Microsoft 365, Google Docs, and so many other emerging technologies.
The majority of organizations have moved or will move a portion of their IT services to a cloud-based platform over the next year – particularly if Covid-19 persists. Therefore, a Zero-Trust implementation is vital for organizations to safeguard their data and applications, particularly if they embrace the 7-layered security model with the Zero Trust framework.
Last, the Zero-Trust framework lays the foundation for a faster, more robust security posture. Zero-Trust can replace traditional VPN access. For example, in a conventional network, a device and user must authenticate to the VPN before they are allowed access to applications and data on enterprise networks. For Zero-Trust, the VPN is eliminated, and users and devices authenticate to the web apps and data themselves without automatically being granted any other access rights to other IT resources. This direct access method is faster because the users will not authenticate to inherited services, only the specific IT system.
5 Steps to Implementing a Zero Trust Network
Organizations have acknowledged Zero Trust as a means to successfully prevent cyberattacks. However, traditional security models and the concept of “all or nothing” has left companies hesitant to begin the Zero Trust journey. Fortunately, building a Zero Trust architecture is much simpler than it appears. Because Zero Trust is simply a reorganization of most organization’s existing architecture, it does not require new technology or a complete revamp of technology and security investments. Rather, it can be deployed iteratively while allowing you to take advantage of the tools and technologies you already have.
Using a five-step model for implementing and maintaining Zero Trust, you can understand where you are in your implementation process and where to go next. These steps are:
Step #1 – Define the Attack Surface
Most IT security organizations work tirelessly to reduce the attack surface which has become overwhelming with “work from home,” IoT, Cloud, and other evolving technology. The attack surface is always expanding, making it difficult to define, shrink, or defend against. However, with Zero Trust, rather than focusing on the macro-level of the attack surface, you determine the surface you need to protect. The “protect surface” encompasses the critical data, application, assets, and services most valuable for your company to protect.
Here are some examples of critical assets companies typically focus on protecting in a Zero Trust model:
- Sensitive Data – Credit card information (PCI), protected health information (PHI), personally identifiable information (PII), and intellectual property (IP)
- Critical Applications – Databases, transaction, authentication
- Physical Assets – SCADA controls, point-of-sale (POS) terminals, medical equipment, manufacturing assets, and IoT devices
- Corporate services – DNS, DHCP, and Active Directory®
Under Zero Trust, organizations often move their security controls as close as possible to that protect surface to create a micro perimeter with policy statements that are limited, precise, and understandable.
Step #2 – Implement Controls Around Network Traffic
The way network traffic moves across a network determines how it should be protected. Thus, it’s imperative to gain contextual insight around the interdependencies of the asset’s organizations need to protect. Mapping network traffic allows IT security to add controls to the assets to properly enforce access and provides a big picture understanding of any weak points in how the data and assets are being protected.
Step #3 – Design a Customized Zero Trust Network
While a Zero Trust model provides a blueprint for implementation, monitoring, and defense, Zero Trust networks are almost completely customized, not created from a universal design. The architecture is constructed around the assets an organization deems critical and needs to protect.
Once organizations have identified the assets, data, and services they want to protect and mapped flows relative to the needs of the business, they have the ability to map out the Zero Trust architecture, starting with a next-generation firewall (NGFW). The next-generation firewall acts as a segmentation gateway, creating a micro perimeter around the attack surface. With a segmentation gateway, you can enforce additional layers of inspection and access control, all the way to Layer 7 to stop any type of attack trying to navigate around the controls and safeguards.
Step #4 – Design Your Zero Trust Policy
Once the Zero Trust network is created, organizations will need to create Zero Trust policies using the “Kipling Method” to whitelist which resources should have access to others. Kipling, well known to novelists, put forth the concept of “who, what, when, where, why and how” in his poem “Six Serving Men.” Using this method, we are able to define the following:
- Who should be accessing a resource?
- What application is being used to access a resource inside the protect surface?
- When is the resource being accessed?
- Where is the packet destination?
- Why is this packet trying to access this resource within the protect surface?
- How is the packet accessing the protect surface via a specific application?
With this level of detailed security policy enforcement, you can be sure that only known allowed traffic or legitimate application communication is permitted.
Step #5 – Monitor and Log Traffic to Improve Security
Step 5 includes reviewing all logs, internal and external, all the way through Layer 7, focusing on the operational aspects of Zero Trust. Since Zero Trust is an iterative process, inspecting and logging all traffic will provide valuable insights into how to improve the network over time.
Once you have completed the five-step methodology for implementing a Zero Trust network for your first protect surface, you can expand to iteratively move other data, applications, assets or services from your legacy network to a Zero Trust network in a way that is cost-effective and non-disruptive.
To Learn More About How to Implement a Zero Trust Network or If You Have Experienced a Breach Please Call Us – as Always, We Are Happy to Help – 1 (888) 982-0678.
You Can Also Fill Out Our Contact Us Form Here to Talk with a Security Specialist – https://www.secureops.com/contact-us/
November 23, 2020
November 23, 2020