Zero Trust is a model for IT security in which access is only granted if the connecting devices and users are confirmed to be both authorized and authenticated. This is true regardless of the location of devices or their users. While there are a variety of techniques available to implement Zero Trust, it is characterized by adherence to key principles, such as vetting devices and users before they connect.
The Zero Trust Model
While it’s been almost a decade since the term was coined by Forester in 2010, Zero Trust remains relevant. In fact, the Zero Trust model has become a key way for organizations to help keep their network resources safe.
Under Zero Trust, everything is viewed as suspect. Whereas, for example, other models of network security might only account for devices outside your network being cause for concern, the Zero Trust model views every device and its users with suspicion. This adds a layer of protection to organizations’ networks and consistency between the user experience for connecting to resources inside or outside the network.
Why Do Organizations Need the Zero Trust Model
Today’s network resources are often spread out and include cloud-based resources. Often the resources accessed in the cloud cannot be protected by traditional layers of network security. Accounting for the fact that those accessing these resources might not be on an office Wi-Fi network but anywhere, even an insecure public network, this increases the risk of devices owned by trusted users being compromised, allowing outsider and insider threats to infiltrate an organization’s network. Thankfully, Zero Trust Techniques can extend to protect cloud hosted applications and data. For more information on how the Zero Trust model can prevent insider threats, read Impulse’s article “Insider Threats and the Zero Trust Model.”
Zero Trust Techniques
The Zero Trust model advocates for a number of techniques that enable an organization to know who and what is using their network. This technique views everything on a network with suspicion. It advocates accomplishing this with cyber security techniques including the following:
- Network segmentation: Segmenting a network into different zones can limit the impact if the network is compromised. An attacker trying to go East-West within the network will not have access outside of the zone they compromised.
- Using techniques like Software Defined Perimeter (SDP) can even make networks so segmented as to have a “perimeter of one.”
- Least-privilege access: Granting users access to only the resources they need can help keep critical resources from being compromised. If a user’s credentials are compromised, least-privilege access narrows what the attacker can access.
- Ensure secure access: Use data about the device and its user to make sure a device’s connection is secure—this would include a technique such as mutual-TLS, where the client and server authenticate each other. Also implement techniques like multifactor identification to help ensure users are who they claim.
- “Black cloud:” By effectively using a Deny-All firewall that dynamically permits access to application resources to only vetted client devices and users, many common network-based attacks can be prevented.
Note that most traditional VPNs do the opposite of what’s suggested by Zero Trust. Once connected via a VPN, you effectively have the same access to a corporate network as you would in your office.
SafeConnect Software Defined Perimeter
Impulse’s SafeConnect Software Defined Perimeter (SDP) abides by the Zero Trust principles listed above and is a more secure alternative to traditional VPNs. SafeConnect SDP delivers Zero Trust using a software-as-a-service model that allows users to access their corporate networks from anywhere while protecting valuable data from internal attacks.
To learn more about SafeConnect SDP and request a 30-day trial subscription, visit Impulse’s SDP page.
Want a chance to win $150? Fill out Impulse’s network security survey!