Build a Zero Trust Architecture with These 5 Steps
An evolving threat landscape requires a security approach that looks within the network perimeter.
In years past, cybersecurity professionals approached their work with a strong focus on the network perimeter. Everything inside the network was presumed to be trusted, while everything outside the corporate firewall was a potential threat. This approach has not withstood the test of time, and organizations now find themselves operating in a threat landscape where it is quite likely that an attacker already has a foothold on their network through a compromised system, vulnerable wireless connection, stolen credentials or other means.
The customers I work with every day understand the realities of the new threat landscape and are looking for security solutions that help combat this rising threat. I believe that the strongest approach to security in this new environment is adopting a zero trust philosophy. Under this model, we make no assumptions about trust — other than the assumption that no user or device is trusted until they have proved both their identity and their authorization. With this new mindset in place, we then explore five adaptations of the customer’s security controls to better support a zero trust approach.
1. Segment the Network
2. Enhance Identity and Access Management
The second prerequisite for implementing zero trust is a strong identity and access management infrastructure. The use of multifactor authentication provides added assurance of identity and protects against credential theft. Deploying role-based access control allows applications to limit access in a manner that enforces the principle of least privilege.
3. Implement Least Privilege at the Firewall
Least privilege also applies to networks. After building out network segments, cybersecurity teams should lock down access between networks to only traffic required to meet business needs. For example, if remote offices do not need direct communication with each other, that access should not be allowed by default.
4. Add Application Context to the Firewall
Modern firewalls go far beyond the simple rule-based inspection of years past. Cybersecurity teams should add application inspection technology to their existing firewall deployments, ensuring that traffic being passed over a connection bears appropriate content. For example, application context controls can verify that outbound Domain Name System traffic actually corresponds to queries and responses and is not being abused by an attacker to stealthily exfiltrate sensitive information.
5. Log and Analyze Security Events
Security requires insight, and insight requires information. Cybersecurity analysts can do an effective job only if they have a consolidated view of security events gathered from systems, devices and applications across the organization’s network and cloud services. Using a security information and event management (SIEM) solution allows for the rapid correlation of massive quantities of security information and provides analysts with a centralized view into that data.
These five steps will help organizations get started with their journey to a zero trust architectural model that can best adapt to evolving cybersecurity threats, both on-premises and in the cloud. I encourage cybersecurity professionals and technology leaders to take stock of their current environments and identify opportunities to enhance their security controls.
This blog post brought to you by:
