What is Zero Trust?
Hardly a day goes by without news of a cyber breach reaching the headlines. With recent large-scale attacks such as the Colonial Pipeline being widely publicised in the mainstream media, cyber-criminals can see that there is money to be made, leading to a vast increase in Ransomware-as-a-Service and subsequent phishing attacks. In fact, the Cyber Security Breaches Survey 2023 reports that around a third (32%) of businesses have experienced an attack in the last 12 months.
As such, the need for robust cyber-security is more crucial than ever. Employing measures such as encryption, authentication and a model of zero trust is vital to safeguard your data. The term ‘Zero Trust’ is not uncommon amongst those in the tech community, but unfortunately it hasn’t yet established itself as a known strategy to many business owners. The concept has been rapidly growing in both popularity and necessity in recent years, particularly following Google’s implementation of the model in 2014.
So, what is Zero Trust?
The term zero trust does not refer to specific technology but is rather associated with an overarching approach to network security. It is a security framework centralising around the belief that no one should ever be automatically granted access to a network – instead stringent identity verification is required for every user and every device, regardless of where they sit in relation to the network perimeter. The model essentially acts under the impression that all users and devices trying to access the network are threats.
Why is Zero Trust needed?
Traditional approaches to network security such as the castle moat method are flawed. This legacy framework essentially trusts all users once they are past the network firewall security, which means that if a malicious third party were to gain unauthorised access, they can then freely move through the internal systems, accessing any data they like.
Unfortunately, the majority of data breaches occur when a hacker achieves access to the target network by bypassing the company’s security appliances or through an attack vector that relies primarily on human error such as a phishing email, and once this happens, hackers then have free reign in your network…
The need for digital transformation also means that modern organisations commonly have their data spread across cloud vendors, making it harder for the traditional castle moat approach to work effectively. Employing the zero trust model can therefore help to protect fragmented networks with data in multiple locations.
The main tenets of Zero Trust:
- Authenticate and Verify Access
Zero trust teaches us to ‘never trust, always verify.’ The first basic principle is to verify the access of any user, device or workload who is trying to access the network – there is no such thing as a trusted source. A lot of organisations choose to use Microsoft Azure Active Directory as a built in solution for managing identities and providing Multifactor Authentication (MFA) – a basic security best practise for protecting and governing access.
- Adopt a Least Privileged Model
The ‘least-privileged access’ model, essentially means that only those that require access are given it. This means that users do not have access to sensitive information that they do not need, plus, if a singular account is compromised, the hacker is prevented from accessing large amounts of data.
- Network Segmentation
Micro segmentation is a popular method to achieve a zero trust model and network firewall security. It requires network security perimeters to be broken into multiple, smaller VLANs with individual access required for each segment of the network. This allows heightened control over the east-west traffic within your network, drastically reducing the places malware can travel and the damage it can cause.
- Risk Management Analytics
Arguably the most important aspect of maintaining a zero trust model – inspecting and logging all network traffic for any signs of malicious activity. With unified threat management in place, you will be able to differentiate between a regular login attempt and a suspicious one. Implementing Microsoft Azure Sentinel is a great tool to help you achieve your zero trust model as it uses built-in AI to provide a birds eye view across your organisation, seeing and stopping network threats before they can even emerge.