“Trust no one.”
That was one of the taglines for The X-Files, the popular science-fiction television series about FBI agents who investigate a series of bizarre, supernatural cases. It’s also becoming a mantra for modern network security.
Faced with relentless cyber threats and expanding attack vectors, network security pros have begun to embrace a “zero trust” model as an alternative to traditional perimeter-focused protections. This model effectively makes identity the new security perimeter by assuming that every user and device that attempts to access the network is a threat until their identity has been authenticated.
It’s a radical departure from conventional practices that use firewalls and other perimeter defenses to protect the private network from the public Internet. That’s no longer effective as we increasingly depend on resources that live outside the firewall.
Today’s remote and mobile employees commonly use multiple personal devices to reach beyond the old network perimeter and gain anytime, anywhere access to data, applications and services from multiple data centers and the cloud.
This back-and-forth access between public and private networks allows users to be more productive and efficient, but it also opens the door to new cyber threats. Sophisticated and stealthy threats such as fileless malware and advanced persistent threats (APTs) often piggyback on approved apps to get inside the network. Once inside, they capitalize on the presumption of trust inside the firewall to remain undetected for long periods, moving laterally within the network to gather credentials and other valuable information.
Zero Trust Model
The zero trust model addresses these challenges through the application of three key principles — verify every user’s identity, validate every device and limit access privileges. It is not a technology per se but a means of using existing technologies to better address today’s distributed environment.
- Identity and access management (IAM) provides a framework for verifying user identities. IAM integrates a variety of tools such as multifactor authentication, user provisioning and password management into a comprehensive platform.
- Role-based access controls, coupled with least privilege access policies, help ensure that users can access only the applications and data they need to do their jobs. Authentication is performed at the application layer.
- Network segmentation works with role-based access control to further limit what users can access. If a user’s account or device is compromised, the attacker is thwarted from moving laterally through the network.
- Behavioral analysis helps detect compromised user accounts, vulnerable devices and insider threats. Even after identity verification, users and devices are continually inspected and evaluated to guard against deviations from defined policies.
- Continuous monitoring of system and network activity provides visibility into the security posture of the IT environment. Automated tools should be used to collect and analyze log data and alert IT teams of potential threats.
Develop an Action Plan for Improving Your Security Maturity
GDS offers a suite of fully managed solutions that can provide the foundation for a zero trust approach. Our Advanced Infrastructure Security solution analyzes network traffic up to and including Layer 7 in order to classify users, content and applications. Identity-based, device-aware access control enables the enforcement of policies according to the user, device type, location and other criteria. GDS also helps you protect all of your endpoints and continuously monitor your environment to detect threats that get past initial defenses.
Network security pros have begun to embrace a “zero trust” model.
For decades, organizations focused on creating a secure network perimeter that protected users and devices from the outside world. That security architecture does not effectively support today’s remote and hybrid workstyles, in which many users and devices are connecting from public networks. GDS can help you implement the technologies that strengthen your security practices and enable the zero trust model.