{"id":6516,"date":"2021-04-01T14:06:33","date_gmt":"2021-04-01T12:06:33","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=6516"},"modified":"2021-04-01T14:07:45","modified_gmt":"2021-04-01T12:07:45","slug":"what-is-zero-trust-ultimate-guide-to-the-network-security-model","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/what-is-zero-trust-ultimate-guide-to-the-network-security-model\/","title":{"rendered":"What is zero trust? Ultimate guide to the network security model"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h2 class=\"wp-block-heading\"><strong>A zero-trust model is a security framework that fortifies the enterprise by removing implicit trust and enforcing strict user and device authentication throughout the network.<\/strong><\/h2>\n\n\n\n<p>By<a href=\"https:\/\/www.techtarget.com\/contributor\/Sandra-Gittlen\">Sandra Gittlen<\/a> and <a href=\"https:\/\/www.techtarget.com\/contributor\/Laura-Fitzgibbons?_gl=1*smz0jh*_ga*MTY3ODE5NDQ4OS4xNjE3Mjc4MTI5*_ga_RRBYR9CGB9*MTYxNzI3ODEyOC4xLjEuMTYxNzI3ODE2OS4w\">Laura Fitzgibbons<\/a><\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>This guide goes in-depth into the origins of zero trust, its architecture, the technology and products that comprise a zero-trust model, as well as how to implement and manage zero trust. Links enable readers to dig even deeper and become experts in this critical security strategy.<\/p><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>What is zero trust?<\/strong><\/h3>\n\n\n\n<p>The main tenet of zero-trust security is that vulnerabilities often appear when\u00a0companies are too trusting of individuals or devices. The zero-trust model suggests that no user, even if allowed onto the network, should be trusted by default because they could be compromised. Identity and device authentication are required throughout the network instead of just at the perimeter.<\/p>\n\n\n\n<p>By limiting which parties have privileged access to each segment of a network, or each machine in a secure organization, the number of opportunities for a hacker to gain access to secure content is greatly reduced.<\/p>\n\n\n\n<p>The term&nbsp;<em>zero trust&nbsp;<\/em>was introduced by an analyst at Forrester Research in 2010, with vendors, such as&nbsp;Google&nbsp;and&nbsp;Cisco,&nbsp;adopting the model shortly after.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Why is a zero-trust model important?<\/strong><\/h3>\n\n\n\n<p>Traditional IT security strategies, such as VPNs and firewalls, create a perimeter around the network that enables authenticated users and devices to traverse the network and access resources with ease. Unfortunately, with so many users working remotely and so many assets being placed in the cloud, relying solely on the\u00a0perimeter approach is becoming less effective, less efficient and more dangerous.<\/p>\n\n\n\n<p>A zero-trust model, conversely, provides strong protection against the\u00a0types of attacks that plague businesses today, including the theft of corporate assets and identities. Adopting zero trust enables organizations to do the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>protect company data;<\/li><li>boost the ability to do compliance auditing;<\/li><li>lower breach risk and detection time;<\/li><li>improve visibility into network traffic; and<\/li><li>increase control in a cloud environment.<\/li><\/ul>\n\n\n\n<p>A zero-trust model supports\u00a0microsegmentation\u00a0&#8212; a fundamental principle of cybersecurity. Microsegmentation enables IT to wall off network resources so potential threats can be easily contained and not spread throughout the enterprise. Organizations can apply granular policies enforced by role-based access to secure sensitive systems and data.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/networking-microsegmentation-f.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How does ZTNA work?<\/strong><\/h3>\n\n\n\n<p>Zero-trust network access (ZTNA), part of a zero-trust model, uses identity-based authentication to\u00a0establish trust and provide access\u00a0while keeping the network location &#8212; i.e., the IP address &#8212; hidden. ZTNA adapts access to specific applications or data at a given time, location or device, and provides IT and security teams with centralized control and improved flexibility to secure highly distributed IT environments, according to Lee Doyle, principal at Doyle Research.<\/p>\n\n\n\n<p>As organizations scale their remote user and IoT environments, ZTNA secures the environment, identifying anomalous behavior, such as attempted access to restricted data or downloads of unusual amounts of data at unusual times.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"5 ZTNA Benefits for Network Security\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/vsWqZhS9j2Y?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Planning for zero trust<\/strong><\/h3>\n\n\n\n<p>In an interview with SearchSecurity Site Editor Sharon Shea, IEEE Senior Member Jack Burbank\u00a0explained the reality of zero-trust adoption and planning. &#8220;Zero trust is not a single product, nor is it a single approach or technique. It is a mindset, a decision. It is an organization saying, &#8216;Network security is a priority&#8217; and then putting resources behind that statement,&#8221; he said.<\/p>\n\n\n\n<p>Independent analyst John Fruehe said that\u00a0zero trust makes sense for high-profile targets\u00a0&#8212; such as government agencies, critical infrastructure and financial institutions. Adopting it elsewhere could be overkill. Some experts contend that zero trust could be an excellent model to adopt for new companies, however, because they are unencumbered by legacy infrastructure.<\/p>\n\n\n\n<p>Zero-trust can require more resources than a traditional perimeter-based approach, and if not monitored carefully,\u00a0can cause productivity delays. For instance, if employees switch jobs but their access isn&#8217;t updated promptly, then they might not be able to access the resources necessary for their new roles.<\/p>\n\n\n\n<p>Whether on premises or\u00a0in the cloud, adopting a zero-trust model requires strong authentication mechanisms; systems to define, enforce and adapt user access policies; and tools to create and adapt software-defined security perimeters.<\/p>\n\n\n\n<p>The following five principles set the scope of&nbsp;a zero-trust model:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Know the protect surface (users, devices, data, services and the network).<\/li><li>Understand the cybersecurity controls already in place.<\/li><li>Incorporate new tools and modern architecture.<\/li><li>Apply detailed policy.<\/li><li>Deploy monitoring and alerting tools.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security-zero_trust_certs_and_training-h.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>To begin to\u00a0plan for zero trust, organizations will need a dedicated, cross-functional team drawn from different groups &#8212; such as applications and data security, network and infrastructure security, and user and device identity. Security operations personnel also will play an essential role in launching zero trust because they can help assess risk.<\/p>\n\n\n\n<p>Companies will need to quickly figure out the dedicated team&#8217;s knowledge gaps and fill them by making sure team members get\u00a0specialized zero-trust training and certification.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Zero-trust use cases<\/strong><\/h3>\n\n\n\n<p>As organizations begin planning for zero trust, they should look to existing use cases to determine what elements they want to incorporate into their own zero-trust architecture.<\/p>\n\n\n\n<p>Andrew Froehlich, president of West Gate Networks, offered three clear examples of\u00a0how zero trust can help protect the enterprise:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Secure third parties working inside the corporate network.<\/li><li>Protect remote workers accessing public cloud resources.<\/li><li>Provide IoT security and visibility.<\/li><\/ol>\n\n\n\n<p>GitLab, a DevOps firm with a 100% remote employee base, is a\u00a0case study for zero trust. Users were working in a SaaS environment and the security team wanted every host and every asset in the network to be protected. The company began by classifying data into four distinct categories and moved on to create a roadmap for implementation and cost evaluation.<\/p>\n\n\n\n<p>Understanding zero trust&#8217;s key capabilities can help in determining optimal use cases. A\u00a02020 report\u00a0on zero trust from Cybersecurity Insiders and Pulse Secure found the top three zero-trust capabilities that organizations found most compelling:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>continuous authentication or authorization;<\/li><li>trust earned through user, device or infrastructure verification; and<\/li><li>data protection.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/security-zero_trust_access_tenets-f.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Zero trust vs. SDP vs. VPNs<\/strong><\/h3>\n\n\n\n<p>Zero trust, software-defined perimeter (SDP) and VPNs are all types of network security that protect corporate resources. Although these\u00a0three approaches might seem to oppose one another, they can work in concert for a more comprehensive security strategy.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>SDP is an overlay network that conceals network resources within a perimeter. SDP controllers authenticate and connect authorized users to corporate network resources or applications through a secure gateway. The technology helps reduce network-based dangers, such as\u00a0denial-of-service\u00a0or\u00a0man-in-the-middle attacks.<\/p><\/blockquote>\n\n\n\n<p>For their part, VPNs encrypt tunnels between corporate networks and authorized end-user devices. Although VPNs are helpful for increased remote access, they don&#8217;t easily handle more modern IoT devices, which also require network access.<\/p>\n\n\n\n<p>Organizations can pair SDP, which can use zero-trust concepts &#8212; such as no implicit trust &#8212; and VPNs to delineate a clear network perimeter and then to create secure zones within the network with microsegmentation.<\/p>\n\n\n\n<p>John Burke, CIO and principal research analyst, wrote that, with its granular management of access,\u00a0SDP is an implementation of zero trust. The difference is that while zero trust calls for a dynamic trust map that responds to behavior, SDP does not consider that foundational.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/networking-sdp_vs_vpn_vs_zero_trust-f.png\" alt=\"\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How to &#8220;buy&#8221; zero trust<\/strong><\/h3>\n\n\n\n<p>Zero trust is not available in a single product; rather, it is built through a collection of technologies. Forrester&#8217;s Zero Trust eXtended Ecosystem lays out the\u00a0categories of tools to consider\u00a0when constructing a zero-trust model.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>workforce security;<\/li><li>device security;<\/li><li>workload security;<\/li><li>network security;<\/li><li>data security;<\/li><li>visibility and analytics; and<\/li><li>automation and orchestration.<\/li><\/ul>\n\n\n\n<p>Companies have a choice of two ZTNA architectures: endpoint-initiated or service-initiated. In an endpoint-initiated scenario, software agents dispatched to endpoints feed information to a software-based broker for authentication and authorization. A service-initiated architecture uses a connector appliance to initiate an outbound connection to the ZTNA provider&#8217;s cloud where identity credentials and context requirements are assessed, eliminating the need for an endpoint software agent.<\/p>\n\n\n\n<p>Learn what\u00a0as-a-service and standalone products\u00a0are available to help build out a ZTNA framework.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/networking-build_a_zero_trust_network-f.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>While some zero-trust vendors attempt to broaden the zero-trust umbrella to include capabilities such as\u00a0data loss prevention, user behavior analytics,\u00a0cloud access security brokers\u00a0and security gateways, experts disagreed. The litmus test for products are whether organizations can say in advance, with these tools, who gets to talk to whom. If not, then experts warned they are not zero trust.<\/p>\n\n\n\n<p>As organizations begin to assemble their zero-trust models, they should ask potential vendors if they have adopted zero trust for their own networks. The answer should be &#8220;yes,&#8221; proving they can offer real-world guidance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Implementing and managing zero trust<\/strong><\/h3>\n\n\n\n<p>The most important aspect of\u00a0implementing and managing zero trust\u00a0is the assignment of duties among security and network teams.<\/p>\n\n\n\n<p>Security teams will lead the development and maintenance of zero-trust architecture, while network teams will oversee the network aspects &#8212; such as configuration and management of networking components, such as firewalls, VPNs and monitoring tools. The security team should be prepared to conduct regular audits to ensure network adherence to the policies and protocols they establish.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Organizations will have to\u00a0identify the workloads that could benefit from zero-trust security\u00a0&#8212; for instance, any workloads that are critical to the business and the level of risk they can tolerate. Without this information, it will be impossible to know the granular level of control needed to protect those resources. Critical, sensitive workloads will require far more scrutiny of the users and devices that can access them compared to other less-important workloads.<\/p><\/blockquote>\n\n\n\n<p>Johna Till Johnson, CEO and founder at Nemertes Research, identified\u00a0three on-ramps from which to start a zero-trust journey: applications and data; the network; or user and device identities. Where an organization starts will determine the technologies they will focus on. For example, entering zero trust at the network level will require attention to automation, deep network segmentation, network encryption and secure routing, among other technologies. Entering at the applications and data level will shift focus to data classification and container security. Biometrics, multifactor authentication and\u00a0identity and access management\u00a0are the centerpieces of the user and device identity on-ramp.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security-choose_zero_trust_onramp-f.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>Eventually, organizations will have to tackle all three of the paths, but it is best to start with one to properly upgrade technology, deploy new technology and launch operational initiatives.<\/p>\n\n\n\n<p>As this guide shows, zero trust might be a simple concept &#8212; no users or devices can be implicitly trusted &#8212; but creating an underlying architecture to support that is far more complicated.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>A zero-trust model is a security framework that fortifies the enterprise by removing implicit trust and enforcing strict user and device authentication throughout the network. BySandra Gittlen and Laura Fitzgibbons This guide goes in-depth into the origins of zero trust, its architecture, the technology and products that comprise a zero-trust model, as well as how to implement and manage zero<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/what-is-zero-trust-ultimate-guide-to-the-network-security-model\/\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[218,17,4,30,3,116,9,224,201],"tags":[],"class_list":["post-6516","post","type-post","status-publish","format-standard","hentry","category-ceo-quick-reads","category-cio-resources","category-datacenter-news","category-expert-advise-and-opinion","category-industry-news-and-expert-advise","category-network-security","category-tech-definitions","category-technical-explanations","category-wireless-network-security"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=6516"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6516\/revisions"}],"predecessor-version":[{"id":6517,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/6516\/revisions\/6517"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=6516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=6516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=6516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}