Get to Know the Zero Trust Security Model
Learning Objectives
After completing this unit, you’ll be able to:
- Explain the history of the Zero Trust (ZT) security model.
- Define the ZT security model.
- Describe how the ZT security model differs from the perimeter-based security model.
Before You Start
If you completed the Get Started with Cloud Security Engineering trail, then you already know about how cloud intersects with security in your organization. And you know that as a cloud security engineer, you design, build, and protect secure cloud solutions. Now let’s talk about how to implement the Zero Trust (ZT) security model in the cloud to verify that everyone and every device granted access to your cloud environment is who and what they say they are.
Many of the principles and applications of ZT in this module apply to both the cloud and on-premise data centers. However, we dive deeper in this module and the next into specific considerations for implementing ZT in the cloud.
Perimeter Protection Versus Zero Trust
ZT is the modern approach to information technology (IT) and operational technology (OT) security. And its goal is the strengthening of security beyond the conventional perimeter-based security model your organization may have used over the last few decades. Previously, in most organizations’ IT and OT environments, trust was extended based on a network location.
Users accessed resources from an organization-owned computer, within the enterprise’s corporate network, using a credential issued by their company. Presence on the organization’s corporate network implied a user had met the vetting and credentialing requirements to gain access to the organization’s IT or OT resources.
Historically, security models depended on a castle and moat type of architecture. The enterprise network and data center are on the inside. While firewalls, virtual private networks (VPNs), intrusion prevention systems (IPSs), and routers guarded the perimeter and restricted access to only authorized users. The traditional perimeter security model presumed that bad actors would never gain authorized access and existed only on the untrusted side of the network, outside the network boundary. And trustworthy users were always on the trusted side, inside the network boundary.
This focus on perimeter protection creates an implicit trust inside an organization’s network boundary. Users–including threat actors and malicious insiders who have gained administrative access–are free to move laterally and access or exfiltrate sensitive data without needing to worry about granular security controls.
This implicit trust also allows bad actors to reside within a network environment. They can lay the foundation for gaining additional access privileges undetected. An example of this is an advanced persistent threat (APT) campaign. An intruder or team of intruders establishes a long-term presence on a network to mine sensitive data and potentially escalate their access to obtain even more sensitive data.
In modern times, trust based on physical and network location has become less effective. ZT is a response to enterprise network trends that include remote access, bring your own device (BYOD), and cloud-based technologies that aren’t always within an organization’s direct span of control. With the ZT model, an organization assumes no implicit trust, continually analyzes and evaluates the risks to its assets and business functions, and enacts fine-grained protections throughout to implement in-depth defenses.
The History of Zero Trust
ZT began with security leaders questioning the idea of a trusted network. In 2010, Forrester Research Inc. (Forrester) analyst John Kindervag coined the term Zero Trust. His research emphasizes that all network traffic is untrusted and any request to access any resource needs to be done securely. Then in 2014, Google published its BeyondCorp model as part of a research project motivated by Google’s own initiative to implement ZT for its employees.
In 2018, Forrester analyst Dr. Chase Cunningham and his team published the ZT eXtended (ZTX) Ecosystem report. The report extends the original model beyond its network focus to encompass today’s ever-expanding attack surface. Read more about these events in the resources listed at the end of this unit.
With each of these developments, ZT evolved over the years to an identity-centric least privilege access approach with overlapping identity, device, data, application, and network security components. Let’s dig into this more.
The Zero Trust Security Model
As a cybersecurity or IT professional, you work with increasingly distributed and complex networks and systems which need to be defended from advanced cyber threats. By adopting the ZT security model and the mindset necessary to deploy and operate systems engineered according to ZT principles, you can better position your organization to secure sensitive data, systems, and services.
With ZT, networks are no longer limited to a typical internal and external perimeter, as they may be local, in the cloud, or hybrid. All users, devices, and applications, regardless of whether they’re internal or external to an organization, require authentication, authorization, and continuous validation before gaining access to systems and data.
The identity-centric approach makes the verification of authorized entities mandatory, not optional. As a result, when you implement ZT security, you can better secure access to devices, applications, files, networks, and other resources.
Principles of Zero Trust Security
While different sources describe ZT distinctly, there are three basic principles that form the foundation of the ZT security model.
- Continuously verify: Implement least privilege access to all resources with continuous fine-grained authentication and authorization. Whereas traditional perimeter-based security focused on protecting access to a network boundary, ZT extends protection and secures access to all resources (assets, services, workflows, network accounts, and so on).
- Limit impact: Minimize impact if an external or insider breach occurs. By defining and limiting which parties have access to each application, data, machine, or a network segment in a secure organization, you significantly reduce the number of opportunities for an attacker to gain access to secure content.
- Automate context collection and response: Incorporate behavioral data and gather context from the entire IT or OT stack (identity, device, workload, and so on) to enable adaptive access policies and incident response. You build more concrete access parameters by analyzing the behavior of each entity. This behavior may include a user or device connecting from certain locations regularly, or consistently accessing the same type of data for work purposes.
In computing, a workload, typically, is any program or application that runs on any computer. A workload can be a simple alarm clock or contact application running on a smartphone, or a complex enterprise application hosted on one or more servers with thousands of client (user) systems connected and interacting with the application servers across a vast network. Today, the terms workload, application, software and program are used interchangeably.
By adopting the ZT security model, you provide policy-based enforcement and protection for all users, devices, applications, and data, no matter where they’re connecting from. Now that you understand ZT's basic principles, let's examine the frameworks you can use to implement ZT.
Zero Trust Frameworks
These are widely used ZT frameworks you can use as guidelines in implementing ZT at your organization.
|
Framework
|
Description
|
|---|---|
|
Helps organizations apply the ZT framework by providing a clear, concise, shareable definition of Zero Trust |
|
|
Gartner CARTA (registration required) |
Provides seven imperatives that security leaders can use to embrace the opportunities and manage the risks of using the ZT approach |
|
Builds upon Google’s experience in shifting access control from the network perimeter to individual users to enable secure remote work without the need for a traditional VPN |
|
|
Defines a framework for Identity Defined Security that provides practitioners with a set of fundamental building blocks that help achieve ZT security outcomes |
|
|
National Institute of Standards and Technology (NIST) Zero Trust Architecture |
Provides use cases where ZT can improve an enterprise’s overall IT security posture |
ZT is not necessarily a set of new technologies, but a different way of looking at security and what the boundaries are for trust. It involves a new approach that denies access to applications and data by default. And it relies on least privilege access and comprehensive security monitoring to maximize defense against security threats.
This means you probably have a bunch of technology in your organization's environment today that you can use to move to the ZT security model. So you don't have to replace everything, buy new technology, and start over. You learn more about these underlying technologies in the next unit.
Knowledge Check
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching security model on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.
Great work!
Resources
- Trailhead: Get Started with Cloud Security Engineering
- External Site: Forrester: The Definition of Modern Zero Trust
- External Site: Gartner: Seven Imperatives to Adopt a CARTA Strategic Approach (registration required)
- External Site: Google Cloud: BeyondCorp
- External Site: IDSA: Identity Defined Security Framework
- PDF: NIST SP 800-207 ZTA
