Zero trust architecture, the security model of businesses systems

Zero trust architecture is quickly becoming the security model of choice for businesses that are looking to further secure their systems.  Now, if you haven’t heard of this term, this just means that the business has removed all trust from the network or have configured the default environment to be treated as a public network, or in other words a hostile environment. This can be especially helpful with the introduction of IoT and BYOD devices.

This means that whilst you are working, whether it’s in the office or at home, or even in a coffee shop any connections to your business systems and resources are designed to be untrusted by default.

But why does this make sense? I hear you ask. The simple reason is that as more and more businesses are moving to the cloud subscription model and working from home is becoming ever more common, the networks that we access are becoming more and more untrusted. Therefore, a shift to not trusting networks by default starts to make sense.

Now if we take a traditional network, you will know that there are firewalls and a trusted local area network (LAN) that you connect to when you plug in your computer. Once connected to the network you are asked to log in or authenticate against the network and then you are basically given the keys to the kingdom, trust is granted by default.   With Zero trust networks and design, when you plug in your computer to the network, or connect to a network via a Virtual Private Network (VPN), you are asked to authenticate against all actions.

Where you once were able to see and access everything on the network without being asked to authenticate and login to systems are shares, now turn into proving you are a trusted device.  Now a lot of this additional layer of authentication may go unseen by the end user, so its not as if you are being asked to log into systems every 5 minutes, which would drive people and IT departments mad.

Authentication and trust of the users can be managed through many services which are common these days, such as Mobile Device Management (MDM), identity management, device health monitoring and management as well as the main authorisation of services.

How to remove trust from the network

Now that we know a bit about what Zero Trust is, we need to know how to remove the inherent trust from the network and build confidence from your user base. Obviously its easier to do on new systems or systems which haven’t been built yet. But for systems that are well established, you should take your time, plan, and talk with members of the business about what you want to achieve and look at implementing small steps until you achieve the outcome of zero trust security. When reconfiguring systems for Zero trust you should take the time to make it as painless as possible for everyone concerned.

The last thing you want to do is start ripping out technology that people use to connect to your systems to find out that you’ve just restricted access to the majority of users. When building out and reconfiguring start slowly, concentrate on smaller areas, test, verify and then move on to the next bit. Don’t try and reconfigure your entire environment for zero-trust in one big bang!

When you look to start removing the layer of trust, you should look at what you have in place and where you need to get to.  For instance, do you have controls and policies in place to allow you to manage and monitor device health, what about controlling devices which don’t have up to date patches or anti-virus definitions?

You need to be in a place where you can ensure and have trust in all connections which are established, this means that any connection which is attempted needs to be authenticated against a set of rules and policies. This may involve additional expenditure in software and hardware.  However, when implemented these rules and policies will help to generate confidence and reassurance to everyone within the business, regardless of where and what they are connecting from.

When you are looking at your rules and policies you need to ensure that you define these ideally as roles and services, this will allow you to filter out and group authentication based upon services, data and users. It may be more work up front, however the management and maintainability will be worth it in the long run.

The principles

When you are designing or using your zero-trust security model, you should be working against these following principles which are:

  1. Know your architecture, including your users, devices, services and data
  2. Know your users, services and device identities
  3. Know the health of your users, devices and services
  4. Use policies to authorise requests
  5. Authenticate and authorise everywhere
  6. Focus your monitoring on devices and services
  7. Don’t trust any network, including your own
  8. Choose services designed for zero trust

As you can tell with the above 8 principles, there are key areas that are key to ensuring that your system is designed correctly and keeps your data and users safe.  This is ensuring that you know who or what is connecting to your network. You know that the person or device which is connecting to your network is what they say they are and that they are healthy and safe enough to connect to your environment.

More information on Zero Trust

If you are looking for more information on how to build zero trust networks, the UK’s NCSC has released some guidelines in the designing of Zero trust architectures as well as the principles that go along with them. You can find the information here by the NCSC here.

Microsoft also have a section on their website about enabling remote users by embracing zero trust security within the network, this can be found here.