Zero trust is a cybersecurity framework in which organizations prevent data breaches by eliminating the concept of “trust” from the organization’s network. Former Forrester vice president and principal analyst John Kindervag created the idea of Zero Trust in 2009 to oppose the outdated assumption that everything inside an organization’s network should be trusted.
Zero Trust is distilled down to the phrase & "never trust, always verify." The idea is that organizations must not trust anything inside or outside their perimeters. Instead, the organization must verify everything trying to connect to any infrastructure before allowing access.
The most common example of how the Zero Trust model works is data access. By ensuring the user, device, location, and application are authorized to access data, organizations often prevent unauthorized access and data breaches while users continue their day-to-day work.
In 2018 the National Institute of Standards and Technology (NIST) and National Cyber Security Center of Excellence (NCCoE) create a NIST special publication (SP) 800-28, Zero Trust Architecture. Forrester expanded on the initial concept of Zero Trust to the current Zero Trust eXtended Architecture (also known as ZTX) in 2018 and published their first Forrester Wave: Zero Trust eXtended report. Zero Trust architecture includes multiple components which all have a responsibility to securing data and preventing data breaches. The Zero Trust eXtended (ZTX) architecture components include:
1. People – employees, office guests, partners, customers, malicious actors
2. Workloads – applications, data movement and processing
3. Networks – the digitals paths data moves on throughout the lifecycle
4. Devices – mobile, desktop, tablet, or any device that connects to the internet
5. Data – the actual content that Zero Trust is focused on securing
Tips for deploying Zero Trust in your organization:
1. Your SCIM (system for cross-domain identity management) needs to speak as many languages as possible. Ensure the SCIM has integrations with the applications and
devices your organization uses today.
2. Your MDM (mobile device management) needs to interoperate with all your devices and operating systems.
3. Zero Trust Data Security / Zero Trust DLP must be agnostic to devices, applications, operating systems, file sizes, and file types.
4. EDR (endpoint detection and response) must support visibility, detection, response, and forensic functions.
Zero Trust Data Security is simply applying the concept of Zero Trust to data access. Each of the ZTX framework components plays a role in securing data.
Zero Trust data security must be persistent, portable, and be applied to any data type. Data needs to be secured not only at rest and in transit, but also while in use. Data protection must continue as data moves to and from devices, clouds, data centers, and portable storage. Security must apply to any type of data using any application.
Another key to any security solution is that users and business workflow must not change. Any solution that requires users or workflows to change will find deployment and implementation challenges.
The most fundamental element of Zero Trust requires that data (or other framework components) be secure by default. Traditional data security solutions such as Data Loss Prevention (DLP) do not take this approach and could never be classified as Zero Trust. In the DLP case, there is no or minimal security for data on an endpoint. DLP instead tries to block all the ways data can leave the endpoint. But in today's world of SaaS, mobile, and WFH, blocking every path data can flow is impossible. There are additional reasons DLP has failed to secure data.
Here are four core principles of Zero Trust to implement when deploying a Zero Trust data security solution.
1. Use Microsegmentation
It is challenging to implement Zero Trust without granular controls. Instead of a carte blanch "allow or deny" permission, permission should be extremely granular. Identity providers can authenticate on more than username, name, and password. They can also use device, device posture, location, time, and others as additional authentication factors.
Data security should have similar granular controls. Besides basic authorization for users and devices, your security team should use controls over endpoint applications, networks, SaaS or cloud applications, and data usages such as copy and paste. Make sure they don't allow unauthorized or unknown processes to access data. New or unauthorized applications that access data can cause ransomware attacks. Whether it's in the cloud or the corporate data center, you
should also secure data from centralized sources.
2. Enforce Security and Access Policies Everywhere
Data security has previously mainly focused on data access. But once data is accessed, the user typically has broad rights to use and transfer the data without additional security controls.
Some solutions claim to be data-centric. That often turns out to be a file-centric approach. With Zero Trust, the goal is to be as granular as possible.
Security needs to be persistent. You should secure your data at all times: at rest, in transit, and in use. Security needs to apply to any file type and any application. Identify solutions that are not Zero Trust, such as any tools that publish a list of supported applications. A supported application list implies that there are unsupported applications whose data the tool will not secure.
A widespread use case for Zero Trust security today is downloading sensitive data from a SaaS or cloud service. Ensure you're securing data exported from SaaS services and that it remains secure throughout its entire life cycle.
The most granular data security approaches apply security to the data itself, not the file. As users create new content, compare that content to previously secured content. If the content is similar, automatically secure the new content with the same permissions as the previously secured data. Ensure to monitor small data segments as they move from file to file and apply for permission accordingly.
3. Provide Identity Beyond Identity and Access Management (IAM)
Authorization based on basic credentials such as username and password is not enough. Enable access policies for applications, networks, and system tools such as clipboards.
IT can allow only authorized applications to access secured data by enforcing application policies — no more Word-to-PDF converters downloaded from unknown sources. Enforce application-level network rules, such as allowing file transfer protocol (FTP) applications to send data to corporate IP addresses. Enforce clipboard policies to block or allow secured data to move between secured and unsecured applications.
4. Introduce Visibility and Automation
Visibility and automation are two of the cross-functional principles of zero trust. Granular logging and reporting should enable orchestration tools to look for anomalies and suspicious behavior. Log all data access attempts, regardless of whether you allow or deny the action. Your log should include user, application, device, location, time, and other metadata. Proper logging will allow orchestration tools to detect potential malware and suspicious user behavior while also creating audit and compliance reports.
By following these zero trust principles when deploying data security solutions, enterprises can finally eliminate data breaches.
IBM reports the global average cost of a data breach is USD 3.86 million, and the country with the highest average cost of a data breach is the United States with a USD 8.64 million cost per breach.
Security professionals see Zero Trust as the ultimate solution for data security and breach prevention. ResearchAndMarkets.com projects the global Zero Trust Security market to grow to USD 51.6 billion by 2026.
The White House recently named Zero Trust as part of the solution to improve the Nation's Cybersecurity. Zero Trust is no longer an upcoming solution for technology roadmaps. Zero Trust is mainstream, and one study finds that 60% of organizations in North America and 40% globally are currently working on Zero Trust projects.
Endpoint security is the practice of securing data on any device outside the data center or cloud. Data must be secured from malicious and accidental threats regardless of the device's network location or internet connectivity. Endpoint security brokers if data leaves the devices in an
encrypted or decrypted fashion.
Endpoint security is essential to businesses that need to secure any data. Organizations face more and more compliance regulations to ensure financial, healthcare, and personal information through regulations like GDPR, HIPAA, CCPA, and SOX. Organizations also need to protect internal information such as intellectual property. A growing data threat is ransomware attacks which need to be defended by Endpoint security that protects against zero-day threats.
Portions of this article were originally published on forbes.com