As remote work becomes more common, ensuring data security is becoming increasingly challenging and critical. The construct of the statement “Nothing is safe from attack and a breach is imminent” highlights the need for robust security measures to protect sensitive information, leading to a paradigm shift in the way organizations approach CyberSecurity. The Zero Trust model, which operates on the principle of "never trust, always verify," is gaining traction as a viable solution to the evolving threat landscape. >
This article will explore the Zero Trust model, its benefits, and how it can be implemented to enhance a mature CyberSecurity posture. We'll start with a Zero Trust Model Overview, followed by a brief discussion of the Zero Trust Components and Principles. We'll also highlight the Zero Trust Pillars, the Zero Trust PDP/PEP, the Zero Trust Tenets, followed by a discussion of the Zero Trust Journey and how the National Institute of Standards & Technology (NIST) developed and enhanced the framework, and the integration and adaptation of Zero Trust, the value of cryptography in cybersecurity and how it supports a Zero Trust Network Architecture (ZTNA), followed by a Phased Deployment Review of Zero Trust, concluding with the User Experience in a Zero Trust Architecture Environment.
The traditional perimeter-based security model, which assumes that everything within an organization’s network can be trusted and should therefore have access to all resources, is no longer sufficient in today’s CyberSecurity landscape. Five challenges stand out as having the most impact:
Addressing and mitigating cybersecurity challenges require continuous innovation, investment, and collaboration within the industry. CISOs who implement Zero Trust know that it is not a one-size-fits-all solution. Many start with identity, which is crucial for verifying access requests. However, it doesn’t stop there. In fact, Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity, and Management at Microsoft, stated that “Because Zero Trust Architecture (ZTA) is designed to prevent an attacker’s ability to move laterally, a Zero Trust strategy is extremely helpful in prioritizing and addressing prevention-focused investments.” He continues, "By implementing a Zero Trust strategy, organizations can more safely embrace a hybrid workplace and protect people, devices, mobile applications, and data wherever they are located."1
The adoption of a Zero Trust architecture (ZTA) is becoming increasingly imperative in managing the intricacies of today's organizations, a trend that has not gone unnoticed by CISOs and their security teams. According to Microsoft's Zero Trust Adoption Report, a staggering 96% of security professionals recognize the pivotal role of Zero Trust in their organization's success. Notably, 81% are already underway in implementing this approach, spurred by the evolution towards a hybrid work environment. These findings resonate with the insights from Foundry's Security Priorities study, revealing that 46% of organizations have either implemented or are testing Zero Trust solutions, while an additional 38% are actively exploring this innovative security paradigm. “There’s been a fundamental shift over the last two years (since 2021) about the reality of adopting Zero Trust,” says Bob Bragdon, SVP and Worldwide Managing Director of CSO. “Before that, it was considered too much of a lift for most organizations. That’s completely turned around now. Bigger organizations, in particular, are all-in on it.”
A ZTA is an enterprise CyberSecurity design based on a set of strategic Zero Trust principles, developed to prevent data breaches and reduce or completely eliminate internal lateral movement in case of a breach. It is a security strategy that mandates strict identity verification for every person and device attempting to access resources on a private network. Zero Trust is not based on a single, wide area network architecture, but a set of micro-segmented architectures guided by a strict set of principles for work flow, system design, and operations, all aimed at enhancing the security posture of asset classification levels. Transitioning to ZTA can be achieved through a wholesale transition or complete replacement of legacy technology.
Overall, there are seven areas that require attention: Identity, Devices, Data, Applications, Networks, Infrastructures, and cryptography. The following is a brief overview of each of these areas:
When it is time to venture into the Zero Trust journey, it is essential to understand that it is not a one-size-fits-all solution. It is a strategic approach to security that emphasizes safeguarding critical aspects of information. If you ignore any areas of Cybersecurity, you are leaving your organization vulnerable to attack. Most of all, do not ignore the significant value that Cryptography brings to the table. If your data is fully encrypted, it is useless to an attacker. If your data is not encrypted, it is vulnerable to unauthorized users and can harm your customers and your organization's bottom line.
The following is a brief overview of Cryptography and its value to Zero Trust:
The Data Encryption Standard (DES) represents a pivotal milestone in cryptography, introduced in 1977 under Federal Information Processing Standard 46. Operating as a symmetric-key encryption system, DES employed a 64-bit block size and a 56-bit key length. Initially designed for non-military applications, its adoption was swift.
As technology progressed, DES's security waned, becoming susceptible to decryption in less than a day by 1999. To counter this, FIPS 46-3 introduced Triple DES, applying the original DES algorithm three times as a temporary solution until the advent of a more robust symmetric-key algorithm — the Advanced Encryption Standard (AES), developed by the National Institute of Standards and Technology (NIST).
Notably, suspicions arose about the National Security Agency (NSA) potentially weakening DES deliberately. However, revelations in the '90s disclosed that the NSA had actually enhanced DES, contributing positively to security.
AES, published as FIPS 197 in 2001, marked a significant leap. With increased complexity and key lengths of 128, 192, or 256 bits, AES found widespread use in symmetric encryption, securing applications like web connections, messaging platforms, and full disk encryption.
Expected to remain secure, even against potential quantum threats, AES stands resilient. Simultaneously, the public-key cryptography revolution advanced cryptographic capabilities. Developments such as the Diffie-Hellman key exchange, RSA, and elliptic-curve cryptography (ECC) addressed key distribution challenges, provided integrity and authenticity through digital signatures, and facilitated key revocation and scalability in large groups.
RSA, specifically, played a crucial role in solving the key distribution problem. Its asymmetric encryption approach allowed secure communication channel establishment without a pre-existing secure channel. Combining RSA with cryptographic hashing enabled the creation of digital signatures, verifying message authenticity and integrity, safeguarding against tampering.
In the realm of secure communication, RSA tokens play a significant role. These tokens generate temporary, one-time codes that users must enter along with their regular passwords. This two-factor authentication enhances security by adding an additional layer of verification beyond the standard password. The RSA algorithm ensures the secure generation and validation of these tokens, contributing to robust communication security practices. Despite these advancements, the looming threat of quantum cryptography has prompted NIST to standardize quantum-safe algorithms, preparing for potential challenges posed by quantum computing in the future.
Cryptography plays a pivotal role in implementing and enhancing the principles of zero trust in cybersecurity. Zero trust is a security framework that operates on the assumption that threats can emerge from both external and internal sources. It mandates a "never trust, always verify" approach, emphasizing continuous verification of user identity, devices, and applications, irrespective of their location within or outside the network perimeter.
Here's how cryptography adds value to the zero trust model:
Value: Cryptographic techniques such as encryption provide a fundamental layer of protection for sensitive data. Encrypting data at rest, in transit, and during processing ensures that even if unauthorized access occurs, the data remains unintelligible without the proper cryptographic keys.
Implementation in Zero Trust: In a zero trust environment, all data, regardless of its location or the perceived level of trust, should be encrypted. This ensures that even if an attacker gains access to a network segment, they cannot make sense of the encrypted data without the appropriate decryption keys.
Secure Communication Channels:
Value: Cryptographic protocols establish secure communication channels between different components in a network, preventing eavesdropping and man-in-the-middle attacks.
Implementation in Zero Trust: In a zero trust architecture, where trust is never assumed, secure communication channels become imperative. Cryptographic protocols like TLS (Transport Layer Security) are used to encrypt and secure communications between devices, applications, and users.
Authentication and Digital Signatures:
Value: Cryptographic mechanisms such as digital signatures and authentication protocols ensure the integrity and authenticity of users and devices.
Implementation in Zero Trust: Zero trust mandates continuous authentication and verification. Cryptographic techniques like digital signatures and multi-factor authentication help confirm the identity of users and devices, making it challenging for attackers to impersonate trusted entities.
Value: Tokenization involves replacing sensitive data with unique tokens, reducing the risk associated with data exposure.
Implementation in Zero Trust: In a zero trust model, even within trusted zones, tokenization can be employed to limit the exposure of sensitive information. This ensures that even if a user or device is compromised, the risk of exposing critical data is minimized.
Value: Effectively managing cryptographic keys is essential for maintaining the confidentiality and integrity of encrypted data.
Implementation in Zero Trust: In a zero trust environment, proper key management becomes even more critical. Cryptographic keys must be protected, regularly rotated, and access to them should be closely monitored to prevent unauthorized access.
In summary, cryptography acts as a foundational element in the implementation of zero trust principles, providing essential tools to secure data, authenticate users and devices, and establish trustworthy communication channels within an inherently untrusted environment.
How do we initiate a Zero Trust Strategy?
Zero Trust is a CyberSecurity approach designed to augment or replace the traditional perimeter-based security model. Organizations should aim to gradually integrate zero trust principles, procedural adjustments, and technological solutions tailored to safeguard their data assets and business operations on a case-by-case basis. Most enterprise infrastructures will function in a hybrid mode, incorporating both Zero Trust and perimeter-based security, while simultaneously investing in IT modernization endeavors and refining organizational work flows. For Zero Trust to be effective, organizations must implement comprehensive information security and resilience practices. When harmonized with existing CyberSecurity policies and guidance, identity and access management, continuous monitoring, and industry best practices, a Zero Trust Architecture (ZTA) can establish a mature and resilient CyberSecurity posture.
Zero Trust operates under the assumption that threats are omnipresent, and an attack is not just possible but likely, prompting the need for a thorough evaluation of any user/subject or system through a proper PDP/PEP protocol, regardless of their location. Integrating Zero Trust should be a foundational aspect of roles development to secure the evolving "new way to work" paradigm. However, it's important to note that a one-size-fits-all Zero Trust Model is not a universal solution for all CyberSecurity challenges. It represents a journey that demands a well-defined and documented strategy, a proficient and skilled team, and a seamlessly integrated, federated IAM process aligned with the organization's goals and objectives, guided by the following principles.
These principles pertain to tasks scheduled and conducted within an organization or in collaboration with one or more partner organizations (supply chain), and do not encompass anonymous public or consumer-facing business processes. It is neither feasible nor appropriate for an organization to impose internal policies on external actors (e.g., customers or general Internet users). However, the organization may have the capacity to implement its Zero Trust-based policies on non-enterprise users, or any users or devices on its network, irrespective of their specific relationship with the organization (e.g., registered customers, employee dependents, malicious actors, hackers, etc.).
In this abstract Zero Trust strategy model of access depicted below, a subject requires access to an enterprise resource. Access is granted once the proper authentication phase through a policy decision point (PDP) and corresponding policy enforcement point (PEP) has been achieved.
The system must verify that the subject is genuine, appropriately authorized, and the request is legitimate. The PDP/PEP is responsible for making sound judgments regarding authentication and authorization, granting continuous access to a resource throughout the session life cycle. Positioned at every layer of protection within the enterprise architecture perimeter, the PDP/PEP holds paramount importance in the Zero Trust model. It serves as the central decision-making point for all access requests and should operate based on a clearly defined and documented policy that is in line with the organization's goals and objectives.
The Zero Trust journey, aligned with the prioritization of the CIAAN principles (Confidentiality, Integrity, Availability, Authenticity, and Non-Repudiation), is a strategic approach to security that emphasizes safeguarding critical aspects of information. The Zero Trust journey should prioritize:
The 7 pillars of Zero Trust (graphic posted above) serve as foundational principles for implementing a robust security framework. The actual description of their intended purposes are listed below:
These seven pillars collectively sustain the core principles of a Zero Trust security model. By adhering to these principles, organizations can establish a holistic and adaptive security posture that minimizes risk and fortifies their defenses against modern cyber threats.
Ultimately, the overall goal of the Zero Trust Pillars is to adopt an agile process that maintains a dynamic, self-healing Network Architecture, based on the following principles:
A robust and well-defined taxonomy is critical for effective risk assessment. Without a clear taxonomy, risk assessment approaches are hindered in their ability to measure and estimate risk factor variables. This limitation in measurement and estimation capabilities can lead to inconsistent and costly Risk Management decisions. The interconnectedness of these elements is referred to as the Risk Management Stack, which can be visually represented.
The Risk Management Stack comprises five integral components that should be implemented in harmony, commencing with STEP 01 and culminating in an Effective Management strategy. Let's delineate each of these components:
In essence, the components of the Risk Management Stack collaborate to institute a systematic and comprehensive approach to managing and mitigating risks. This empowers businesses to make well-informed decisions grounded in accurate risk models, meaningful measurements, effective comparisons, and proficient Risk Management strategies.
The integration of Zero Trust principles into all phases of information technology development and deployment is crucial. While it's essential to maintain a balanced, cost-effective approach that aligns with organizational goals, safeguarding assets like data and personnel is paramount for business continuity.
Implementing a Zero Trust CyberSecurity strategy is an ongoing endeavor that necessitates regular updates and adjustments to address evolving threats and technologies. Staying abreast of emerging threats and CyberSecurity best practices is imperative for safeguarding organizational assets. When combined with existing CyberSecurity policies and guidance, robust identity and access management, continuous monitoring, and industry-leading practices, a Zero Trust Architecture provides substantial protection against common threats and enhances an organization's security posture through a managed risk approach, well-informed expertise, and seamless resource integration.
A Zero Trust approach primarily emphasizes the protection of data and services but should encompass all enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and subjects (end users, applications, and other non-human entities seeking information from resources).
To be more specific, we view Zero Trust as a User Experience Initiative that enhances user safety as well as their IT CyberSecurity journey. Zero Trust redefines how users interact with Information Systems, placing security as the guiding principle without compromising usability. It is a user-centric approach that emphasizes continuous authentication and authorization, ensuring that users are who they claim to be and have the appropriate level of access to resources. It also involves implementing user-friendly authentication methods, such as biometrics, single sign-on, and adaptive authentication, to minimize any disruptions to the user experience.Here's how we envision Zero Trust will impact our user experience:
A Zero Trust strategy commences with people, transforming how they access data and employing advanced tools to implement necessary risk mitigations. Cost is a pivotal consideration that can significantly influence an organization's ability to embark on a Zero Trust strategy. Establishing governance and processes, adapting to evolving workspaces, and reevaluating how tools are procured are all substantial decisions in mitigating CyberSecurity risks. It represents a fundamental cultural shift that should originate from leadership, leveraging technology and corporate security as catalysts for a more proactive, threat-informed organization rather than a reactive one. By aligning Zero Trust with a user-centric approach, we are not only enhancing security but also fostering a culture of security awareness and user trust within our organization.
Johnny Sandaire PhD, CISSP, CC, OpenFAIR, MCAD