Zero Trust Model: Principles, Challenges, and a Real Life Example
What is the Zero Trust Model?
The zero trust model is a holistic approach to network security, which requires the verification of each person and device whenever it attempts to access resources on a private network. This remains true, no matter if that device or person is already inside or still outside the network perimeter.
This resolves many issues in the traditional network security model, which relied on the concept of a security perimeter. Access to a network was tightly controlled, but once inside, connections were trusted by default and an attacker could cause significant damage. In today’s distributed environment, with data and applications running on remote cloud services, employees working from home or from personal devices, and the growing use of mobile and IoT, the security perimeter approach is no longer valid and is being replaced by the zero trust model.
The zero trust model comprises a set of principles, and recommends the use of technologies and techniques in line with those principles. There are many technical and operational approaches to implementing zero trust.
What are the Core Principles of the Zero Trust Model?
Here are the main principles driving zero trust implementations at organizations.
Strict Evaluation of Access Controls
The zero trust model assumes that potential attackers may exist inside and outside a network and therefore trusts neither. Any and all users or devices attempting to access network resources must be authenticated, and each access request must be authorized and encrypted.
Variety of Preventative Techniques
To prevent breaches and minimize their damage, a variety of preventive techniques are available.
Multi-factor authentication is the most common method of confirming user identity. It requires the user to provide at least two forms of evidence to confirm credibility. These may include security questions, SMS or email confirmation, and/or logic-based exercises. The more means required for access, the better the network is secured.
Limiting access for authenticated users is another layer used to gain trust. Each user or device only gains access to the minimal amount of resources required, thus minimizing the potential attack surface of the network at any time. All else remains blocked, thereby denying lateral movement for trusted entities.
Micro-segmentation is a network security technique that involves separating networks into zones, each of which requires separate network access. The damage a hacker can do, even once security is breached, remains limited to the microsegment they have managed to penetrate.
Real-Time Monitoring to Identify Malicious Activity
The zero trust model is mainly a preventative one. In addition to preventive measures, real-time monitoring is important, because it can minimize the time between an initial breach and the moment a threat spreads to additional systems on the network. Swift monitoring enables detection, investigation, and remediation, closing the window of opportunity for attackers.
Alignment with the Broader Security Strategy
The zero trust model is insufficient in itself as a comprehensive security strategy. Endpoint monitoring, detection, and incident response capabilities are critical to ensure network safety. Technology solutions, though important, cannot replace a holistic security approach that considers the organization’s broader security needs and compliance obligations.
Learn more about zero trust in our detailed guides:
- Zero Trust Architecture (coming soon)
- Zero Trust Solutions (coming soon)
Example Zero Trust Implementation: The Microsoft Zero Trust Model
Microsoft shared details of its own implementation of a zero trust model. Microsoft’s zero trust implementation focuses on:
Corporate services used across the organization, including Office applications and line of business applications
- Devices running Windows, Mac, iPhone, and Android
- Device management is handled by Microsoft Intune, a cloud-based mobile device management (MDM) service
Microsoft’s zero trust model has four phases:
- Verify identity—Microsoft requires two-factor authentication (2FA) for remote access to its networks. The authentication method evolved from a physical smartcard to phone-based challenges using the Azure Authenticator phone app. In future, Microsoft aims to eliminate passwords and move to full biometric authentication.
- Verify device health—Microsoft enrolls user devices using the Intune MDM service. There is a device-health policy that specifies devices need to be managed and healthy (patched and tested to be free of malware and vulnerabilities) in order to access the company’s large productivity applications—Exchange, SharePoint, and Teams. Microsoft will support unmanaged devices for special use cases by providing virtualized Windows desktops and applications.
- Verify access—Microsoft has minimized access to corporate resources and requires both identity and device-health verification. Access to primary services and applications will transition from direct access to corporate network, to Internet plus VPN, to Internet-only—reducing the number of users who need access to the corporate network.
- Verify services—finally, Microsoft plans to add service health verification, ensuring that a service is healthy before beginning interaction with users. This is currently in proof-of-concept.
What are the Challenges of the Zero Trust Strategy?
Here are a few challenges you are likely to face as you implement a zero trust model in your organization, and how to overcome them.
Fluidity of Users and Roles
Recent events have changed the way we learn, live, and work. To a greater degree than ever before, the workplace as a physical location housing the majority of a company’s employees is under threat. More and more people access data remotely, using home IPs, routers, public WiFi, and VPN services.
Customers, too, access an organization’s information resources. An online shopper must access inventory, delivery services, demos, and the company website. Suppliers must be able to access operations, safety and payments.
The user base that must access company resources is wide and varied, and the number of access points is ever-growing. Each group of individuals requires a specific set of policies, which can be time-consuming to define and maintain. Considering the high pace of employee and customer turnover, security teams can quickly become overloaded.
Proliferation of Devices
Beyond the human factor lies the hardware. There is a huge variety of mobile devices and personal computers through which employees, customers, and suppliers communicate with a company’s systems. Bring your own device (BYOD) policies, IoT equipment, and the “always-on” mentality, leads to a proliferation of properties, requirements, and communication protocols that must be tracked and secured on an ongoing basis.
Related content: Learn more in our detailed guide to BYOD security
Exponential Growth of Applications
The number of devices is dwarfed by the number and variety of applications they run, some of which are sanctioned and required by the organization, and some of which may be unsafe or malicious. In today’s IT environment, many applications and services are cloud-based.
While the huge growth in applications and services boosts productivity, it poses yet another challenge for IT security teams, who must decide what to let in and what to lock out.
Applications may be shared with other agencies, vendors or third-party services. Communications platforms may be outward-facing and not limited to employees. Which departments use what applications? There is a need for clear policies that do not hinder productivity on one hand, but enable strict, consistent security controls.
Distributed Data and Services
Cloud-based environments are globally distributed and accessible from anywhere, which is both an upside and a downside. Companies are storing more sensitive resources, data, and applications in the cloud, and the old security model, in which company-controlled endpoints and corporate networks can be tightly secured, no longer holds.
With the gradual shift to edge computing, IT teams will also have to readapt from top-down centralized security infrastructures to decentralized trust models. Edge-based systems represent a major risk to the zero trust model, and must be treated as individual networks, with their own zero trust controls and policies.
Zero Trust for Virtualized Desktops with Hysolate
Hysolate splits a user’s device into two segregated zones, each running in its own OS, leveraging the latest hypervisor and virtualization-based security technologies. One OS is the user’s unmanaged/untrusted/personal OS and another is a trusted corporate OS running in a VM.
The corporate VM runs a fully locked-down operating system that can contain an inaccessible client certificate that vouches for the integrity of the VM. The ZTA broker would only allow that corporate VM running on Hysolate to have access to sensitive enterprise applications. The end-user would be unable to access these applications from any other untrusted environment/device.
With Hysolate, IT can isolate the corporate sensitive VM from the user’s “riskier productivity zone” OS, including detailed controls over clipboard, USB, network, applications and more. With this Zero Trust architecture in place, enterprises can really move to a secure-by-design architecture.