Introduction
Zero Trust Infrastructure, also know as Zero Trust Network is a security concept and threat model that advocates for the verification of all internal and external connections to a network or system. It assumes that systems, services, and actors linked with a certain network cannot be automatically trusted. An service that operates within the security perimeter has potential for breach, and therefore, should be verified in order to be granted access. This concept was developed in 2010 by John Kindervag, an analyst at Forrester Research Inc. However, it is not as widely applied as it should be, considering the current increase in cyber attacks. Moreover, the cost of breaches to businesses is very high. In that regard, a Zero Trust model would mitigate the aforementioned challenges. It is based on four main principles, namely threats come from both internal and external sources, micro-segmentation, “never trust, always verify”, and least privileged access. Zero Trust is not a type of continuous authentication. However, numerous concepts of the security mode are incorporated into its structure.
Four Core Principles
One of the core principles of Zero Trust Infrastructure is the idea that threats originate from both internal and external sources. Traditionally, security models have always focused on the perimeter of an organization, with the aim of barring entry to external users and services (Dotson, 2019). This approach assumes that people inside the organization are safe and could not launch attacks. In that regard, the organization places less effort on verification protocols and issue detection within the system’s firewall. This style increases the risk of internal breaches. Micro-segmentation involves the segmentation of internal areas of the organization from open access (Gilman & Barth, 2017). For example, the sales division could have access only to the information they need and denied access to other company data such as HR and accounting. Least privileged access refers to the act of limiting users within a department to the information that they need to complete their tasks (Dotson, 2019). The type of access to the system is determined by a user’s roe in the organization. This lowers the risk of breach, and the amount of damage that could be done in case a hacker impersonates a user within the organization (Gilman & Barth, 2017). Finally, never trust, always verify is a principle that promotes the Zero Trust approach. It is important for the identity and access level of every user to be verified (Dotson, 2019). This style tightens the security of the system and increases the chance of stopping a security breach before sensitive information is accessed.
Tools for Zero Trust Infrastructure
Single Sign-On (SSO) is a security protocol that allows users to sign in into the system once using their credentials. They use a single password to access any area of the system that they are allowed to. This tool is effective because it eradicates the use of passwords and increases usability. Multi-factors Authentication (MFA) refers to the use of several security protocols/verification factors while logging in to a system (Dotson, 2019). It is an important identity and access management (IAM) tool that increases security. For example, in addition to entering a username and a password, an employee could be required to input a secret PIN number, a thumbprint, or authenticate from a mobile application (Dotson, 2019). Voice recognition is also commonly used as an additional verification factor. Usernames and passwords do not offer sufficient security and they are vulnerable to attacks. Therefore, combining SSO and MFA offers better security and minimizes the risk of breach (Dotson, 2019). Fast provisioning systems are required in the Zero Trust Network because least privileged access involves regular exceptions. Therefore, the system of provisioning should be fast. Device protection is important, and should begin with the point of entry. The device that is used to log in should be well protected because it could be used as the point of attack (Gilman & Barth, 2017). These devices should be monitored and straight security protocols should be implemented in order to protect them and avoid attacks.
Implementation
The security needs of each organization are unique. However, there are several steps that should be followed in the development and deployment of a Zero Trust Network. The first step involves the assessment of the organization by defining the protect surface. This process includes the identification of sensitive data, assets, applications, and services (DAAS) within the system. The current security protocols and capabilities should be evaluated, and gaps within the infrastructure identified. The most important and sensitive assets should have the highest level of security. It is also important to create a directory of the organization’s assets and identify the users who have access to them (Gilman & Barth, 2017). The establishment of a plethora of preventative measures is inevitable in order to avoid security breaches. Examples of these measures include microsegmentation, least privilege principles, and multifactor segmentation. System monitoring is also an important factor in the implementation of the Zero Trust Architecture (Dotson, 2019). The organization should be aware of all the activities taking place within their system and the surroundings.
How Zero Trust Architecture Works
As mentioned earlier, Zero Trust Architecture is a security model that requires strict identity verification of a system’s users, both inside and outside an organization. It is a holistic approach to security, and it does not involve the application of a single technology. It incorporates several principles and technologies that are aimed at providing the best network security (NIST, 2016). Examples of technologies used include multifactor authentication, encryption, analytics, IAM, orchestration, and file system permissions (Dotson, 2019). Whenever a user tries to access a system or network, they are required to provide their credentials, usually a username and a password. In the case of a Zero Trust Network, additional security credentials are required for access to be granted. Examples include a fingerprint, a one-rime password (OTP), voice recognition, time or location (NIST, 2016). Once a user has been granted access, they could be limited to the amount of information they can access within the network. For example, a sales representative could be allowed access only to information on customers and sales, and denied access to HR and finance department data. There are two types of MFA, namely device MFA and application MFA (Dotson, 2019). Device MFA involves the implementation of authentication at the point of login while application MFA involves authentication whenever a user tries to gain access to an application within the system (NIST, 2016).
Multi-factor Authentication
Multi-factor authentication is based on the principle that usernames and passwords are susceptible to brute attacks from cyber criminals. It enhances the security of systems by requiring users to identify themselves using several factors other than their username and password (NIST, 2016). Recently, many organizations have been adding multiple verification factors to their systems in order to improve system security. This has been necessitated by an increase in security breaches that have resulted in unauthorized access to sensitive information (Bozicevic, 2020). Individual credentials can be grouped into three categories: things a person knows (PIN or password), personal possession (smartphone), and inherence ( voice recognition or a fingerprint). A common example of a MFA is a one-time password (OTP) (NIST, 2016). This is usually comprised of a 4-8 digit code that could be sent via email or SMS, and that is used to access a system once. Technological advancements have led to the development of more complex MFA tools (Pratt, 2018). The use of artificial intelligence (AI) and machine learning has led to the creation of location-based MFA and adaptive authentication (NIST, 2016).
Functioning
The Zero Trust model assumes that any person or device trying to access a network either internally or externally cannot be trusted. Therefore, a strict identification an verification protocol is necessary. In order for this architecture to be effective, the notion that users within an organization can be trusted should be completely abdicated (Bozicevic, 2020). As mentioned earlier, it is founded on the principle “never trust always verify.” Cyber attackers use communication channels such as email, could applications, and endpoints to launch attacks (NIST, 2016). This security model is not dependent on location because a network can be accessed from any location (Bozicevic, 2020). Users, applications, and devices are located in different parts of the world. An important aspect of the security protocol is strict controls on device access (Pratt, 2018). The system should monitor the number of devices trying to access a system at any time. Any unauthorized device should be blocked in order to minimize potential network breaches. Authorization should be based on identity, user context, and device (Bozicevic, 2020). This ensures that only authorized devices that have passed the authentication process gain access to system applications and data.
Use by the National Security Agency (NSA)
The National Security Agency (NSA) has asked all defense agencies and contractors to implement zero trust network architecture. The agency has provided detailed instructions on how the network is to be set up though a cyber security information sheet (Barnett, 2020). NSA cites the prevention of data exfiltration as the main reason for embracing the new system. Among the networks recommended for the network infrastructure include the Defense industrial base (DIB), the National Security Systems (NSS), and the Department of Defense (DoD) (Barnett, 2020). NSA has said that the adoption of the Zero Trust Infrastructure and Zero Trust principles will aid in the regulation of interactions between users, devices, processes, and data. They will stop cyber attackers from abusing user credentials that have been compromised through security breaches (Barnett, 2020). Moreover, they will lessen the effects of malevolent activities within the various supply chains.
Zero Trust Infrastructure and DoD
Since the beginning of 2020, stakeholders across the military have been looking for ways to improve the security of their systems and data. The shift was slow because of the bureaucracy in the Department of Defense. However, the onset of the Coronavirus pandemic served as a catalyst for speedy migration to cloud services. The migration to the new security model is inevitable because the military has several zero-trust projects that are ongoing. The pandemic compelled the DoD to ask its employees to work remotely, and putting everyone through its normal architecture was very challenging (Barnett, 2020). It was impossible to accommodate every employee on the department’s VPN connection. The shift to remote work has been the catalyst that has accelerated the DoDs adoption of a zero trust architecture to network security. The Commercial Cloud Computing Office is responsible for providing security services to the department through the use of commercial cloud software solutions (Barnett, 2020). The DoD is implementing the new model in accordance with the instructions of the National Institute of Standards and Technology provide in the Special Publication 800-207 report.
Application to DOD
Initially, stakeholders in the military were skeptical about the zero-trust network as they deemed it a marketing gimmick. However, its security capabilities and concepts have convinced them to adopt it. It requires the concerted efforts of many security and IT professionals, as well as a mindset shift with regard to the configuration and monitoring of infrastructure. The main goal of the DoD is to make things simpler. Therefore, the NSA is more focused on adopting open-source tools and commercial acquisitions (Barnett, 2020). Examples of areas of interest include the principle of least privilege, a focus on endpoints and resources, and the modification of security policies using network and application telemetry (Barnett, 2020). Currently, several projects are ongoing to test the effectiveness of the zero trust architecture. Defense agencies have struggled greatly with adopting a zero-trust strategy because of the perceived cost (Barnett, 2020). However, zero-trust architectures can be cost-effective because they will leverage on existing investments in security systems. Investments such as user monitoring and access-rights management systems will be used with the new security architecture (Barnett, 2020).
Challenges of its Application
A survey has shown that defense agencies have been struggling with zero trust, hence its slow adoption in the DoD, prior to the emergence of the Coronavirus pandemic. Unfortunately, this skepticism has rendered them ill-prepared to adjust to change because currently, the majority of employees work remotely and access to their resources is difficult to monitor and control. One of the hindrances to speedy adoption is the perceived cost. Many stakeholders believe that the adoption of the architecture is expensive. However, they are cost effective because they are used in conjunction with existing systems. Another challenge to the implementation of the zero trust network is a lack of expertise. A lack of federal IT/security staff knowledge as been cited as a major roadblock to NAS’s program of overhauling the security protocols of DoD. The traditional model was based primarily on implicit trust. However, the new model is based on explicit verification. This shift needs specific skills that many federal security professionals lack. The DoD is implementing the new system based on the recommendations of a reference guide written by Defense Information Systems Agency (DISA), NSA, Cyber Command, and the private sector. The shift will occur in all divisions of the DoD over a protracted period. This window of adoption could pose a risk to the security of the network, and increase cyber attacks.
Conclusion
Zero trust architecture, also know as zero trust network is a security approach that enhances network security by implementing strict access protocols. It assumes that attacks can be either internal or externa, therefore, authenticating access at the point pf entry is necessary. It is based on four main concepts: threats can originate internally or externally, microsegmentation, least privileged access, and “never trust, always verify.” It is important for organizations to limit information access to the minimum that is required to complete a task. Moreover, access should be granted only to people who need it for work. “Never trust, always verify” is a principle that promotes the Zero Trust approach. It is important for the identity and access level of every user to be verified. Tools that are critical to the success of the network include MFA, SSO, fast provisioning systems, and device protection. Multifactor authentication refers to the use of several security protocols/verification factors while logging in to a system. SSO allows individuals to use a single password to access any area of the system that they are allowed to. NSA is in the process of implementing the zero structure infrastructure in order to safeguard the DoD. The challenges being faced include a lack of expertise and the perceived high cost of adoption.
References
Barnett, J. (2020). Zero trust guide coming to DOD in 2021. FedScoop. Web.
Bozicevic, V. (2020). Zero trust explained. GlobalDots.
Dotson, C. (2019). Practical cloud security: A guide for secure design and deployment. O’Reilly Media, Inc.
Gilman, E., & Barth, D. (2017). Zero trust networks: Building secure systems in untrusted networks. O’Reilly Media, Inc.
NIST. (2016). Back to basics: Multi-factor authentication (MFA).
Pratt, M. K. (2018). What is Zero Trust? A model for more effective security. CSO. Web.