Zero Trust Concept
19.04.2022
You can never be 100% sure of your information security. The development of new types of data protection brings information technology to a new level. Multi-factor authentication and privileged users, biometrics when gaining access - all this has already become commonplace in 2022. In a corporate environment, we are trusting people inside the network and not trusting people outside the network by default. Today we will look into the relatively new concept of "zero trust" and its usefulness in the company perimeter, cloud, and mobile security.
What is zero trust?
The zero trust model is an information technology approach to security, which involves verification of not only the user but also the device, regardless of the user's location. By default, all users, gadgets, clouds, systems, and networks are compromised, whether or not a firewall protects them. The concept of zero trust involves very strict access controls on systems, so even authenticated users go through several stages of verification. This method helps to significantly reduce the likelihood of an attack on the system.
By limiting the access of different users to certain segments of the corporate network, there is less opportunity for hackers to gain access to protected or sensitive data. Of course, the key value of the concept of zero trust is multi-factor authentication (a security mechanism that requires an additional real-time authentication method using a user-independent data category).
Corporate network vs. zero trust
As we have already said, the outdated method of protecting the company's perimeter implies that any user inside the corporate network is "trusted" by default, and any user of the company outside the corporate network, respectively, is untrusted. This model has existed and flourished over the past 20 years to justify the fact that only certain people have access to programs and applications. However, over time, this company perimeter security model proved to be less and less effective, in particular, because of cloud technologies, mobile technologies, technologies for the development of data protection systems, as well as the transition of employees to a remote work format, received a huge impetus in development. It turns out that in the new conditions there is no longer a concept of a "trusted person" inside the company and outside the company's network. The new default model treats all users as "untrusted persons" and forces them to go through all the steps to gain access, regardless of privilege. The first people started talking about the zero-trust policy in the middle of the 2000s, the main idea was to “deperimetrize” the company and switch to the company’s data protection strategy at all levels, using encryption and multi-factor authentication.
Development of zero trust
In 2010, John Kindervag, an analyst at Forester Research, coined the term "zero trust policy", the main idea of which was distrust of any user inside and outside the company. The company must verify anyone attempting to connect to the network before they can gain access. The zero-trust policy calls into question the defensive model of using a firewall between the internal and external networks. Such a security strategy will fall apart if a hacker compromises the system inside the perimeter and wants to steal confidential information. Thus, in a conventional system, information security inspectors must manually verify and protect all resources, and give and take access from each user separately.
Cloud and mobile security in zero trust
The three main principles of the concept of zero security are:
- Companies must provide secure access to their networks, regardless of the location of the company or employee;
- Organizations should control user access in such a way that the user has access to only the resource that he needs. In addition, businesses must prevent users from accessing potentially sensitive information and clearly define roles for employees. This is done so that in case of dismissal of an employee, private data remains in the company;
- Companies should inspect and log traffic to ensure that users are doing the right thing.
With the growing number of devices connected to the company's corporate network, more and more organizations began to implement special software solutions that support the zero-trust policy. Everyone has probably already heard about DLP systems - special software against leaks of confidential information and monitoring the work of employees during the working day. We will briefly describe how such a system works using the example of SecureTower from Falcongaze. SecureTower is a DLP system that will protect the company from data leaks due to the fault of employees, monitor the work of employees on their computers, identify potentially dangerous employees and, in the event of an incident, promptly report the violation to the information security team of the organization.
The SecureTower agent application is installed on the computer, which intercepts sent and received messages and files + controls all actions performed on the computer. All intercepted information is sent to your SecureTower server and subjected to intelligent analysis. If a violation is detected, the system can block the employee from performing an action and notify the company's information security service.
The DLP system can be used in the local network of companies, in networks with complex architecture, in geographically distributed offices, and in mobile workplaces. Thus, this software solution works on the principles of a zero trust policy and will help to significantly reduce the chances of losing an organization's confidential data.
Also, in accordance with zero trust, when working in a corporate environment, the use of a VPN is mandatory. Currently, companies have their own corporate VPN, which works in conjunction with other technological methods of information protection.
Future of zero trust
Since technologies are developing every day, and attackers come up with more and more sophisticated ways to attack systems, the global IT community has already understood the absolute validity of the idea of zero trust and is implementing this model everywhere in the company. Of course, large technology companies are the first to realize the potential of zero trust, large companies outside the IT sector reach zero trust much later, but, in general, according to analysts' forecasts for 2022-2025, the zero trust model will become widespread around the world.
Those who take the preservation of confidential company data as a priority are moving to zero trust and DLP before anyone else. Multi-factor authentication and browser isolation are also elements of the zero-trust system and, together with special software, work to ensure the greatest security of company data.