Zero trust is a cybersecurity best practice that essentially assumes everything and everyone is compromised. Generally speaking, in a Zero Trust policy, every login attempt has some form of multi-factor authentication, communication is encrypted, files are scanned, sessions are monitored, threats have a real-time response, and least privilege access is utilized across the board.
Essentially Zero Trust means “never trust, always verify.”
In the real world when you wear a tinfoil hat and rant about conspiracy theories, you might be institutionalized; in cybersecurity, you get promoted. Zero Trust is the tin foil hat of cybersecurity—everything is a conspiracy and everyone could be a threat.
3 Principles of Zero Trust
The three principles of Zero Trust are:
- Verify Explicitly: Always authenticate any login attempt from every employee using a multi-factor authentication method.
- Use Least Privileged Access: Provide access levels based on a user’s role. This limits the number of individuals who can access all facets of your business and therefore limits the ability of a hacker to do system-wide damage if an entry-level employee were hacked. Or, if someone in marketing is hacked, the attacker won’t have access to accounting information and vica versa.
- Assume Breach: It pays to be paranoid in cybersecurity. An Assume Breach mentality essentially means that everything (network, applications, services, etc.) is compromised.
7 Components of Zero Trust
The National Cybersecurity Center of Excellence (a division of NIST) has broken Zero Trust down into three Core Components and four Functional Components.
Core Components
1. Policy Engine
The policy engine handles the ultimate decision to grant, deny, or revoke access to a resource for a given subject. The policy engine calculates the trust scores, confidence levels and ultimate access decisions.
2. Policy Administrator
The policy administrator is responsible for establishing and terminating the transaction between a subject and a resource. It generates any session-specific authentication and authentication token or credential used by a client to access an enterprise resource. It is closely tied to the policy engine and relies on its decision to ultimately allow or deny a session.
3. Policy Enforcement
The policy enforcement point handles enabling, monitoring, and eventually terminating connections between a subject and an enterprise resource.
Functional Components
4. Data Security
The data security component includes all the data access policies and rules that an enterprise develops to secure its information and the means to protect data at rest and in transit.
5. Endpoint Security
The endpoint security component encompasses the strategy, technology, and governance to protect endpoints (e.g., servers, desktops, mobile phones, IoT devices) from threats and attacks, as well as protect the enterprise from threats from managed and unmanaged devices.
6. Identity and Access Management
The identity and access management component includes the strategy, technology, and governance for creating, storing, and managing enterprise user (i.e., subject) accounts and identity records and their access to enterprise resources.
7. Security Analytics
The security analytics component encompasses all the threat intelligence feeds and traffic/activity monitoring for an IT enterprise. It gathers security and behavior analytics about the current state of enterprise assets and continuously monitors those assets to actively respond to threats or malicious activity. This information can feed the policy engine to help make dynamic access decisions.
Make the Smart Choice
Are you ready to “never trust, always verify” in order to ensure your organization’s sensitive data is always safe and secure?
If you’ve decided it’s time to put your tin foil hat on, then contact the team at R-3 IT to chat about how you can implement a policy of Zero Trust in your business.
