Why Zero Trust is the model for today’s cyber security challenges

Guest post by Rob Allen, who is an IT Professional with almost two decades of experience assisting small and medium enterprises embrace and utilise technology. 

Stand first: A radically different model to the old ‘castle walls’ approach, it is vital to communicate the benefits of the Zero Trust model to the business.

Why Zero Trust is the model for today’s challenges

A director of the FBI said there are two types of companies: those that have been hacked and those that will be. While it may sound ominous to think of such an outcome as inevitable, this position can also provide a different perspective on security, while also reducing reputational risk.

uses policies and actions to enforce least-privilege in information systems and services. It views the IT environment as inevitably or already compromised, and therefore limits access to only what is needed.

With the goal of preventing unauthorised access to data and services, and to make access control enforcement as granular as possible, the Zero Trust model represents a shift from a location-centric model to a more data- and user-centric approach.

Zero Trust can be applied to data, applications, services, and servers, just as much as for users.

By understanding what a Zero Trust model can mean for the whole organisation, it can provide a foundation and blueprint for a layered, coordinated approach to security that protects businesses against the realities of today’s threat landscape.

What is the Zero Trust model?

“Zero trust is a way of thinking, not a specific technology or architecture,” said Neil MacDonald,  distinguished VP analyst, Gartner. “It’s really about zero implicit trust, as that’s what we want to get rid of.”

In the aftermath of the cyber attack on the Colonial Pipeline in 2021, the US Government announced the ‘Executive Order on Improving the Nation’s Cybersecurity’. This Executive Order stated that the ‘The Federal Government must adopt security best practices; advance toward Zero Trust Architecture’

As part of this Executive Order Zero Trust was defined as follows:

‘the term “Zero Trust Architecture” means a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.‘

‘The Zero Trust security model eliminates implicit trust in any one element, node, or service’, ‘Zero Trust Architecture allows users full access but only to the bare minimum they need to perform their jobs’

‘The Zero Trust Architecture security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed’

This is in stark contrast to the old idea of the castle walls, where it was assumed inside the castle, or your business security perimeter, everyone was a trusted user and therefore had access to pretty much everything. This was implicit trust. 

Firstly, today’s user is more likely than ever to be outside your company firewall, beyond your castle’s walls, perhaps at home, or in a hotel, or at a customer’s site. A ZTM never assumes anyone is coming from a safe location. whether inside the castle, or beyond the moat, every endpoint is treated equally, and must be authenticated.

Secondly, the ZTM does not check once and then grant unlimited access. The model is designed to check on each request or interaction. This means that even if credentials are stolen, hijacked or spoofed, unauthorised access or requests are checked against policies, roles, and processes to see that all is as it should be.

This is a fundamental shift in thinking to how many businesses operated before and has many implications. Turning to Gartner again, it says an effective zero trust strategy means focusing on balancing the need for security with the need to run the business. It means building a structure where everyone gets all the access they need to do their job when they need it, but no more — reducing possible incidents, whether accidental or malicious.

Challenges addressed by Zero Trust

So what does a ZTM look like in practice?

Once a user is authenticated they may still only access resources based on their specific role and the policies related to it. Again, this limits the potential harm by limiting the surface area of attack should user credentials be compromised. Even an authenticated user to a customer database could not, for example, jump into HR to see who has elevated user privileges. 

Human error 

According to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved a human element. Whether opening an attachment from an untrusted source or clicking on a malicious link in an email, users are continuously targeted simply because it is the easiest way to gain a foothold in an IT System.  

It is now best practice for users in every organization to complete some level of cybersecurity training. However, it does not change the fact that we’re human and accidents can happen. IT professionals now need to account for user error which could result in significant damages for businesses and ask themselves, “How do I prepare for the unknown? How do I bridge the gap between the trained and the untrained?”

Zero Trust tools, like application control, have long been considered the gold standard in protecting businesses from known and unknown malware. Unlike antivirus, an allow list controls what software, scripts, executables, and libraries are permitted to run on your endpoints and servers. This approach permits required software to run, but stops not only malicious software, but also other, unwanted applications from running. This process drastically minimizes cyber threats by stopping ransomware and other rogue applications running on your network. 

The Unknown 

It is impossible to plan for every attack because the more our cybersecurity strategy improves, the more hackers find new ways to circumvent security protocols. What happens when a trusted application is weaponized, or a vulnerability is exploited? This vulnerability is usually very targeted and enables hackers to exploit the vulnerability before the developer can create a patch organisations to install it. The proactive nature of a ZTM will assist with safeguarding a workstation and reducing the attack surface of an environment. 

Using a deny by default approach in your ZTM could be the difference between a payload being executed or not, as only allowed applications can run. Secondly, although new, the principle of application containment can block application interaction, preventing common software from Microsoft Office being used to call on tools often used by threat actors like PowerShell and Command Prompt.

ZTM and culture

A key element of a ZTM is communicating its benefits to users. . CISOs and cybersecurity professionals must communicate the benefits to users, both from an organisational and a personal perspective. -Early, regular communication in implementing a ZTM is necessary to ensure users are properly informed as to how they can participate and support the approach. Buy-in is critical from the ground up.Equally communicating the key benefits of resilience, enablement, and flexibility in allowing new hybrid architectures and working practices will ensure that not only can new business opportunities be accommodated, but that evolving employee expectations can be met securely, with the inherent benefits 

 The granularity and detail of the ZTM policies mean that procedures and practices are well documented, well understood and highly detailed which can provide a solid and well informed basis from which to automate business processes.

The future

Due to the increase in sophisticated attacks, Gartner has predicted that by 2025, 60% of businesses will adopt a ZTM. The 2021 Executive Order was followed by a reference for executing on the directive resulting in the Cybersecurity and Infrastructure Security Agency (CISA) guidance in entitled “Cloud Security Technical Reference Architecture and Zero Trust Maturity Model” (ZTMM). Other countries have also implemented a ZTM in their cybersecurity approach (Australia Essential 8) and this will continue to trend upwards as organisations aim to remain compliant with government and industry standards.

Irish organisations should shift their thinking away from perimeters and location and onto a more data- and user-centric way of providing secure, appropriate access to the right resources. A Zero Trust Model is ideally suited to today’s working environment where a hybrid enterprise infrastructure spans on-premises, cloud services and edge computing, that can be accessed by a user anywhere and on almost any device. 

Properly implemented, and fully communicated to both the board and the user base, a ZTM can ensure that organisations are resilient, business enabled and flexible enough to meet today’s demands while remaining secure and compliant. 

More about Rob Allen

Rob Allen is an IT Professional with almost two decades of experience assisting small and medium enterprises embrace and utilise technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by MSP’s and their customers today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customer’s needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. 

Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks. Rob joins the ThreatLocker team in 2021 excited at the prospect of building new relationships and helping deliver ThreatLocker’s enterprise-level security products to customers throughout the EMEA region.

See more breaking stories here.