Zero trust is an up-and-coming buzzword in the world of cybersecurity, but what does it really mean? For an organization, implementing a zero trust model means better protection from the latest threats – even insider threats. Let’s look back at the history of the zero trust model and how it came to be such a popular approach to mitigating cybersecurity threats.
Kindervag: Founder of the Zero Trust Model
If you’re looking to find out what zero trust is really about, there’s no better person to start with than cybersecurity veteran, John Kindervag. Kindervag coined the term ‘zero trust model’ himself, back in 2010. The zero trust threat model is centered around the idea that data breaches and other security threats result from misplaced trust in internal networks. According to Kindervag, traditional IT security systems make the mistake of accepting that network users are no longer a threat once they’ve been verified and granted access to the network. In contrast, the zero trust model dictates that nothing outside or inside the network perimeter should be granted complete trust.
Historically, the network perimeter was seen as the boundary between ‘safe’ and ‘unsafe’. A firewall served to restrict the flow of data between unsafe external networks such as the Internet and the ‘secured’ organizational network. In reality, this firewall just acted as a goalpost for hackers, whose efforts were concentrated on developing threats that could penetrate the firewall, disguised as legitimate network traffic. Once inside the network, however, attackers had free reign.
In reality, though, threats also originate inside the perimeter – sometimes due to malicious insiders, and other times due to system vulnerabilities or human error, leading to a data breach ‘from the inside’. More recent developments in organizational networks have made it even clearer that perimeter security is not enough:
Collaborative work culture
As collaboration between organizations became an increasingly important part of modern work culture, organizations began to give trusted third parties access to their network, creating many new ‘doors’ to the network. Of course, securing a perimeter that has multiple openings is exponentially more difficult than securing a single opening. Hackers now have multiple vectors through which they can breach the network – rather than trying to sneak through a single heavily guarded doorway, they now have a number of trusted third parties through which they can “piggy-back” a ride. They simply need to compromise one of these trusted parties and, voila! They gain easy access to the network through the designated ‘door’.
Moving to the cloud
The second stumbling block facing traditional network perimeter security is the advent of cloud computing. Organizations first began moving data into the cloud about a decade ago and, at first, this was often without fully understanding the security tools required. While cloud service providers have always offered several security options, these were – and are – inadequate to protect against the wide range of existing threats, leaving organizations at a loss as to how to secure data and applications in the cloud.
From Perimeter to Microperimeter
The zero trust model breaks down the single network perimeter into many tiny, granular microperimeters (a process called microsegmentation). This creates many secure zones that can each be secured individually, each one housing those data and applications that are relevant to a specific work process (or a small set of work processes). Under a zero trust model, only the particular users and devices that need access to a given microsegment are granted authorization to individual secure zones. The smaller the microsegments, the higher the level of security. Google’s BeyondCorp is perhaps the most well-known example of a full zero trust implementation, combining ideas and best practices that ‘shift access controls from the network perimeter to individual devices and users’. Following this model, networks are protected from all threats, even insider threats.
Enforcing the Zero Trust Model
An organization looking to benefit from the zero trust model must use a combination of strict policies, rules, and security tools to provide authorized access to each micro segment, thereby reducing the overall attack surface. These tools can include traditional endpoint protection tools such as firewalls and antivirus, as well as more advanced technologies, such as Identity and Access Management (IAM), Security Orchestration, Automation and Response (SOAR) and Remote Browser Isolation (RBI).
For instance, Ericom Shield, our Zero Trust Browsing solution, leverages RBI to keep all web-borne content off of endpoints and networks, while allowing users to browse the Internet as usual. As dictated by a zero trust model, RBI assumes any active web code might be malicious – nothing is trusted automatically. Thus, each browsing session runs in its own isolated container, in a remote location such as the cloud, and only a clean content stream reaches the local web browser. To the user, the browsing experience remains seamless and interactive, allowing them to securely access whatever web-based resources they need to do their jobs.
Learn more: Download our free white paper to learn why no zero trust model is truly complete without Remote Browser Isolation
If you liked this article you might also be interested in some of our latest blog posts: