For the last thirty years the prevailing approach to securing IT has been to secure the network from the outside world: “build a tall, strong, wall with well-guarded gates.” From many perspectives this has been a good choice; InfoSec teams focus their efforts and budget on ingress-egress points without having to manage the complexity and churn of an organization’s internal affairs. Unfortunately, it also means that any breach of the perimeter often leads to catastrophic failure.
In practice, organizations do watch the inside of their networks for threat actors, both insider and external, who might mean them harm; but even this approach still largely trusts the IT network.
More recently a new concept has gained popularity: Zero Trust Networks. With this approach all services on the network are mutually distrustful of each other and require authentication and authorization amongst themselves. This approach is a large leap forward from the perspective of operations and InfoSec teams; a single breach of an IT system is not game over event… unless it is.
What happens from the perspective of a user if the system breached holds the information they need protected? What happens if the system breached is the one upon which a user depended, or worse yet a key system like the directory service or network filesystem server? The problem is not the idea behind Zero Trust Networks, but that Zero Trust Networks don’t go far enough.
What if IT systems are not trusted at all? This has become popular in the consumer market with end to end cryptography (e2e), protecting messages and files from the sender’s device all the way to the recipient’s device. In e2e systems, even if service operators wish to eavesdrop on customers’ communications they can’t. This is the end game for Zero Trust, where IT systems and their operators are part of the threat model. An administrator of the communications system will not see the contents of the communications, not because the operator is following the rules/policies/compensating controls, but because there are technical measures that protect data from all but the intended parties.
This is not a dream but can be done today. The tools are ready for Zero Trust Infrastructure to be deployed to protect data in an enterprise environment without trusting anyone but the owners of the data.
Articles in this series
- SpiderOak Mission and Vision
- Zero Trust (this article)