ZERO TRUST ARCHITECTURE

Published in

CYSCOM VITCC

6 min readSep 20, 2021

IoT devices being integrated into IT networks is extremely common nowadays. This integration of IoT devices brings with it its own set of problems as these devices are not known for their high-security standards, thus leaving the entire network at risk of an unauthorized breach.

To take this, Zero Trust Architecture is a policy implemented to counter this new vulnerability. But what is zero trust architecture, and how is it implemented? We’re going to try to answer these questions in this blog.

So what is zero trust architecture?

Zero trust architecture is a security paradigm that combines strict identity verification and explicit permission for every person or entity attempting to access or use network resources, regardless of whether the person or entity is inside an enterprise’s network security perimeter or accessing the network remotely.

But what exactly does that mean?

Let’s take the example of a secure building that has access to the nuclear codes. If there was only one point where authentication takes place, the building would not be as secure as if a threat manages to breach the initial security checkpoint, the threat has free access inside.

So instead there are multiple checkpoints with security guards, so the event that a threat actually manages to get access to sensitive data is really low as the chances that the threat will be intercepted just went up.

That’s basically what zero trust architecture aims at doing. By not assuming that an entity from inside the network is safe, it increases the level of security of the network.

Design Principles of Zero Trust Architecture:

A few of the main principles that go into zero trust architecture are:

Know your architecture including users, devices, and data:

In the zero-trust network model, it’s more important than ever to know your users, devices, services, and data

In order to get the benefits from zero trust you need to know about each component of your architecture, including your users, devices, and the services and data they are accessing.

A proper understanding of your assets will most likely involve an asset discovery phase as one of the first steps in your zero trust journey. In some environments, this can be challenging and may involve the use of automated tools to discover assets on the network. In other cases, you may be able to determine your assets by following a non-technical procedure, such as querying procurement records.

It is also important to know what data is being stored within your environment, its location, and its sensitivity. Knowing your data and its associated sensitivity will help you develop effective and appropriate access policies that will help achieve.

Know your User, Service, and Device identities:

User, Service, and Device identity is a really important factor when making access decisions in a zero-trust network

An identity can represent a user (a human), service (software process), or device. Each should be uniquely identifiable in a zero-trust architecture. This is one of the most important factors in deciding whether someone or something should be given access to data or services.

These unique identities are one of a number of signals that feed into a policy engine, which uses this information to make access decisions. For example, a policy engine could evaluate user and device identity signals to determine if both are genuine, before allowing access to a service or data.

Completing a discovery exercise is an important first step towards the allocation of a single source of identity to your users, services, and devices.

Assess user behavior, service, and device health:

You should monitor health signals from your users and devices continuously, to evaluate confidence in their trustworthiness. Measuring user behavior and device health helps you gain confidence in their cyber hygiene and that they have not been compromised.

Use policies to authorize requests:

Each request for data or services should be authorized against a policy

The power of a zero-trust architecture comes from the access policies you define. Policies can also help to facilitate risk-managed sharing of data or services with guest users or partner organizations.

Use products managed services and protocols that support a continuous authentication and authorization process.

Example — access authorized by policy

Here is a simple theoretical example of a user accessing a service or corporate data, with a policy authorizing the request. A more in-depth example, expanding on the use of signals in the authorization process, can be found in the Use multiple signals to make access decisions section below

A user makes a connection to a policy enforcement point, which will mediate their connection to the service or data requested.

The policy enforcement point will query the policy engine for an access decision. The policy engine will evaluate the request against an access policy before suppling an access decision to the enforcement point.

If the access request is accepted by the policy engine, the request is allowed by the policy enforcement point. If it’s rejected by the policy engine then the connection is dropped.

The access decision is being continually evaluated in real-time. A change in security posture may entail termination of the connection or re-authentication.

Authenticate and authorize everyone:

Build your systems to have strong authentication methods and build applications to accept access decisions from a policy engine.

Authentication and authorization decisions should consider multiple signals, such as device health, device location, user identity, and status when evaluating the risk associated with the access requests.

MFA is a requirement for a zero-trust architecture.

This doesn’t mean that the user experience has to be poor. On modern devices and platforms, strong MFA can be achieved with a good user experience. For example, only triggering MFA when confidence in the user and device degrades. Some authentication apps provide a push notification on a trusted device so that users are not burdened with typing a code or finding a hardware token.

Focus on monitoring users, devices, and services:

Comprehensive monitoring is essential because devices and services are more exposed to network attack

In a zero-trust architecture, it is highly likely that your monitoring strategy will change to focus on users, devices, and services. Monitoring your devices, services, and user behavior will help you to establish their cyber health.

Monitoring should be carried out on the device and be exported over a secure transport (to a central location. User behavior, like normal working hours or normal working location, is another important metric to monitor. It’s also important to have visibility of your services and understand the interaction between users and their data. This information can be used as a signal, with any abnormal activity observed that could be used by a policy engine to make an access decision.

You should know what actions devices, users, and services are performing and what data they are accessing. Your monitoring should link back to the policies you have set, verifying they are being enforced as you expect.

Don't trust any network including your own:

Zero trust sees the network as hostile. You must build trust into users, devices, and services

Don’t trust any network between the device and the service it’s accessing, this includes the local network. Communications over a network, to access data or services, should use a secure transport such as TLS. The device should be configured to prevent attacks that are present on a local network. This includes DNS spoofing, man-in-the-middle attacks, and unsolicited inbound connections.

Connect with me on Linkedin

References:

ZERO TRUST ARCHITECTURE

So what is zero trust architecture?

Design Principles of Zero Trust Architecture:

Written by Pranav Viswanathan