Get started on your Zero Trust journey

Every enterprise is different and will have its own unique Zero Trust journey. From our own experience, we have outlined some best practices, which we believe will be helpful for making an enterprise’s journey on the Zero Trust highway to be extremely effective.

In the past two years, the concept of a perimeter has been completely eliminated. With remote working being the norm than the exception, the traditional security model is no longer effective.  This is especially more relevant today, as there is a significant rise in digital transactions. With more users transacting online, the attack surface area has dramatically exploded, with more users accessing applications from different endpoints. This changing landscape has created many issues, with respect to security. The clear need of the hour is to create a stronger security landscape and reduce risks. This is where a Zero Trust framework can help.

Unlike the traditional security model, which assumes that once given access, the identity can be trusted, a Zero Trust model assumes that every entity is hostile, and needs to verify credentials for every transaction. This model demands that trust is verified at each stage before granting any access. And identity is the foundation of this verification process. ‘Never trust and always verify’ is the core premise of a Zero Trust framework, and this means every entity – a device, a user, or any transaction must always verify its credentials before giving any access.

Fundamentals of a zero trust approach

At its core, identity lies at the core of a Zero Trust approach. Enterprises can use a number of techniques to ensure secure access. First and foremost, it is important to create a single source of truth and use federated identities / SSO. This is important as most enterprises have identities scattered all over their ecosystem. Federated identity enables employees, partners, and contractors to work across enterprises without any need to create new identities in each enterprise.SSO (single sign-on) enables users to access different applications within an enterprise using a single identity. Users log on once to an ID provider portal or their company portal and seamlessly connect to other authorized applications. The security can be reinforced using multi-factor authentication. The use of multi-factor authentication (MFA) drastically reduces the chance of account compromise. MFA also opens the door for conditional access policy implementation. Enterprises can restrict access to critical applications such as sales or finance to only a select group of people. This restriction could completely deny or allow limited access.

Identity security can be further strengthened using a Privileged Account Management (PAM) Solution. Privileged Accounts (e.g., super admins, service accounts) have too much power. They have elevated privileges that can bypass usual security measures to do things such as granting access to other users, adding/deleting data/files, system maintenance, running the application or batch jobs, accessing critical enterprise data, etc. As seen in many supply chain attacks, adversaries try to get into the network and get access to privileged accounts through their lateral movements. A Privileged Account Management Solution can be used to manage and monitor privileged accounts. Similarly, organizations can implement a just-in-time access process to privileged accounts to grant access only for the needed time period. Modern PAM tools also include credential vaulting: super admins do not need to know their passwords. Service accounts directly connect to the PAM tool to authenticate before running any application or batch job.

While identity is extremely important, Zero Trust is not simply about identity and access management from the perimeter. Network security is still critical for providing defense in depth. To achieve this objective, enterprises must install next-generation firewalls (NGFWs) to take advantage of device filtering, deep packet inspection, and other capabilities. Enterprises must also use extensive vulnerability scanning to ensure all OS and application patches are installed and effective. Finally, all security systems must provide inputs to feed the SIEM (Security Information and Event Management) / UEBA solution to ensure real-time entity behavior analytics, anomalous activity identification, and automated workflows and case management to reduce time to respond.

Enterprises must remember that there may not be a single vendor which offers a complete Zero Trust security solution. Some Zero Trust security vendors may focus on network access while some may focus on identity and access management. Some may offer Zero Trust data protection, while some may focus on fulfilling the role of an Enterprise Threat Protector.  Depending on their need, enterprises may choose to select specific Zero Trust providers.

By Rishikesh Kamat

Product Head - Managed Security & IMS - NTT Global Data Centers and Cloud Infrastructure, India

pcquest@cybermedia.co.in