Back in the year 2009, Intel introduced a concept called BYOD, or Bring Your Own Device when it realized a vast majority of its employees were bringing their own laptops, smartphones and other handheld devices and connecting them to the corporate network. Little did they realize that they were seeding a movement that would grow dramatically across the world over the next decade. A movement, which would be fueled by the rapid adoption of cloud technologies, which made the physical location of the device a redundant factor. According to a recent estimate, almost 39% of employees access corporate networks on their personal devices and this trend is only expected to grow.
This proliferation of devices is not merely from personal employee devices alone. Organizations now no longer expect their workforce to be tied to a physical facility such as an office. With the pandemic accelerating adoption of remote work, organizations have had to adapt to employees working from their homes, and in a few cases, using less secure public networks to access the corporate network.
While such a move gives flexibility to the workforce, it throws up crucial questions to the CIO and the CISO. How should I approach securing the corporate IT estate with such a vast number of endpoints accessing the network? What changes do I need to make to my traditional, perimeter-based approach to securing the IT infrastructure? What new vulnerabilities do I need to consider in a new security plan?
What is the classical Perimeter-based security model and why is it no longer effective?
Before we go further, it is worthwhile exploring the classical perimeter-based security model that was the preferred method until recently. Organizations typically used a perimeter-based security concept, where the “internal” or the privately managed part of the IT network was clearly demarcated from the “external” internet side that was publicly accessible through a combination of hardware and software. Network administrators could then enforce access policies based on the origin of a connection request that either allowed or prevented a device from accessing assets on the internal corporate network.
With an increasing number of access requests originating from a multitude of devices and individuals, often accessing questionable internet connectivity, makes the perimeter-based approach ineffective. This problem is compounded by the sheer number of devices and the expected number of use cases that users across different organizational roles would require. It soon becomes evident that such a security model does not scale well with the expected increase in endpoints.
There has also been a trend of collaboration taking place across organizational lines that involve data exchange based on shared credentials of business partners. While this is an essential step forward to realize business efficiencies facilitated by better technology, it essentially puts IT security to a severe stress test by opening external endpoints to the organizational IT estate.
Organizations are also being targeted by sophisticated and highly targeted attempts to breach their network and either gain access to sensitive information or ransom demand against threats to disseminate corporate data in the public domain.
Below figure summarizes these potential threats and highlights the challenges that stare in the face of the CIO with this rapid evolution of device capabilities and cloud adoption.
It becomes evident that the legacy approach to securing organizational IT infrastructure may no longer work and a new paradigm must emerge that considers complexity introduced by the above-mentioned factors. This is where an identity-centric and a device-centric model comes in. In the next few sections, we examine how this model can provide a tremendous advantage over the perimeter-based approach and what organizations can do to adopt this model.
Why is an identity and device-centric model crucial in today’s IT landscape?
The traditional perimeter has expanded beyond enterprise walls, making it more challenging for security and IT teams to verify user identities, and the trustworthiness of their devices, before granting both access to enterprise applications and data. The new workforce model today requires an equally extended security model. The extended perimeter is now centred around individual user identity and their respective devices. The extended workforce security model must be able to establish device and user trust, no matter where the user is physically, and no matter what kind of network they are connecting from.
This is key – the individual and their devices are the fundamental blocks to building a new security paradigm, bottom-up. When organizations view security from this perspective, it becomes absurdly simple and all business partner relationships - customers, suppliers, and employees – become individual-device pairs from the perspective of your IT infrastructure security.
What is a zero-trust security model?
This leads us naturally to the concept of Zero Trust. With the definition of the extended perimeter reduced to the abstraction of a user and their respective devices, we need to transition to a trust centric model focused on authenticating every user and device before granting access to the infrastructure. Zero Trust simply says, “Trust nothing, always verify”. It is a strategic initiative to prevent security attacks or data breaches by having No Trust in any user, device, or applications within or outside the organization’s perimeter. This model treats every access attempt as if it originates from an untrusted network and defaults to denial of access. It is only after establishing the credibility of the request originator, the appropriate access authorizations are granted.
Zero Trust Architecture – Guiding Principles
The above figure shows the major components of the Zero Trust model and the manner in which they all work together to deliver end-to-end coverage. In an optimal Zero Trust implementation, your digital estate is connected and able to provide the signal needed to make informed access decisions using automated policy enforcement.
What are the guiding principles of architecting a zero-trust security model?
It is crucial to understand the fundamentals of architecting a Zero Trust security model before attempting to adopt it for your organization. The value of this approach in securing your digital estate is immense.
Zerotrust provides unprecedented visibility into the action trail of various users and their respective digital assets, not merely of the network. This enables more comprehensive security in a highly dispersed business environment and a rapid feedback mechanism for your security policy to evolve in such a rapidly changing environment.
Zerotrust also reduces complexity and simplifies network management. At its core, Zero Trust is a framework in which an organization sacrifices one large perimeter in favour of protection at every endpoint and for every user within or outside of the organization. This method relies completely on strong identity and authentication measures, trusted devices and endpoints, and granular access controls to protect sensitive data and systems.
As such, the guidelines to building such a system are quite straightforward:
- Never trust, always verify: Do not inherently trust anything on or off your network. If you accept that you can’t control every IP address and every device, the result is that you can no longer assume trust within the network perimeter.
- Grant access based solely on the identity and device of the user accessing the application, regardless of a user’s network location — be it an office, a home network, or a coffee shop. You need to know that the user requesting access to a resource is who they say they are, and you need to verify that they are allowed to access a specific resource.
- Access controls are dynamic and must be continuously verified. In a Zero Trust environment, consistent authentication and authorization checks are essential for maintaining security.
- Visibility and Analytics: In order to enforce Zero Trust principles, empower your security and incident response teams with the visibility of everything going on in your network – and the analytics to make sense of it all.
- Automation and Orchestration: Automation helps keep all of your Zero Trust security systems up and running, and your Zero Trust policies enforced. Humans are not capable of keeping up with the volume of monitoring events necessary to enforce Zero Trust.
Why a “Default: Access Denied” is the right way for your enterprise security?
There are several benefits of adopting this model of security of a digital enterprise. Firstly, it allows conditional access to certain resources while restricting access to high-value resources on managed and compliant devices. This prevents network access and lateral movement using stolen credentials and compromised devices, providing credible security in this era of digital pilferage.
Adopting this will eventually enable users to be more productive by allowing them to work however they want, wherever they want, and whenever they want. With an Identity-centric approach, it becomes easier to implement an "if-this-then-that" approach to Zero Trust that can be very easily automated.
Zero Trust model provides inbuilt security intelligence which constantly monitors the provision or denial of access both inside and outside the organization’s perimeter. Unlike traditional security models, the Zero trust model has a greater number of security checkpoints, which creates additional security checkpoints and validation of events, eventually providing a more stringent security control over the network.
If there is an emerging threat, which your team is monitoring, they can use the strategy of segmentation or “micro perimeter”, which is used to get easier and faster control over such a threat. With the concept of segmentation, IT staff can identify and trap these threats within the segment and block the advancement of threats to the wider network. The faster the threat is contained, the lesser is the damage caused.
Besides bolstering network security, this approach improves the overall network performance where system traffic is more easily modulated from one segment to the next with there being fewer hosts and endpoints per segment.
Organizations are aggressively transitioning or planning their transition to the Zero Trust model and as we argue, the benefits justify the investment. After all, the return on investment of digital security is a silent one – one never knows what might have happened if security measures were not in place and its best if it stays that way.