Traditionally, it was assumed that there was a well-defined network perimeter. Either you were inside the company, inside the firewall if you like, or you were on the outside. And once you’re in, you have free access to all the resources inside the network. And this was appropriate for a simpler time where remote access was not so common and necessary. But since then, zero-trust architecture has come into vogue.
Now, you should authenticate and authorize every interaction. So regardless of whether it’s a user or it’s a device, there is really no concept of an “inside” or an “outside”. If that user or that device wants to access a network resource, authentication authorization is a must.
Cyber-attacks can originate from inside or outside. Today, you can’t necessarily tell what’s inside or what’s outside.
The traditional architecture is static and based on the existence of a perimeter. The zero-trust architecture (ZTA) is dynamic changes and is not dependent on any perimeter.
In the traditional model, once you’re identified, you’ve got implicit trust inside the perimeter. In ZTA, even if you’re in, it doesn’t matter. Anytime you try to access something, we must confirm your user identity and authenticate you.
In the traditional model, you authenticate once when you’re connecting to the network. With ZTA, you connect every time you’re accessing any network device.
In the traditional model, once you’re in, you’re in and so internal traffic is unencrypted. Whereas in zero-trust architecture, I don’t care if you’re in or you’re out. There is no “in” and there is no “out”. If it’s a network session, it is encrypted end-to-end.
Well, the way it works is by using a security policy which you define, which gets applied by a trust algorithm which will ultimately grant or deny access to a resource by either a user or a device.
In addition to the algorithm, you need an identity credential system where you have identified “who’s who in the zoo” and what can they do. You need security analytics. This means you’re collecting logs; you’re looking at user and entity behavior analytics (UEBA), and you’re considering threat intelligence. Of course, you have endpoints and so endpoint security as well. And then as I mentioned, all traffic inside is in fact encrypted.
What’s the upside of a zero-trust architecture coupled with the aforementioned security monitoring? Well, for the one thing you will limit the blast radius. You know that an attack is inevitable, right? Assume breach is the paradigm, so when it occurs you will confine the security incident to the smallest possible blast radius. And this is very important because perfect protection is simply not practical.
The second benefit is improved situational awareness. Even if no blast has occurred, you know, because of the continuous monitoring that goes on, what’s normal, what’s occurring, what’s and happening inside your network. And this is very important to identify what’s out of ordinary or first time seen.
And thirdly, your data confidentiality is improved as it is less likely that your data is going to end up on the dark web. Hopefully, this sheds a little more light on the basics of Zero-Trust Architecture and why its important to your business.