The art of healthy skepticism

With its principle of user, device and infrastructure verification before granting conditional access to enterprise resources, the Zero Trust security model is growing in popularity as a new approach to cyber risk mitigation. But while Zero Trust holds the promise of enhanced usability, data protection and governance, many security professionals are not confident in their ability to apply this type of architecture in today's IT environments. In order to demystify perceptions and beliefs about Zero Trust, we met John Kindervag who first came up with the idea of eliminating the concept of trust from an organization’s network architecture.

John Kindervag created the concept of Zero Trust in 2010 during his tenure as a vice president and principal analyst for Forrester Research, when it became clear to him that traditional security models operated on the outdated assumption that everything inside an organization’s network should be trusted. Having joined Palo Alto Networks as Field CTO in 2017, he currently advises both public and private sector organizations with the design and building of Zero Trust networks and other cybersecurity topics.

ZERO TRUST HAS BECOME ONE OF THE LATEST BUZZWORDS IN THE CYBERSECURITY CIRCLES, TO SUCH AN EXTENT THAT NON-SPECIALISTS OFTEN STRUGGLE TO GET A CLEAR UNDERSTANDING OF THIS MODEL. CAN YOU TELL US IN SIMPLE TERMS WHAT IS - AND WHAT IS NOT - A ZERO TRUST ARCHITECTURE?

J.K.: "We have to distinguish between Zero Trust and the architecture that comes out of it. Zero Trust is a cybersecurity strategy which identifies that the fundamental problem in cybersecurity is the broken trust model where it is said that the trusted side of the network goes to the internal network and the untrusted side goes to the external network. And if you are on the internal network, you can have access to any resource based upon that trust model. Identifying that the fundamental flaw was trust, a human emotion injected into a digital system for no reason, was the foundation for Zero Trust.

And then, of course, you need a way to make that thing happen, bring it into action. That's where architecting a Zero Trust environment comes in. All this was extensively described in the second report I wrote back in 2010, called Build Security Into Your Network's DNA.

There are four design principles when you are building a Zero Trust environment. The first step is focusing on the business outcomes. What is the business trying to achieve? That's the question we ask. Typically we didn't do that in traditional cybersecurity. We used to build networks for our organization based upon certain standards, or what we thought were standards but were in fact ideas created by vendors for the purpose of selling equipment.

The second thing that we do in Zero Trust is design the network or the environment from the inside-out instead of the outside-in. GDPR, for example, says that you need to know where all your data and assets are, but no one knows because the networks were built the wrong way, from the outside-in instead of the inside-out. If you're going to protect something, you need to know what it is, you need to know where it is, you need to know who should have access to it.

Start Zero Trust environments with the thing that you want to protect. Deploying Zero Trust environments is based upon the concept of protect surfaces, the smallest possible reduction of the attack surface. A protect surface contains a single DAAS element  - Data, Assets, Applications and Services - and these vary as far as how sensitive or critical they are. There are data types that you need to protect like credit card data, health data, PII, or intellectual property. There are applications that you need to protect like HR applications, CRM applications, or applications that use sensitive data. There are assets that you need to protect, places where sensitive data is stored, or assets that highly impact the availability of systems. And then finally, there are services that you need to protect, services like DNS, DHCP, Active Directory, Network Time Protocol, things that are very fragile but integral to your business. So, we take a single DAAS element, we put it into a single protect surface, and we start building the Zero Trust network from there going out.

The third design principle is to control access to the DAAS element in the protect surface, based upon need to know and least privileged concepts. Abuse of trust is at the heart of many of the data breaches making news headlines on an almost daily basis.

And then finally, we inspect and log that access all the way through layer 7 of the package to make sure that it doesn't have threats embedded in it, that it behaves appropriately, and that it meets policy. Ultimately, Zero Trust is a layer 7 policy statement but I must have layer 7 technology in order to enforce that policy statement. And that's why I joined Palo Alto Networks, because what their core technology does is enforce these types of Zero Trust layer 7 policy statements. Using this technology, it was very easy for me to deploy Zero Trust environments, whether on premises, in public or private clouds."

If you want to continue the reading click here