Following the recent Colonial Pipeline hack in the USA, President Biden issued an Executive Order mandating a move to Zero Trust for all Federal networks. The news is full of hacks and attempted hacks, ransomware demands, and data thefts. So, the question is, why are private systems seemingly so vulnerable and what can be done about it?
Why does Zero Trust matter?
Zero Trust is not a new term; John Kindervag, an industry analyst at Forrester, popularised the term Zero Trust. It was then coined in April 1994 by Stephen Paul Marsh for his doctoral thesis on computational security at the University of Stirling.
The UK’s National Cyber Security Centre (NCSC) has set out some design principles, which underpin and potentially guide a Zero Trust approach as follows:
- Know your architecture including users, devices, and services.
- Create a single strong user identity.
- Create a strong device identity.
- Authenticate everywhere.
- Know the health of your devices and services.
- Focus monitoring on devices and services.
- Set policies according to value of the service or data.
- Control access to services and data.
- Don’t trust the network, including the local network.
- Choose services designed for Zero Trust.
Whilst Zero Trust has developed to mean different things to different people there is a striking contrast between Zero Trust and traditional perimeter-based network security architectures. The latter attempts to create a secure perimeter around a private network but allows ingress (and egress) from “trusted” devices or individuals, who can then move around inside that perimeter.
An analogy which is often used is that of castle walls. Organisations build secure perimeters to protect the assets inside them but then they must punch holes in those perimeters to allow access to and from other networks. That process itself can create weaknesses, but those weaknesses are often compounded by the fact that, once inside the perimeter, lateral movement around the whole private network can then be possible.
As indicated by the NCSC, one of the main principles of Zero Trust is that trust should not be assumed for any part of the network, whether that’s external or the local network.
Zero Trust also sets out that access to systems and devices should only be permitted once authentication has taken place.
The State of Play
Today, organisations run their networks on premise, in multi cloud and hybrid environments and rely on the public internet to provide connectivity pathways between their assets. Networks are generally a much more complex blend of systems and assets than they were 10 years ago. Open accessibility presents significant challenges for organisations that need to run private networks and connectivity utilising the public internet
Moreover, access is required to private systems by remote workers, supply chains, third parties and contracts based all over the World. All of this has been compounded by a rise in remote working and the proliferation of shadow IT and Bring Your Own Device (BYOD).
One of the challenges is that the internet was built to be open and accessible which is great for many applications. However, that open accessibility presents significant challenges for organisations that need to run private networks and connectivity utilising the public internet. The architecture that typically underpins connections over the internet is generally “connect then authenticate”. This means that anyone, anywhere, anytime can connect to a private system and try to get in.
For example, today the internet enabled device search engine Shodan shows there are currently over 4,000,000 VPN devices currently discoverable on the public internet, listening and waiting for “connect then authenticate” from anyone, anywhere. However, a VPN server is a private system, so why is it openly accessible on the public internet for anyone to connect to? This goes for a whole range of private systems from IoT devices to database servers!
Moving Forward
With a Zero Trust approach, connection is only allowed once defined trust standards have been met. That “authenticate then connect” architecture effectively renders private systems invisible to the public internet. Moreover, similar principles apply once connection has been allowed.
Zero Trust defines that lateral movement is not assumed, as systems can only connect to each other once they have been authorised to do so. This micro segmentation of the network through the prevention of unauthorised lateral movement is an important risk mitigation, which means that even if there is an unauthorised breach of the network potential damage can be limited by preventing unauthorised lateral movement.
There are a range of vendors with varied solutions that can deliver part of the Zero Trust approach but its important to recognise that, with Zero Trust, there is no one solution or “silver bullet” to deliver it; rather Zero Trust is an overarching philosophy and a number of core principles, which should guide the approach taken in enterprises.
Use cases for Zero Trust are many and varied but for example Zero Trust Overlay Networks, a B2B SAAS provided by Enclave Networks, is especially suited to managing secure connectivity in multi cloud environments because it facilitates networks without the need to constantly be adjusting the networking settings of different Cloud platforms, whilst simultaneously making all connections invisible to the public internet.