The so-called "zero-trust" model – making security ubiquitous throughout the network, not just at the perimeter – offers a fresh way of thinking about defending against threats, reports Angela Moscaritolo.
Could it be that one of the most common credos taught to security professionals is actually leading them astray?Every practitioner has heard it before: Trust that employees are doing the right thing, but verify that data is protected. Proponents of a new security model, however, argue that while the phrase “trust, but verify” sounds good in theory, the reality is that most security practitioners have been doing the opposite – trusting users by default, but never verifying that data is protected.“Whoever said, ‘This needs to become a mantra,' missed the mark,” says John Kindervag, a senior analyst at Forrester Research. “It incentivizes people to not know what's going on. There is no reason to have any trust in the network.”
Kindervag (left) is the driving force behind a new model called “zero-trust” that is gaining support with the security community. The strategy is based on the idea that security must be made ubiquitous throughout the network, not just at the perimeter. No longer should there be any distinction between a trusted internal network and the untrusted external network. The zero-trust model dictates that all network traffic should be untrusted.The idea was born to solve a fundamental security problem: Once an attacker penetrates a network, they have unfettered access to the resources inside, Kindervag says. Plus, malicious insiders don't even need to break into the network to abuse its resources.Consider this: 49 percent of breaches investigated in 2009 by Verizon were linked to insiders. This figure dropped to 17 percent for incidents investigated last year, but according to Verizon, the decrease was attributed to a monumental increase in smaller external attacks, rather than a true reduction in insider activity. For both years, investigators found that the vast majority of internal breaches were the result of intentional malicious activity.Key conceptsThe zero-trust model aims to mitigate internal and external threats through changes in both security philosophy and network architecture. The model has three core concepts, the first of which is to ensure all network assets are accessed securely, which necessitates using encrypted tunnels.Next, limit and steadfastly enforce access control across the enterprise, which discourages insiders from abusing or misusing network resources. To do so, Forrester recommends using role-based access control (RBAC) products, which assign individuals to a role that determines what they can access.The third concept is to log and inspect internal and external network traffic. Most organizations already keep logs, but few actually go so far as to inspect them. For this piece, Forrester suggests using traditional security information management systems in conjunction with so-called network analysis and visibility (NAV) solutions, which include tools to analyze flow data, dissect packet captures, inspect network metadata and facilitate network forensic examination. Such tools can provide security practitioners with a better understanding of what is happening on a network and make it easier to monitor applications.Going beyond the three essential concepts of zero-trust, the model suggests new network architecture designs that focus on data security from inception. Historically, networks have been built from the outside in – starting with the internet connection and moving inward. Security was bolted on, in layers, after initial design. Today's networks, Kindervag argues, should be built from the inside out, starting with the system resources and data that need to be protected.“Security is so important that we need to invert the way we design networks so we can embed security into the very DNA of the network,” Kindervag says. “That's what zero-trust is all about.”
The model essentially describes how to break up aspects of a network into different enclaves and protect them, says Eddie Schwartz (right), CSO at network monitoring and analysis firm NetWitness. “Imagine islands of protection versus all-purpose layers that might fail in some way,” he says.Kindervag warns, though, that zero-trust is not about one particular solution, nor is it a one-time project. In fact, the first and most important step of adopting the model is free: Security practitioners must stop using the word “trust” as it relates to networking and security. Rather, adopt a mindset that the concept of trust is inappropriate with respect to data security, and spread the message to teams throughout the organization.Gaining supportFirst introduced before a small audience at an IT forum last May, zero-trust resonated with people, Kindervag says. The model then gained increasing support once introduced to the masses in the September 2010 paper, “No More Chewy Centers.”One such supporter is FCC Group, a Spanish construction and infrastructure company. With 93,000 employees, a footprint in 54 countries and innumerable contractors with access to the company's networks, insider and third-party threats are a major concern, says Gianluca D'Antonio, the company's CISO.| “Zero-trust helped us plug the holes..." – Gianluca D'Antonio, CISO, FCC Group |
GETTING TO ZERO: The zero-trust model
Familiarize yourself with the key concepts of the model, which include:- Ensuring all resources are accessed securely.
- Limiting and enforcing access control across the enterprise.
- Logging and inspecting internal and external network traffic.
- Redesigning networks from the inside out.
Spread the message across the organization.
Set up meetings with counterparts in networking to discuss how zero-trust can benefit the organization.
Look for subnetworks where the model can be tested.
Begin implementing zero-trust ideas, starting with the most critical parts of the network.
Ask vendors if and how they support zero-trust principles.
Create a plan to transition the entire network over the next two to three years.
– Angela Moscaritolo



