Zero trust’s impact: data-centric, scalable, practical, and secure
Apr 04, 2022
For the modern enterprise, the Zero trust model is transformative. Zero trust changes work, device security, and connectivity.
Zero trust enables the new way of work, from workspace to device to connectivity.
The new workplace is hybrid, and enterprises must support employees working from anywhere. Zero trust security is attuned to the way people work today. Legacy security is not. Today, work is performed on the internet, outside the “securable” perimeter of a corporate network. Employees work from the office, from home, from an airplane. On a tablet, on a phone, on a laptop. A legacy model cannot easily scale to secure this way of work, since every VPN node extends perimeter further. (In a legacy environment, every new coffee place from which an employee connects to the network becomes a new endpoint within the network boundary, for instance. Who wants to tell Jane in IT that she now needs to secure the Starbucks in the Denver airport?)
Zero trust adapts security (strong security, mind you) to specific online activity, and transforms the way different devices can be protected. A cloud-delivered Zero Trust Architecture (ZTA) service is device-agnostic. In practice, that means zero trust security policies can be applied to any user connecting via the service, regardless of the device the user employs. Perhaps more importantly, user experience is preserved, since security is proximate regardless of location or device. In other words, a user gets the same good connectivity performance if working remotely or at headquarters, and regardless of the device that user happens to employ to connect.
This zero trust device-agnosticism is especially important in manufacturing and internet-of-things (IoT) environments. Every remote shop-floor operations technology (OT) device or remote IoT sensor provides data that must be secured. Connecting those devices to a legacy corporate network puts them at risk of attack. A zero trust model shields them, ensuring they operate without potential interference from prying eyes.
Zero trust transforms connectivity. In a zero trust model, connectivity is direct and ephemeral. A user connects to a resource, performs their work, and the connection goes away. Connectivity is direct: The SSE-based zero trust service not only secures outgoing and incoming data, it routes the user’s traffic directly to and from the requested resource (e.g., internet destination, cloud-based app, datacenter-hosted private app) via an optimized route. And it’s not just about routing user connectivity. Zero trust is equally applicable to application-to-application and workload-to-workload communications.
Zero trust security: less exposure, limited blast radius, comprehensive monitoring
In a ZTA environment, the internet acts as the equivalent of a network backbone: Data -- blessed by proxy-based security policy -- travels directly to its destination (including corporate data center or private-cloud-hosted resources) via internet exchanges, alleviating an organization’s need for physical (read: MPLS) network infrastructure.
Threat actors attack what they can see. A ZTA model obscures devices, systems, users, applications, and workloads behind that scalable, cloud-edge-served proxy-delivered security. There’s no endpoint IP address exposed to the world. That “darkness” represents quite a disincentive to hackers. If they can’t find a target, what do they attack? (Legacy systems, obviously.)
In a zero trust environment, the network is effectively supplanted: There’s no visible connection persistence. In this way, any potential damage is minimized. If an attacker somehow breaches the zero trust defense, that threat actor (or more specifically, the threat actor’s malware) cannot move laterally “east/west” to other systems within an organization’s corporate network…because there isn’t one. Contrast that with recent ransomware attacks, where cyber criminals -- once inside a perimeter -- move from system to system within the corporate network and seize data with impunity.
Lateral movement risk can be explained with a metaphor: a tour of headquarters. A visitor arrives for a meeting in room #23. In the “legacy” way of securing things, the visitor, once assigned a visitor badge, is given free range to move around unescorted through the entire building. In FIgure X below, the green-circle visitor has wandered away from meeting room #23 and entered room #20. This is (obviously) analogous to a castle-and-moat security environment: Once inside the perimeter of a corporate network, a threat actor is viewed as “trusted,” and can move from connected system to connected system, infecting each at will.
Figure 1. In the castle-and-moat environment HQ visitor analogy, the green-dot visitor – once inside the office – has the run of the building, and pops in to office #20, even though office #23 is their stated destination.
Now let’s look at that same analogy for a zero trust environment. (See Figure 2 below.)
In the zero trust “office,” the visitor arrives at the front door, is identified and context-analyzed. The “green-dot” visitor receives an escort directly to and from office #23. That visitor is unable to travel anywhere else in the building.
Figure 2. In a “Zero Trust Office” analogy, the green-dot visitor is escorted (by blue/red dot) directly to and from their office #23 destination.
Perhaps zero trust’s most compelling security benefit is the control it provides, particularly when it comes to monitoring. In a ZTA environment, resources may be invisible to the outside world, but data traffic is comprehensively visible to management, enabling IT leaders to audit cloud and internet access, and manage traditionally “rogue” IT activities (like unauthorized third-party development or uncontrolled outside-the-perimeter work).
 To be more accurate (and perhaps carry the “Zero Trust Office” analogy to an absurd end), the visitor would be blindfolded. And the other rooms would be invisible. As would be the building. And the hallway would vanish when the visitor left the building. And this metaphor has officially jumped the shark.