It could be argued that Zero Trust Architecture (ZTA) is in many ways a logical response to several market drivers that have emerged in recent years.
Increasingly diversified enterprise networks that incorporate all manner of consumer and business devices, operating on public and home networks as well as within the traditional ‘office’ environment have caused a crisis in network trust.
This network diversity has become a focal point for attackers, aware that credentials can be obtained via phishing attacks, and privilege escalation combined with lateral movement can expose even the biggest and best-protected corporate networks.
Some may welcome the push to ZTA, but at the core of this paradigm, the questions of identity, trust, and particularly visibility are very familiar topics indeed for CISOs and security professionals.
Identity – Not So Straightforward
Identity would seem to be a question that has been conclusively resolved in the distant past – simply implement robust Identity and Access Management (IAM) and Multi Factor Authentication (MFA) – but the reality is increasingly complex.
Digital credentials and identities are multiplying exponentially. A recent report found that the average staff member has more than 30 digital identities, and network devices and applications have credentials too.
Sixty-eight percent of non-humans or bots have access to sensitive data and assets. This is not a challenge that is set to reduce in the coming years, as the requirement to rapidly process and analyse sophisticated datasets is increasingly cemented as a cornerstone of business, from SME to global enterprise.
Trust – No Longer Static
The traditional view of network security – now inverted by ZTA thinking – was that once granted access, users could act as they pleased, with only the most egregious actions likely to draw the attention of IT admins and cause access to be revoked.
In a ZTA world, the opposite should now be the case, where network access is linked with good behaviour, and bad behaviour will automatically cause access to be blocked.
That level of real-time automation and feedback is essential, especially when considering newer concepts such as continuous trusted access, where risk-based authentication is contextualised and analysed on a trust basis.
Continuous trusted access is where the network reacts dynamically to changing user risk, assessing different user actions based on a standard model of behaviour, and allocating a trust weighting to this.
Immediately after initial authentication, trust may be high, but user actions that are risky, such as joining a public network, will dynamically erode that trust. A session might be extended if risks are remediated by the user or cancelled if not – a continuous evaluation of context and access.
Visibility – The Core of Zero Trust Security
The third part of the puzzle, and the most important, is visibility, both of the network performance, potential threats and the like, but also of the user identities active on the network and a host of other factors too.
Without highly granular visibility of job roles, their required access, and even bots and their access requirements and credentials, trust and identity can only be effective up to a point. Software-based micro-segmentation is often regarded as a best-practice technique here but gaining the correct level of visibility is key.
Indeed, the sheer scope of visibility required is extensive. Assets must of course be visible, both on-premises, cloud-based, and hybrid, not least so that a proper risk assessment can be made.
This also plays into the visibility of the threat trail, to ensure the fastest incident response possible. Enterprises also need excellent visibility into cross-segment traffic, and the ability to customize the visibility of subnets, endpoints, applications, and other managed resources can play a crucial role here.
Visibility into any misconfigurations that may create vulnerabilities is also vital, for obvious reasons, as is the constant monitoring of compliance, especially in larger organizations and those with an enhanced compliance risk profile.
An often-ignored element here is the human one – creating the telemetry streams and network agents to gather this visibility data is only part of the puzzle. Displaying it in an easily legible and actionable single dashboard is a vital component.
Data without visualization and context can be more of a burden to your security team than no data at all!
AI and Visualization – The Ultimate ZTA Enablers?
Understanding how enhanced visibility can be used as a tool to mitigate risk is a crucial element in the journey to ZTA. And it is also a fundamental building block of a viable security posture for the future.
Rapidly improving AI and visualization tools are already beginning to deliver on the promise of granular visibility as an actionable tool, but there is plenty of work that can be done to reduce risk and improve the foundation of network trust through visibility requiring far more prosaic technology and tools.
By Rajesh Khazanchi, Co-Founder and CEO, ColorTokens.
