Five Key Lessons from Zero-Trust Architecture
In today's ecosystems, a single enterprise can operate multiple internal networks, remote offices with their own local infrastructure, remote and/or mobile individuals and Cloud services. According to the study published by NIST, this level of complexity is too much for legacy network security models that are based on the location of the company infrastructure and there isn’t a single, easily identifiable perimeter for all elements. Perimeter network security has also proven to be insufficient, as once cybercriminals breach the perimeter there are no obstacles in their way.
Zero-trust is a comprehensive cybersecurity paradigm covering all corporate resources and data, ranging from identities accessing the network to credentials, access management, operations, endpoints and hosting, etc. This Pulse survey highlights that 59% of decision-makers are currently implementing a zero-trust security strategy, which means 41% are yet to take this step. In addition, 35% of respondents consider this their top priority, ahead of authentication solutions (18%) or Cloud-based security services.
We need to bear in mind 5 key lessons when implementing a zero-trust model:
- Identify corporate applications and which group of users would have access to them. For example, email, Cloud applications, VPNs, etc. – all of those can be broken individually as microsegments, so each one can be dealt with separately. Microsoft 365 and employees with access to it would be a ZT microsegment. VPN access and the allowed users would be another one.
- Replace implicit trust with assessed and explicitly adaptive trust to reveal any hidden cybersecurity breaches, making it easier to manage security and risk in SMEs or large corporations. Moreover, all company employees play a key role in increasing the maturity level of this architecture, since zero-trust is not only built from outside the company but within. A zero-trust architecture needs to be implemented across all departments to help establish more secure infrastructure in the different data flows between departments and detect potential cyberattacks.
- Include multi-factor authentication (MFA), as well as the use of biometrics, to reduce the risk of credential spoofing. Zero-trust means systematically eliminating implicit trust in secure credentials, guaranteeing that users and computers are safe before accessing company resources.
- Continuously monitor the use of automation tools to observe in real time all internal network traffic, the location the connection comes from for both the user and device, and the application through which they connect. This allows you to detect any potentially dangerous connections to company internal networks and at the endpoint as the final target. Also, by obtaining traffic visibility we contextualize it.
Traffic must be protected by a next-generation firewall that has adequate decryption capabilities. This acts as the border control within an organization and allows for greater security than conventional firewalls that only provide perimeter security.
- Identify the endpoints that are being used to access the protected resource. A user with a corporate laptop, with its security managed by the company, provides more trust than someone using a personal or shared computer. Make sure the device being used to access a sensitive resource is properly protected against malware.
For Watchguard, the zero-trust architecture is the cornerstone on which the entire cybersecurity network is built, and if this model is properly implemented, it can prevent, detect and block intrusions faster and more efficiently than more traditional cybersecurity architectures and models.