Nowadays, the attack surface is larger than before, as there are now more applications, servers, users, etc. in companies. For this reason, it is necessary to limit access, granting only the permissions that are needed, to the ports that are essential and Just In Time (i.e. at the moment of connection).
This is possible with what is known as a Zero Trust environment. This has been one of the most widely deployed security solutions in virtualised and cloud environments for a fairly short time, although the concept first appeared in 2010. By 2020, 72% of organisations were expected to start implementing or considering it, according to research by Cybersecurity Insiders and Pulse Secure.
The idea of Zero Trust is that nothing and no one is trusted, even if they are inside the company network, an employee of the company or a necessary communication flow between two applications, they are not given access to the environment by default. This idea is the complete opposite of the perimeter security model that many companies have today, where the main idea is “trust and verify”.
With this type of Zero Trust environment, security breaches are reduced and more protection is offered to the organisation by reducing the complexity of the infrastructure, together with constant monitoring of the environment to deal with possible alerts. In the following image taken from Netrozome, we can see a graphical representation of a zero trust environment.
In the image above, on the left, you can see a traditional architecture where all computers, users and applications are trusted within the environment, and all connections are allowed. If an attack were to be launched against this environment and eventually gain access to a resource in this environment, it would give access to the rest of the organisation’s resources. However, on the right you can see a Zero Trust environment where connections, computers, users and applications do not have that freedom to communicate with each other. In this way, if during an attack access is gained to any resource, it would be very difficult to attempt to access the rest of the elements of the environment, as the access and communications allowed are only those necessary and the rest are rejected.
The following is a list of attacks that can be most easily stopped using a Zero Trust environment:
- Phishing through e-mails.
- Password theft.
- Database leaks.
- Unauthorised access attempts.
- Keyloggers on employees’ computers
It is essential not only to protect the business, data or customers from the outside, but also from the inside. For this reason, cloud and virtualised environments are changing the approach to defining and implementing new network and security architectures.