Securing the distributed enterprise

Is zero trust the answer? BY Aron Brand CTO, CTERA.

  • 1 year ago Posted in

The digital landscape of the modern enterprise bears almost no resemblance to the traditional corporate settings of yesteryears. With employees working from dispersed locations and applications hosted on cloud services rather than on-prem data centers, the challenge of security has evolved. In an age where you should always assume that at least one device on your network is compromised, how do you securely enable a distributed workforce to access resources in this cloud-centric world? One emerging strategy is zero trust architecture, an approach that's gaining momentum for its robust defense mechanisms.

UNDERSTANDING ZERO TRUST

Zero trust is founded on a simple, yet powerful, premise: never trust, always verify. This means continually authenticating and authorizing every user and device that attempts to access resources within your network. Trust is never assumed; it is continuously earned through rigorous verification protocols.

KEY CONCEPTS OF ZERO TRUST ARCHITECTURE

Here are the key concepts that make this architectural framework both robust and adaptive:

· Least Privilege Access: Under zero trust, access permissions are strictly based on need. Users are given access only to the specific data and resources essential for their tasks, nothing more. This access is frequently reviewed and modified as user roles evolve.

· Multifactor Authentication: This isn't your regular password-only territory. Zero trust mandates multiple forms of verification such as one-time codes, biometrics, and security keys, offering a more robust identity validation and safeguarding against compromises.

· Microsegmentation: The network is split into small, isolated zones housing critical resources, with extremely restricted access between these zones. This minimizes the potential for lateral movement should a breach occur.

· Pervasive Encryption: Data is encrypted both at rest and in transit using technologies like TLS, VPNs, and tokenization. Encryption serves as the last line of defense, should other security measures falter.

· Continuous Monitoring: The network is ceaselessly scrutinized for user behavior, traffic patterns, and potential threats. This real-time oversight ensures comprehensive visibility across the distributed environment.

ZERO TRUST IN THE AGE OF ADVANCED THREATS

In the current cybersecurity landscape, ransomware attacks stand as one of the most insidious threats, and they are far more complex than they seem at first glance. These attacks often unfold over an extended period, sometimes ranging from a day to even a month. Initially, a ransomware operator breaches a network and gains entry. They typically use tools like PSExec to quietly collect login credentials, enabling them to spread laterally across the network.

As ransomware operators infiltrate computers within the network, they don't just lie in wait. They actively exploit the captured credentials to exfiltrate unencrypted files from backup devices and servers. Only after securing this valuable data do they proceed to deploy the ransomware, locking critical files and systems and often demanding hefty ransoms for their release. Many victims make the mistake of assuming that once the ransom is paid, the operators are gone from the system. This belief is far from the truth, as the attackers often maintain a persistent presence, posing an ongoing threat.

This layered, complex nature of ransomware attacks underscores the need for a zero trust architecture. With its principles of least privilege access and microsegmentation, zero trust makes it exceedingly difficult for ransomware operators to propagate through a network. Even if they breach an entry point, their lateral movement is severely restricted, making it challenging to collect additional credentials or access storage devices and servers.

In addition, as generative AI technologies mature, we're seeing the emergence of AI-driven advanced persistent threats. These threats can execute complex missions, from data exfiltration to destruction, potentially combined with advanced social engineering techniques made possible by the ability of large language models to convincingly impersonate humans. Here again, zero trust proves invaluable. Its continuous monitoring and granular access controls can help in detecting and containing such concealed AI-driven threats.

Fundamentally, the guiding assumption of zero trust is that there's always a compromised device on a network. Given the complexity of ransomware attacks and the lurking presence of AI-driven threats, this assumption isn't just prudent—it's essential. Whether it's a single compromised device or a more complex network intrusion, zero trust

provides a robust framework for immediate detection and containment, making it an indispensable part of modern cybersecurity strategy.

IMPLEMENTATION AND COMPLIANCE

Deploying a zero trust architecture isn't a trivial task; it's a strategic undertaking that demands meticulous planning and allocation of resources. Initial steps encompass mapping out all assets, network flows, and data, followed by the definition of granular access policies grounded in the principle of least privilege. Multifactor authentication is then extended across all users and devices, while encryption protocols are ubiquitously implemented. The network is subdivided into microsegments shielded by software-defined perimeters. Analytic tools are deployed to facilitate real-time monitoring. This is a 12-24 month endeavor, but it will ingrain zero trust deeply into an organization's security framework.

Zero trust also significantly eases compliance with stringent regulations like HIPAA for healthcare and PCI DSS for payment data. The architecture’s inherent features such as microsegmentation and continuous monitoring are naturally aligned with the compliance requirements, reducing the compliance burden on enterprises.

CHOOSING ZERO TRUST-EMBEDDED PRODUCTS FOR ROBUST SECURITY

When selecting infrastructure and server applications, it's critical to opt for products that genuinely incorporate zero trust principles into their design. Far too often, vendors use zero trust as a mere marketing buzzword, lacking in-depth integration into their products. To discern if a product is genuinely zero trust, look beyond surface-level features and evaluate its underlying architecture.

Take for example, a data storage product equipped with antivirus features, designed to synchronize data from multiple remote sites to centralized cloud storage. A simplistic antivirus implementation might scan data solely at the source computer. This runs counter to the zero trust philosophy of "never trust, always verify," because it assumes that the source computer is inherently secure. A true zero trust approach would necessitate scanning for viruses both at the source computer and again upon arrival at the cloud storage. This dual-layered scrutiny ensures that the centralized storage remains secure even if the source computer is compromised.

CONCLUSION

How does one secure a distributed workforce in this complex, ever-evolving digital environment? Zero trust offers a robust framework, tailored for the challenges of the cloud age. It employs a foundational assumption of universal mistrust, augmented by multifaceted identity verification, intricate network segmentation, ubiquitous encryption, and vigilant real-time monitoring. As the cyber threat landscape continues to mutate—especially with the proliferation of ransomware and AI-driven advanced persistent threats—zero trust isn't just a contemporary remedy. It's a long-term strategy that will only escalate in strategic importance for any forward-looking enterprise.

Implementing zero trust isn't a one-time endeavor but a continuous journey—perhaps a never-ending one. It's also a careful balancing act. While the aim is to establish as secure an environment as possible, there's a counter-need to ensure that these security measures don't cripple user productivity. Stringent controls can often become hindrances, causing friction in day-to-day operations. Therefore, it's essential to strike a balance, making incremental changes while continuously monitoring their impact on both security and operational fluidity.

Moreover, when you're in the market for new infrastructure or considering an upgrade, it's crucial to think of zero trust as part of the foundational design, not just an add-on feature. Whether you're purchasing data storage solutions, networking hardware, or server applications, scrutinize how deeply zero trust principles are integrated into the product. True zero trust is not just about security features but about a holistic approach that interweaves security into every aspect of an organization's digital framework.

As you navigate the tumultuous waters of today's cybersecurity challenges, zero trust stands as a reliable compass. It's a long-haul commitment that demands both vigilance and adaptability, worthy of being a cornerstone in the security strategy of any modern, forward-thinking enterprise.

By Darren Thomson, Field CTO EMEAI, Commvault.
By Oliver Feiler, Head of Global Alliances and Strategic Partnerships EMEA, Nozomi Networks and...
By David Higgins, EMEA Technical Director at CyberArk.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical...
By Danny Lopez, CEO of Glasswall.
Nadir Izrael, Co-Founder and CTO at Armis discusses the importance of critical infrastructure...
By Darren Thomson, Field CTO EMEAI at Commvault.