What if your company approached cybersecurity like the board game Clue? It starts off with the assumption that someone bad is already lurking inside the fictional house.
In fact, they’ve already committed murder. Instead of trying to keep the bad person out of the house, players have to figure out where they are in the house, who they are, and which weapon they’re brandishing.
Is it Col. Mustard in the conservatory with the wrench or Mrs. Peacock in the library with the revolver?
Zero Trust takes a similar approach to infosec: stop trying to keep bad actors out of your network; assume they’ve already infiltrated it. As Mulder would say on The X-Files, “trust no one” with your data or your network — not even your own staff members.
Zero Trust — or BeyondCorp?
According to CSO Online, John Kindervag (now field CTO at Palo Alto Networks) coined the term Zero Trust in 2010 when he was still a Forrester analyst.
Also in 2010, Google started developing something called BeyondCorp after Chinese hackers breached the company’s system and stole intellectual property. BeyondCorp is basically Google’s own in-house version of Zero Trust.
What it means
Zero Trust isn’t a product or a solution; it’s a philosophy and a strategy. As Kindervag wrote in a 2015 Forrester report, Zero Trust is based on concepts such as:
- A security perimeter “is not only unenforceable, it does not even exist” because today’s networks are “now highly bifurcated and distributed”
- The traditional infosec model that trusts internal networks by default and automatically mistrusts external networks is “a flawed trust model”
- Zero Trust is data-centric, so network access is granted to packets, not to people, locations or devices
- Infosec pros must monitor all networks at all times and remain constantly suspicious (not just vigilant, but suspicious)
- Infosec teams must maintain an in-depth understanding of their firm’s sensitive data: what it is, where it is and the potential damage its breach would cause
Similarly, a 2014 Google whitepaper on BeyondCorp advised enterprises to “assume that an internal network is as fraught with danger as the public Internet.”
How it works
Kindervag argued that Zero Trust requires three ingredients:
- Next-Generation Firewalls: Besides providing encrypted tunneling, NGFs also decrypt VPN traffic and inspect it for threats; NGFs must be placed “at the centre of a network instead of at the edges where they are far away from the data they need to protect”
- Virtual Network Infrastructure: VNI automates and orchestrates the manual tasks of “segmenting your networking into a series of micro-perimeters and monitoring sensitive data assets”
- Network Orchestration Solutions: These use physical and virtual network components to “automate and orchestrate the infrastructure to deliver the right services for each user”
In a March 2018 blog post updating Kindervag’s original points, principal Forrester analyst Chase Cunningham wrote that Zero Trust needs the following elements: multi-factor authentication; single sign-on for users; some form of machine learning or automation; and correlation between access and users (such as an integrated analysis of who’s doing what, where and why).
One upside to adopting Zero Trust is that you don’t necessarily have to go out and buy a whole whack of new cybersecurity products.
“Vendors have even banded together to create partnerships which essentially offer off-the-shelf Zero Trust solutions,” Kindervag pointed out in a Forrester report. “Most modern security controls fit nicely into a Zero Trust network when one considers them systematically as part of a holistic solution instead of as standalone products.”
As for Google, it says via its whitepaper that one of BeyondCorp’s main benefits is the ability to ditch virtual private networks entirely, since “access depends solely on device and user credentials, regardless of a user’s network location.”
Adopting Zero Trust is no trifling task. It took Google six years to migrate its staff to BeyondCorp. The process entailed weaning employees off VPNs, replacing several device inventories with one central system, and overhauling Google’s HR by analyzing each person’s job function “and cross-referencing this information against the workflow qualification” required for network access.
One tenet of BeyondCorp different from Zero Trust is that “only a device that is procured and actively managed by the enterprise … can access corporate applications.” Translation? Absolutely no outside devices allowed for Google employees when touching Google assets.
Whether you call it Zero Trust or BeyondCorp, it’s an approach that demands inward reflection and internal reshaping on the part of enterprise organizations. It’s all aimed at disarming Col. Mustard or Mrs. Peacock, and blocking them from the most valued people and possessions inside the house.