'Zero Trust': The Way Forward in Cybersecurity

This approach to network design can cut the chance of a breach.

John Kindervag, Field CTO at Palo Alto Networks

January 10, 2017

5 Min Read
Dark Reading logo in a gray background | Dark Reading

Data breaches are all over the news. Yahoo admitted that at least 500 million user accounts were affected by a 2014 cybersecurity breach. The 2016 election season was filled with revelations gleaned from stolen emails. The Justice Department, Internal Revenue Service, the US Navy, and Snapchat all suffered breaches in 2016. The list seems endless. Most significant, however, were the 2015 breaches of the Office of Personnel Management (OPM), which experienced two separate cybersecurity incidents that resulted in stolen personnel files of almost 22 million people who had undergone background investigations.

While the technology and government sectors have endured arguably the largest breaches we've seen in recent history, other businesses aren't excluded from these security disasters. In fact, 15% of global businesses estimate their company's sensitive data was potentially compromised or breached over a 12-month period, according to Forrester data. This number may be low, however, as companies traditionally do not publicly report breaches if they can avoid it. Some breaches, such as at Target, get reported in the media and then the company must acknowledge the breach. Also, new SEC rules requiring a data breach report if the breach may have material impact on the stock price has revealed other breaches that might otherwise have flown under the radar. With breaches on the rise, how can today's security professionals transition from a reactive method of security to one that proactively identifies and eliminates threats?

In the wake of the OPM breach, the US House of Representatives Committee on Oversight and Government Reform issued a report containing a formal recommendation that federal agencies should adopt the Zero Trust Model of Cybersecurity, which centers on the belief that both internal and external networks cannot be trusted. "Zero Trust," a widely accepted term originally coined by Forrester, is a data-centric network design that puts micro-perimeters around specific data or assets so that more-granular rules can be enforced. Zero Trust networks solve the "flat network" problem that helps attackers move undetected inside corporate networks so they can find and exfiltrate sensitive data The shift to Zero Trust is applicable across all industries — from government to retail, healthcare, and everything in between. Here are five steps to get companies started on the path to Zero Trust. 

  1. Identify Your Sensitive Data: This may seem simple, but it's more challenging than you might think. It's impossible to protect data that you can't see. If you don't know where your enterprise stores data, who specifically uses it, how sensitive it is, or how employees, partners, and customers use it, then you're putting your organization at risk. Before investing in security controls, companies must identify the data to protect. Once data is identified, it's necessary to make the data classification useful, and simplification is key.

  2. Map the Data Flows of Your Sensitive Data: It's crucial to understand how data flows across the network and between users and resources. Engaging multiple stakeholders such as application and network architects to create a transaction flow map is important because they bring different information to the conversation. Additionally, security teams should streamline their flow diagrams by leveraging existing models. For example, the Payment Card Industry Data Security Standard requires organizations to create data flow diagrams to help them fully understand all cardholder data flows, and ensure that they're effective in securing the cardholder data environment.

  3. Architect Your Network: The actual design of a Zero Trust network should be based on how transactions flow across a network and how users and applications access toxic data. With an optimized flow in mind, it's time to identify where microperimeters should be placed and segmented with physical or virtual appliances. For example, in a network where the compute environment is physical, the segmentation gateway usually will be physical as well. But if you've decided to adopt a highly virtualized compute environment, you may want to use a virtual segmentation gateway. 

  4. Create Your Automated Rule Base: Once the design team has determined the optimum traffic flow, the next step is to determine how to enforce access control and inspection policies at the segmentation gateway. One key principle of Zero Trust is that security pros must limit access on a need-to-know basis and strictly enforce this access control. To define these rules, the design team must have a detailed understanding of which users have access to which data. It's no longer enough to know the source address, destination address, port, and protocol. Security teams need to understand the asserted user identity as well as the application, which will often serve as a proxy for the data type in the modern segmentation gateway.

  5. Continuously Monitor the Ecosystem: Another core tenet of the Zero Trust model is to log and inspect all traffic, not just external traffic, for both malicious activity and areas of improvement. In the old broken-trust model, traffic was logged only if it came primarily from the Internet and hit edge devices. The syslog protocol would then be used to capture information that would be analyzed in a security information management tool. However, that method doesn't provide enough context to make good security decisions — internal traffic must be held to the same standards. This is accomplished because a Zero Trust network is designed so that the segmentation gateway can send all of the data flowing through it, including traffic destined for both internal and external network segments, to a security analytics tool for closer inspection.

In today's threat landscape, skilled, well-funded, organized cybercriminals are constantly working to steal vital information from businesses. Where today's security approaches fail to protect data, Zero Trust is the best, most modern way to keep your network secure.

Related Content:

About the Author

John Kindervag

Field CTO at Palo Alto Networks

John Kindervag is the Field CTO at Palo Alto Networks, where he advises both public and private sector organizations on how to solve their toughest cybersecurity challenges, including best practices in the design and building of Zero Trust networks.

Prior to joining Palo Alto Networks, John worked at Forrester Research, where he was a vice president and principal analyst on the Security and Risk Team. In his nearly 10 years at Forrester, John is best-known for creating the revolutionary Zero Trust Model of Cybersecurity. He has particular expertise in the areas of secure network design, wireless security, and voice-over-IP (VoIP) hacking, as well as a practitioner background, having previously served as a security consultant, penetration tester, and security architect.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights