Zero Trust is a lucid thing to understand, it is a framework for securing organisations in the cloud and mobile world that asserts that no user or application should be trusted by default. Following a key Zero Trust principle, least privilege access trust is established based on context with policy checks at each step.
Key components of Zero Trust
Authentication, process, policy, verification and most importantly enforcement, are the fundamentals of a Zero Trust network which comes with the advantage of functioning as per the activity logs of the user. Apart from these, user analytics, device, network application analytics and visibility, automation, and orchestration are the parameters responsible for the Zero Trust component.
User authentication is based on multi-factor nowadays, two factors are considered, not only the OTP but also authentication via Gmail or office mail. Analytics is done by machine learning system, considering what are the output, continuous or recurring, also what came out in the market is also Identity Access Management, but we are using a much more advanced technique called Adaptive Identity Access Management, containing two Matrix, one being Vectors, and another called Identity, both contributing in giving out the desired output; and the device is trusted by device management, device compliance, device authentication. Micro-segmentation is also important to the server part, it is the same as a concept controller and gateway but in between application and database. The MAC address has to be taken and it has to be mapped so that if by any chance the id gets hacked at least if the user is authenticated the device is not authorised to access, making the three crucial parameters the Zero Trust component.
Secure remote connectivity
The policy engine, policy decision, and policy administration help in the secure connectivity of various networks remotely, ensuring that the VPN connector to the data server center is authentic, by generating a multi-factor authentication, following protocols of user-device authentication, and scanning for malware. The user information after authentication is sent to the data panel from the control panel and works as a software-based dynamic firewall. This process is broadened into two categories called, Data Plane (used for data communication) and Control Plane (device/ user authentication).
Software-defined parameter
Today 1024 users are connected to VPN and out of the 14,000 of their employees 10,000 are using VPN. After the circular being released by the government stating “VPN for the government employees must be stopped” finding a new alternative came up as a challenge. This is where “Software Defined Parameter”, which is a part of Zero Trus.t came to the rescue and replaced VPN, VPN worked in layers 3 and 4 but this works in policy layer 7, which means that one has to have two VMS or VM in your controller which may or may not be in the premises, the gateway is another important factor which must be a part of the data center or cloud. By ensuring these two measures we are confident that even if the device is compromised, the hacker unaware of the agent’s policy cannot get into the server and the data will be safe.
Analytics and automation
Analytics capability helps to bridge existing security solution silos. Aggregated application deployment, usage, device security, and end-user experience details help to better understand the performance and security of the digital workspace environment.
Five elements are taken under consideration when it comes to analytics and automation, including device trust (device management, authentication, compliance, inventory), session Trust (micro-segmentation, transcript encryption, session protection) data trust (protecting data at rest, integrity, DLP, classification), user trust (password less authentication, MFA, conditional access, dynamic risk score) application trust (any device access, single sign-on).
Conclusion
Today over 60-70 percent of the workforce is working remotely, Many companies in the US have shifted to small workspaces because the cost is reducing, this is the way the parameter process will phase out and facet technology will come in. Zero Trust is remote browser isolation, if we use open sources like GitLab there is no authentication; so the remote browser isolation is your browser when it goes to the service provider browser, it will send the data to your network and then bring and dump the data as a pixel.
Zero trust workflow
- Grant access
- Validate trust
- Gather Analytics
- Build Automation
(Compiled by Sunidhi Malla)
(These are some edited excerpts from Debojit Maitra’s address on ‘Mitigating Security Risk with the Zero Trust Approach’ at Tech Senate 2022).