In today’s economy, businesses can’t afford to neglect their cybersecurity architecture. According to a recent report, cybercrime damages are expected to reach $10.5 trillion annually by 2025. Attacks are more frequent and damaging, thanks partly to the difficulty in establishing a solid security perimeter around a modern enterprise network. With Internet of Things (IoT) device usage on the rise and networks expanding to include remote branch offices and edge data centers, it can be impossible to clearly define the boundaries of a network, let alone effectively defend those boundaries. For example, many organizations use tools like Citrix to enable secure remote access to enterprise resources, but recently, high-risk vulnerabilities were discovered in several Citrix gateway products. The very tools we rely on to defend our expanding perimeter may leave us the most exposed to attacks.
The zero trust security methodology was created to address the challenges involved in traditional, perimeter-based defense strategies. This post defines a zero trust security architecture, discusses some of the gaps typically left in such an architecture and provides tips for avoiding these pitfalls.
| Table of Contents: |
What is a zero trust security architecture?
A zero trust security architecture is designed around the principle of “never trust, always verify.” Traditional security architectures assume that every user and device should be implicitly trusted as long as they’re inside the organization’s network perimeter. That assumption leaves compromised accounts and malicious insiders free to move laterally around the network, accessing and exfiltrating data or executing ransomware in the process.
On the other hand, a zero trust security architecture assumes that every account and device is already compromised unless trust is continuously established. The zero trust methodology was founded by Forrester analyst John Kindervag in 2009; the same year, Google’s BeyondCorp project launched with the sole purpose of defining and developing a zero trust security architecture.
Zero trust uses network micro-segmentation, advanced authentication, Layer 7 (application-level) threat monitoring, and highly-granular security policies to verify trust and prevent lateral movement. Risk is calculated for each resource on the network, and then micro-perimeters of specific security controls are built around the resource micro-segment. Users and devices must establish trust each time they hit a micro-perimeter no matter how elevated their accounts are or where they’re accessing the network from, making it easier to spot and disable a compromised account. This is how a zero trust architecture limits the blast radius and duration – and thus the cost – of cyberattacks.
.
| Tips for building a zero trust security architecture |
Tips for implementing zero trust without gaps
Zero trust is not a single solution to purchase and deploy in your enterprise – it’s a combination of tools, policies, and proccesses that contribute to a more resilient network. The complexity of a zero trust architecture makes it prone to gaps. For example, manually configuring and managing so many moving parts increases the risk of human error. Additionally, zero trust doesn’t prevent 100% of attacks, but many organizations lack a comprehensive recovery plan. Plus, you can’t have a zero trust environment unless you isolate all administrative interfaces for infrastructure.
During the planning stage of your zero trust security implementation, you should keep the following three questions in mind:
- How will you manage so many different policies and solutions?
- Do you have tools to aid you in recovering from a successful attack?
- How will you protect your control plane from malicious actors on your network?
Addressing these challenges with the following best practices will help you build a successful zero trust security architecture.
Reduce human error with centralized orchestration
A zero trust security architecture includes hundreds or thousands of individual security policies and solutions. Configuring and managing this architecture is a monumental task prone to human error, leading to potential vulnerabilities. According to Microsoft, configuration errors cause 80% of ransomware attacks, making human error a major threat to network resilience. The best way to reduce complexity and prevent mistakes is to be able to see and manage all your solutions from one place, with the ability to automate regardless of skill level.
A centralized security orchestration platform allows administrators to configure, monitor, deploy, and automation all their zero trust solutions from a single place. The best practice is to use a vendor-neutral platform that integrates with third-party zero trust vendors for identity and access management (IAM), next-generation firewalls (NGFWs), and more. Such a platform allows organizations to build bespoke micro-perimeters using the preferred solutions, regardless of vendor, and still manage the entire architecture from a single pane of glass. Plus, with a holistic view of the security architecture, organizations gain a more accurate perspective on their overall security posture and have the context needed to spot systemic issues or subtle indicators of a breach.
Prioritize incident response and recovery planning
According to a recent report from Check Point Research, the global volume of cyberattacks reached an average of 1168 per week per organization in Q4 of 2022. That means there’s no question of “if” a breach will occur, only “when” it will happen. It’s essential to consider incident response and recovery when you build your zero trust security architecture to reduce the cost of an attack.
Research from Sophos found that 70% of organizations hit by ransomware took longer than two weeks to recover, implying they didn’t have the right recovery architecture in place. Downtime gets more expensive the longer it goes on, so organizations must improve their recovery capabilities. For example, data backups are critical to recovery efforts, so they must be protected by zero trust authentication and policies to prevent compromise or corruption. In addition, backup data, systems, and infrastructure must be validated with security scans before they’re restored to ensure they don’t reinfect the network with malware. Getting business back up and running as soon as possible will decrease the cost of cyberattacks, which means a recovery toolkit is an essential component of a zero trust architecture.
Secure the control plane on a dedicated OOB network
The management interfaces used by administrators to control network infrastructure are often excluded from cybersecurity planning because because end users don’t access them. Only admins have usernames and passwords, and they trust their own security hygiene, so they (incorrectly) assume these interfaces are safe. If zero trust policies aren’t applied to the control plane, a compromised administrator account could completely wipe out your infrastructure and gain unfettered access to sensitive data and backups. The blast radius of such an attack would be devastating and severely hamper recovery efforts.
A recent CISA directive provides guidance for reducing the risk of open management ports. The best practice for a zero trust security architecture is to keep the control plane on a separate, out-of-band (OOB) network. An OOB network uses dedicated infrastructure that’s isolated from the production LAN, preventing lateral movement by attackers. This also allows administrators to perform recovery operations even when ransomware or hardware compromises bring down the production network. In addition, zero trust policies and controls must be applied to the OOB control plane to prevent a compromised administrator account from gaining too much access.
| Tips for building a zero trust security architecture |
|
The zero trust methodology asks us to assume that devices and accounts are already compromised, and attackers have breached the network, requiring everyone to continuously prove trustworthiness before accessing enterprise resources. A successful zero trust architecture is unified by a vendor-neutral orchestration platform, prioritizes business resilience and recovery, and secures management interfaces with the same strict policies and controls as the production network.
Build your zero trust security architecture with Nodegrid
Building such an architecture is easier with the Nodegrid solution from ZPE Systems. Nodegrid is a vendor-neutral security orchestration platform that delivers unified control of the entire architecture of zero-trust policies and controls to reduce complexity and mitigate the risk of human error. Nodegrid branch gateway routers and serial console servers provide secure OOB management, so you get an isolated control plane without deploying an entire secondary network. You can even use Nodegrid to build an isolated recovery environment (IRE) to streamline ransomware recovery and reduce the business impact of attacks.
Learn how Nodegrid delivers unified orchestration and out-of-band management!
Nodegrid delivers unified orchestration and out-of-band management to help you build your zero trust security architecture. Contact ZPE Systems today to learn more.