Zero Trust FAQ

What is Zero Trust?
What is Zero Trust?

TL;DR: Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, validated, and continuously authorized leveraging user and device trust along with device security posture against a backdrop of resource sensitivity before being granted or keeping access to applications and data.

More detail: broadly speaking, the theme of Zero Trust is the reduction of implicit trust. It is an information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads using policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates these three core principles: All entities are untrusted by default; least privilege access is enforced; and comprehensive and continuous security monitoring is implemented.

A Zero Trust framework moves away from one-time security gating decisions toward continuous assessment of the risk level of the user and device, dynamically adapting access privileges based on changes in the risk level.

What is the goal of Zero Trust?

The fundamental purpose of Zero Trust is to understand and control how users, processes and devices engage with data, thereby proactively reducing the risk of a data breach and its spread. Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, validated, and continuously authorized leveraging user and device trust along with device security posture against a backdrop of resource sensitivity before being granted or keeping access to applications and data.

Adopting Zero Trust enables organizations increase their level of continuous authorization, enabling them to respond to intrusions and exploits quickly in order to help stop attacks before they can succeed:

  • Phishing emails targeting employees
  • Lateral movement through corporate network
  • Redirecting a shell to a service to compromise a corporate machine
  • Lost or stolen application, database service credentials
  • Exfiltration of database via compromised application host
  • Compromising application host via privileged workstation
  • Using developer password to elevate application host privileges
  • Installing keylogger via local privilege escalation on workstation
What is the history of Zero Trust?

The concept of “Zero Trust” was popularized by an analyst at Forrester Research Inc, in 2010 Google was one of the first companies to take notice of the potentialities of the Zero Trust architecture. They started an initiative called BeyondCorp, and in 2014, Google implemented a de-perimeterized framework based on the Zero Trust Architecture. BeyondCorp by Google, is an implementation of zero-trust security concepts creating a Zero Trust network.

As part of the evolution of Zero Trust security, the work of National Counterintelligence and Security Center (NCSC) and National Institute of Standards and Technology (NIST) on the Zero Trust Model led to the creation of a publication titled – Zero Trust Architecture. In this publication, Zero Trust is defined as a collection of principles that can be applied to network security. The six key tenets include:

  • Defining Devices. For Zero Trust to be implemented fully, the enterprise needs to consider all data sources and computing services as resources. These may include devices that share data with aggregators, software as a service (SaaS), and different types of endpoints that connect and communicate with the network.
  • Securing Communications. All access requests from assets must meet preset security requirements. The assets may be located on enterprise-owned network infrastructure or any external network – the same security verifications must be applicable to all. Trust can never be implicit.
  • Session-Based Resource Access. Trust has to be established before authorizing access to any enterprise resource, and the trust must be applicable only for the duration of the transaction. Authorization of access to a specific resource cannot be extended to access a different resource.
  • Attribute-Based Policy Enforcement. Policy is the set of access rules based on attributes that an organization assigns to a user, data asset, or application. These attributes could be device characteristics like software version, location, time of request, etc. Behavioral attributes defined by user and device analytics may also be considered based on sensitivity of the resource.
  • Dynamic Authentication and Authorization. Granting access, scanning and assessing threats, and continually reevaluating trust must be an ongoing process. Asset management systems and multi factor authentication (MFA) need to be in place along with continuous monitoring to ensure that re-authentication and reauthorization are based on defined policies.
  • Policy Fine-Tuning. Enterprises must collect as much information as possible about the current state of the network and communications, using this data to continually improve their security posture. Insights provided by this data help to create new policies where needed and fine-tune existing security policies to enforce proactive protection.

The pandemic has accelerated digital transformation and telework on a scale never seen before. Employees are working from anywhere and collaboration in the cloud has skyrocketed. But this new environment has also expanded the cyber attack surface, compromising critical United States (U.S.) infrastructure and the lives of our citizens. The recent slew of major 2021 cyberattacks including those of SolarWinds, Microsoft Exchange and Colonial Pipeline, has moved cybersecurity improvements on the top of the agenda for the U.S. federal government.

One of the most influential catalysts for Zero Trust is the recent executive order by the U.S. government. In May 2021, President Joe Biden signed an Executive Order to strengthen U.S. cybersecurity defenses. This order requires agencies to have a plan to adopt a Zero Trust framework within 90 days. It also provides clear recommendations and timeframes for public and private organizations to implement key technology and process improvements.

As a result, a growing number of enterprises are considering adopting a Zero Trust network architecture as a key component of their enterprise security strategy.

Why do enterprises need to adopt a Zero Trust approach?

Enterprise network complexity has outstripped legacy methods of cybersecurity as there is no single, easily identified perimeter for enterprises. As a result, security teams are shifting network defenses toward a more comprehensive IT security model to secure their data and systems, which means building a dynamic, modern security architecture that builds trust on a much broader and deeper basis than traditional security measures.

The Zero Trust approach enables organizations to restrict access controls to corporate resources including applications and environments without sacrificing performance and user experience. Simply stated, it’s an approach that trusts no one.

As more and more organizations leverage cloud computing, the traditional network security perimeter has all but vanished, and security teams are finding it difficult to identify who and what should be trusted with access to their networks. As a result, a growing number of organizations are adopting a Zero Trust network architecture as a key component of their enterprise security strategy.

Why is Zero Trust a model for more effective security?

A Zero Trust approach implicitly trusts no one. As more organizations do more computing outside traditional perimeters and in the cloud, security teams find it increasingly difficult to trust or identify who and what should be allowed or trusted with access to their networks.

Without Zero Trust, users are granted privileges to infrastructure and data just once and security teams have limited visibility into what the user or device is doing. Without reverifying the risk level, the user is free to access any resources, regardless of any change in user or device trust. If a cyberattacker subverts the device or user account, then the attacker can easily move laterally and likely to go undetected, resulting in a breach.

What are the common security principles of a Zero Trust environment?
  • Least Privilege Access – any user, program, or process should have only the bare minimum privileges necessary to perform its function or task.
  • User Trust – User authentication is dynamic and strictly enforced before access is allowed; further access authorization is continuously re-evaluated – a constant cycle of access, scanning and assessing threats, adapting, and if necessary, revoking access in real-time.
  • Device Trust – Device trust complements user trust by uniquely identifying each device and quantifying its security posture. Doing so allows specification of minimum security posture levels via granular Trust-Based Access Control policies.
  • Continuous Authorization – rather than being a single event during access requests, continuous authorization changes this perspective to an on-going, real-time process where the user, device, and resource contexts are constantly being re-evaluated and access terminated if any relevant contextual factor falls below policy thresholds.
Why is Zero Trust a model for more effective security?

A Zero Trust approach implicitly trusts no one. As more organizations do more computing outside traditional perimeters and in the cloud, security teams find it increasingly difficult to trust or identify who and what should be allowed or trusted with access to their networks.

Without Zero Trust, users are granted privileges to infrastructure and data just once and security teams have limited visibility into what the user or device is doing. Without reverifying the risk level, the user is free to access any resources, regardless of any change in user or device trust. If a cyberattacker subverts the device or user account, then the attacker can easily move laterally and likely to go undetected, resulting in a breach.

What is the difference between traditional VPN products and modern ZTNA solutions?
VPNs are the traditional choice for remote access because they work well with legacy perimeter-based security models. However, they have numerous limitations that make them ill-suited to the security and remote access needs of the modern enterprise, including:

  • Perimeter-focused security: VPNs help reinforce the traditional perimeter-based security model because an authenticated user is granted full access to the corporate network. This allows an attacker to move laterally through the corporate network after gaining access via compromised VPN credentials or exploitation of a VPN vulnerability.
  • Network-level access controls: VPNs implement access controls at the network level without visibility into or control over the application layer. This provides overly-permissive access to users, granting read, write, and execute access to resources within different applications.
  • No cloud support: VPNs are typically designed to provide secure remote access to the corporate network. Often, they have limited support for cloud-based resources located outside of the traditional perimeter.
  • Poor BYOD support: Allowing BYOD devices to access the corporate VPN provides access to corporate resources from unmanaged, non-corporate endpoints. This may allow malware or other cyber threats direct access to the corporate network.
  • VPNs are complex and costly to manage and scale: VPNs require an investment in equipment, complex network security policies, along with an agent for every endpoint, which create an administrative IT support burden with the expansion of the remote workforce.

Modern remote access solutions ensure simple, scalable, context-aware and data-centric application access, directly engaging the principle of least privilege and optimizing security controls. They also address today’s complex, hybrid work environments to facilitate an adaptive, secure and flexible Zero Trust strategy. Benefits over VPN include:

  • Simple to deploy and configure
  • Easy to manage and maintain
  • Protects underlying network
  • Rapid scalability and provisioning
  • High performance for both on-premises and remote workers

See the Before and After: Banyan Delivers Remote Access

What is Zero Trust Network Access?
Zero Trust Network Access (ZTNA) is a category of technologies that provides secure access to applications and services. ZTNA allows “least privilege” access to specific applications and resources, and not the entire underlying network to any user with valid login keys, thus reducing the attack surface and preventing lateral movement of attacks from compromised accounts or devices. ZTNA builds upon the concept of “Zero Trust,” that asserts that organizations shouldn’t trust any entity, whether inside or outside the security perimeters, and instead must verify every user or device before granting them access to sensitive resources, ensuring data safety and integrity.

Unlike VPNs which grant complete access to a LAN, ZTNA solutions only permit access to those specific services that the user has been granted access to. In a ZTNA system, access depends on user and device identity, device security posture, factoring in application sensitivity, regardless of network location or application hosting model. ZTNA shifts the focus to accessing specific applications rather than creating a tunnel into your network. Security features like least privilege access (LPA), continuous authorization, device trust, granular enforcement, and dynamic trust scoring are all part of a robust ZTNA solution.

Gartner Definition:  Zero Trust network access (ZTNA) is a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.
Gartner
Why is continuous authorization with device trust important?

Relying solely on user credentials means that anyone, legitimate or not, in possession of them has unfettered access to enterprise infrastructure. Continuously re-verifying credentials, and incorporating the risk level of the user’s device provides security teams much-needed visibility into what the user and device are doing. In this model, Zero Trust employs the principle of least privilege, only giving each user access to what they need to do their job. In contrast, with a legacy VPN in place, when a cyberattacker subverts a user account or device, the attacker can easily move laterally and likely venture undetected, resulting in a breach. One example of this is the Colonial Pipeline ransomware attack in June 2021, where all it took was an inactive employee’s stolen login credentials to halt their operations, which provides 50% of the gas, jet fuel, diesel and heating oil for the Eastern United States – it remains the largest compromise of U.S. critical infrastructure to date.

What is the difference between authentication and authorization?

Authentication is the process of identifying who someone is, while authorization is the process of verifying whether a user has permission to access specific applications, resources, data, etc. First we authenticate, then we authorize.

How can Banyan Security help enterprises adopt a Zero Trust architecture?

Banyan Security is on a mission to enable the modern workforce to securely and easily access the applications and services they need while working from wherever they are. The Banyan Security Zero Trust Remote Access solution provides fast, easy provisioning of user-to-application segmentation, giving users and their devices secure, one-click access to enterprise applications resources and infrastructure from anywhere – without requiring network-centric technology such as Virtual Private Networks (VPNs). Risk and security are continuously evaluated and enforced in real-time across hybrid, multi-cloud and Security-as-a-Service (SaaS) environments.

What Makes Banyan Different?

What is Least Privilege Access?

A core principle of zero trust, which refers to the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, authorized activities.

What is Cloud VPN?

Also called a cloud-based VPN or VPNaaS, it is a newer type of VPN technology that securely connects a remote workforce to an organization’s networks, applications, and the internet through a cloud-hosted VPN.

What is Remote Access?

Remote access is the ability to access a computer or device from another device, at any time, and from anywhere. With remote access software installed on your computer, you have the freedom to access that computer, and all its files and applications, from another device and control it as if you were sitting in front of it.

What is BeyondCorp?

BeyondCorp® is a cybersecurity architecture developed at Google that shifts access control from the traditional network perimeter to individual devices and users. The goal is to enable users to securely work anytime, anywhere and on any device without having to use a virtual private network, or VPN, to access an organization’s resources.

What is VPN as a service (VPNaaS)?

Also known as Cloud VPN or hosted VPN – is a new type of VPN technology specifically designed for the cloud. A cloud VPN enables users to securely access a company’s applications, data and files in the cloud through a website or via a desktop or mobile application.