First coined by Forrester Research, zero-trust architecture “abolishes the idea of a trusted network inside a defined corporate perimeter.” Put simply, zero-trust means “never trust, always verify.” Zero-trust assumes your systems are already compromised by cyber intrusion. Under zero-trust, the enterprise is mandated to create micro-segmentation around sensitive data, backed by deep visibility into how the enterprise uses data across its ecosystem in pursuit of customer satisfaction. This combination of micro-segmentation and awareness greatly enhances security across the enterprise.
As described by O’Reilly Media, the increasingly popular zero-trust approach is based on five key premises:
The network is always hostile.
External and internal threats always exist on the network.
Network locality isn’t enough to decide trust in a network.
Every user, device, or network flow must be authenticated and authorized.
Policies need to be dynamic and derived from multiple data sources.
Bad actors can breach networks in countless ways. Granting trust to a user who was somehow accessed only one layer of your network security creates both a false sense of security and introduces multiple security gaps.
Perimeter trust ignores policy and context change. Relying on IP address data to establish local trust is insufficient protection. For instance, this ignores risk based on user type and business role and request reason (geo-location/time). In addition to security concerns, ignoring these controls also represents potential policy compliance failure.
Perimeter trust also ignores the possibility of compromised credentials. Per Verizon’s 2019 Data Breaches Investigations Report, 32% of breaches stemmed from phishing attacks, while 29% involved stolen credentials. By trusting the credentials of a single user, your network becomes susceptible to similar outside attack.
Finally, perimeter trust also ignores the existence of compromised devices already on the network. Compromised devices can be purposefully or accidentally introduced to corporate networks by countless means. Symantec's 2019 Internet Security Threat Report research indicates that “one in 36 devices used in organizations present high risk.” Such devices may include malware and other malicious software.
Zero Trust security provides defense in depth based on a handful of guiding practices.
Trusted user identities backed by strong identification, visibility & authentication,
Enable secure access to all apps on the network,
Enforce adaptive & risk-based policies at endpoints, and
Ensure trustworthy device and data transactions.
Grey Matter ensures security and access control based on zero-trust design and implementation.
Industry has signaled increased interest in zero-trust infrastructure for service-to-service mTLS connections, scheduled or on-demand key rotations, service cryptographic identifiers, observability (i.e. continuous monitoring, granular audit compliance), service level management, and policy management throughout the enterprise service fleet.
Grey Matter meets each of these requirements. Leveraging zero-trust within Grey Matter, development teams can quickly and flexibly deploy new capabilities and functions without specific instrumentation required for security or compliance. The platform enables zero-trust segmentation that enforce secure business operations while ensuring audit capture for every event in a normalized and repeatable way establishing a baseline for compliance reporting.
The concept of Zero Trust is centered on a belief that enterprises do not automatically trust systems or services inside or outside its perimeters, instead verify everything attempting to connect before granting access. Grey Matter is designed to operate using a zero-trust threat model to ensure each service and transaction running within a Grey Matter enabled hybrid mesh is appropriately protected.
Grey Matter elevates a multi-facet security model and unprecedented compliance insight into the service mesh and data layers, drastically reducing developer complexity burden. The platform enables Enterprise IT teams to continuously deploy to a common hybrid mesh while maintaining security enforcement and compliance reporting.
O’Reilly Media’s Zero Trust Networks, has perhaps the most succinct description of the principles underlying the Zero Trust approach:
The network is always assumed to be hostile.
External and internal threats exist on the network at all times.
Network locality is not sufficient for deciding trust in a network.
Every device, user and network flow is authenticated and authorized.
Policies must be dynamic and calculated from as many sources of data as possible.
The strategy is gaining popularity as more organizations take on digital transformation initiatives which are largely incompatible with a perimeter based security model.
Cloud adoption, remote users, BYOD and other trends are increasingly creating scenarios where routing traffic through a corporate perimeter (e.g. firewall, VPN) is only necessary to establish that an access request originated from a “secure” IP address.
This process, known as backhauling, reinforces the myth that perimeter based security was effective in the first place. The countless ways bad actors breach corporate networks are well understood, as is the lateral movement they take through those networks to steal data and disrupt business. Granting trust of any kind to a user who was somehow able to gain access to a network weakens an organization’s security posture in four ways.
Verizon’s 2019 Data Breaches Investigations Report found that 32% of breaches involved phishing, and 29% involved the use of stolen credentials. The right credentials alone are often the keys to a corporate network.
Symantec's 2019 Internet Security Threat Report found that “one in 36 devices used in organizations were classed as high risk. This included devices that were rooted or jailbroken, along with devices that had a high degree of certainty that malware had been installed.” Legitimate users on compromised devices can incidentally expose sensitive resources to bad actors through their own access to the corporate network.
IP addresses help establish that a user is requesting access from a “trusted network.” But relying on this data point alone results in insufficient protection of corporate resources, as doing so ignores other sources of risk based on the type of user (department, seniority, privilege), the context of the request (time of day, device, geo-location), as well as the risk of the resource (finance app. vs. holiday calendar) requested.
The myth of safety behind the firewall is a dangerous one. Without the assumption that the network has already been breached, common security best practices can be delayed or ignored because “no one will access this resource externally, and in any case it’s behind the firewall.”
Duo ensures only the right users and secure devices can access applications, providing a foundation for a zero-trust framework and securing the workforce. A comprehensive approach to securing your entire IT ecosystem requires zero-trust for the workforce, workloads and workplace.
The weaknesses of an implied or discreet perimeter based approach outlined above quickly disappear when a Zero Trust approach is taken. Compromised credentials and devices, as well as changes in context are each addressed by capabilities which should underpin any Zero Trust strategy. And when the assumption of safety behind a firewall is removed, resource owners and security teams tend to evaluate the security and risk profile of each resource quite carefully and on a regular basis to ensure sufficient protection.
Zero Trust architectures assess digital risk using a variety of signals and enforce access control decisions based on the output of those signals. The variable level of confidence provided by those signals can lead a user down a number of adaptive access paths which can include:
Allow access after reauthentication
Allow access after step up authentication
Allow access, but with certain constraints
The removal of binary trust has the added benefit of improved user experience, as adaptive access paths make it increasingly likely they’ll be able to access the resources they need with less friction overall. And the evaluation of trust at the point of each access request, as well as the continuous observation of session behavior ensures that trust is never long lived, nor is it binary, improving security in scenarios where a session or valid account may have been hijacked by a bad actor.
Zero Trust security requires the following six areas of control. Together, they provide a defense in depth approach to securing corporate resources no matter where they’re deployed and who needs access to them.
Verify the identity of all users with secure access solutions such as two-factor authentication (2FA) before granting access to corporate applications and resources
During authentication and authorization, verify the following before proceeding:
Is this user legitimate?
Was this user identified in a manner that is acceptable to the task being performed?
Is their device healthy enough for the task they are performing?
Is this user who they say they are?
Should this user have access under any circumstance?
Should this user have access given their current circumstances?
Verifying and authenticating user identity from the moment of registration to each request for access is critical to improving security. These capabilities ensure that all users (privileged and not) and all resources are protected no matter where they’re deployed.
Gain Visibility into Devices & Activity
Gain visibility into every device used to access corporate applications, whether or not the device is corporate managed, without device management agents.
Legitimate users often incidentally expose their organizations to high levels of risk by accessing resources with compromised devices. These capabilities ensure that when a device is compromised, access won’t be provided.
Protect every application by defining policies that limit access only to users and devices that meet your organization's risk tolerance levels. Define, with fine granularity, which users and which devices can access what applications under which circumstances.
Grant users secure access to all protected applications through a frictionless secure single sign-on interface accessible from anywhere without a VPN. Protect all applications - legacy, on-premises and cloud-based.
Preventing lateral movement between segments is often the most effective way to minimize the impact of a breach. These capabilities ensure that breaches are contained with access terminated as soon as malicious behavior is detected or a risk threshold is exceeded.
Attacks come from those with valid credentials as well as from the outside. These capabilities ensure that context is included in all authorization decisions and that vulnerabilities in applications and APIs are covered.
Ensure Device and Data Transaction Trustworthiness
Certain transactions pose more risk than others. Grey Matter's capabilities ensure that high-risk transactions are verified by the user while recognizing anomalous behavior.
Grey Matter inspects all devices used to access corporate applications and resources at the time of access to determine their security posture and trustworthiness. Devices that do not meet the minimum security and trust requirements set by your organization are denied access to protected applications.
Is this session still driven by the real user?
Does the amount of trust in the user identity match the level of risk associated with this transaction?
Has the request been verified?
Did the user provide consent for access, and to whom?
What transactions (READ, MODIFY, DELETE) did they consent to?
Should this data be encrypted?
Whether its sensitive IP or user data covered by one of the many privacy regimes popping up around the globe, data security has become paramount for many organizations. These capabilities ensure that data is encrypted where it needs to be, and that users are always in control of their data.
Start your zero-trust journey with a strategic deployment of global, adaptive authentication. Use this capability as the policy administration and decision point for where all risk signals and policy decision meet.