Enterprise networks have undergone a substantial evolution in the last decade. Gone are the days of the “castle-and-moat” concept, where an organisation’s network security is built up primarily at the border, to defend from outside attack, and internal systems are considered to be safe and trusted.
The zero trust model requires that all systems, whether they are internally or externally connected, are treated equally and are not implicitly trusted. Identity verification is required for every person or device attempting to gain access resources on a private network. Zero trust is not vendor or equipment-specific, but a holistic approach to network security.
This model aims to protect against all threats, no matter their origin – internal threats can be just as serious as external threats. With the traditional “castle-and-moat” model, a rogue contractor or employee could very easily gain unauthorised access to internally accessible data. However, with the zero trust model, even employees are not implicitly trusted, and data that is not required for their day-to-day work is restricted.
Zero trust networks should also utilise microsegmentation. Microsegmentation is when an internal network is broken up into smaller zones to increase the number of security perimeters within the network. This reduces the possible attack surface should an attack originate from inside the network. A person or program with access to one zone should not be able to access other zones, unless explicitly required.
Networks are constantly evolving to adapt to new threats. Another recently popular technology that should be a core aspect of zero trust networks is multi-factor authentication, or MFA. Multi-factor authentication uses not only a user’s username and password to gain access, but also an authentication code sent to their phone to login. This further improves both the internal and external security of a network.
Zero trust networks employ strict monitoring and logging of all activities that are taking place on the network. This allows administrators and other security personnel to keep a careful eye on the network and immediately identify malicious activity.
Migrating a traditional “castle-and-moat” network to a modern zero trust network may seem like a significant undertaking, however you do not need to reinvent your network architecture. Zero trust builds upon the existing network by implementing more security measures in the private network. The security benefits that a zero trust implementation offers are substantial.
If you’d like to learn more about how zero trust networks can benefit your organisation, Agilient can help. Our consultants specialise in helping organisations develop strong security solutions that are custom-tailored to your needs. Contact us today.
Author: Jack Schofield, Agilient Consultant