fbpx Skip to main content

What Is Zero Trust Networking & Why Is It Important Now?

By July 26, 2021August 10th, 2021Leadership, Security
What Is Zero Trust Networking?

Maybe you’ve heard the term “zero trust networking” and wondered what it is. This term has become a little bit more mainstream over time and it’s been gaining momentum. Recently zero trust networking has come to more businesses’ attention because it was referenced in the president’s Executive Order on Improving the Nation’s Cybersecurity, to have government agencies, and those that work with government agencies, work towards a “zero trust security model”.

Let’s take some time to talk about what that is, what it means, and how that applies to us. Because whether you’re a government agency or not (or work with one), zero trust is a really important framework and concept to understand for anybody who wants to secure their network.

There are three main parts to zero trust networking:

  1. Verify user identity explicitly.
  2. Implement least privilege access.
  3. Consider everything on your network to be potentially hostile.

These principles may seem kind of extreme. Or rather, this concept has seemed extreme in the past, but it’s no longer considered overkill because of how cybersecurity threats have evolved.

Why is Zero Trust Important now?

Historically speaking, in the security realm we’ve had a mentality of “zero trust” to the internet for a long time. The point of firewalls, spam filters, and so on, has been to protect “the good guys” behind the firewall and keep the bad guys out, so what’s “inside” stays safe. This is often referred to as the “fortress mentality”. And it’s not cutting it today. The mindset that what it is “inside” is good and that what is “outside” is potentially hostile just can’t be assumed to be true anymore.

You still need your firewalls and spam filters; they certainly help to reduce risk. We need to have those external protections and those barriers as best we can. But the reality is that if somebody wants to get in, there’s probably a way in. This means we need to rethink the way that we approach our networks and the way that we secure things.

The Three Principles of Zero Trust Networking

A “zero trust” mindset changes how we deal with things inside the network or inside our own systems, whether that’s Office 365 in the cloud, or a more traditional network with your server and workstations in an office.

So, let’s breakdown the three principles of zero trust to see what’s changed.

Verify User Identity Explicitly

In the past, it was common for a new employee to get a username and password to a company’s system, as well as access to all the company’s resources – even files and systems from other departments. The idea was to enable productivity and efficiency and reduce barriers to people getting their jobs done. So make systems accessible and give everyone rights and permissions… Even if the specific person didn’t need all that access, or all those privileges. Because we trust our employees, right?

But now trusting your employee isn’t enough – you also have to verify. Identities can be stolen; user accounts can be compromised. You can’t always know for sure that the person behind the username and password is who they say they are. You don’t know which user might click on a phishing link or visit a malicious website by accident, and compromise their account credentials.

The zero-trust answer is to verify explicitly. Know who is logging in, not just with a username and password, but with additional tools like geolocation information and multi-factor authentication. If an employee is based in the U.S., but a login request to their account comes from Japan or Australia – you should probably block that.

User verification requires tying together a lot of intelligence and asking, do we think this user is who they say they are?

Least Privilege Access

The second principle of zero trust is least privilege access. Let’s go back to what I said previously about how employees used to get access to all the files and all the systems. With zero trust, we don’t do that anymore. It actually needs to be the opposite. Begin with users being denied everything, no access to anything. And then add in permissions to what they specifically need to perform their job, and nothing more.

Why? This creates isolation and shuts down unnecessary access that could be leveraged by attackers if they compromise a user account. If a person in the sales department only has access to sales files, and they get hit with ransomware – you’ll be glad you have used least privilege access, because the ransomware won’t get everything through that one user, it’ll just hit the sales department.

The point of least privilege access isn’t to keep people from doing their jobs. The purpose of this principle is to not give people access to things that they will never need.

Everything Is Potentially Hostile

And lastly, you need to consider everything in your network as potentially hostile. Because this is reality. Here you need to proactively think about how a new system, a new device, or new software could be attacked and leveraged against you. And how can these elements in your network be segmented and isolated to prevent this?

Some good examples are IP phone systems and IP security cameras. You could put these systems on your corporate network along with your server and everything else. But if a PC gets hit with an attack, you don’t want that attack to spread to your phone and surveillance systems. Segmenting various components on your network can help you protect your devices from your other devices!

How do you work towards this mindset?

So how do you “implement” zero trust? First and foremost, zero trust isn’t a product, it’s a process. No one can sell you a cookie cutter “zero trust networking package”. But experts like OXEN’s Shared CIOs can help you see where you can make changes and improvements as you work towards the zero-trust model.

Recent Posts / View All Posts

Managing Passwords

Why Are Managing Passwords So Hard?

| Business Productivity, Security | No Comments
We do most of our business online—emailing, shopping, banking, and much more. But before you take any action, you must log in with a name and password. It’s pretty routine, but with the rapidly growing number of online services that require passwords, it can get increasingly difficult when we are managing these passwords. Managing Passwords Can Be Difficult We all know that passwords are necessary to ensure that only you will access your accounts. But managing passwords can become somewhat hard, especially when you already have so many that you need to remember, and we can all relate to this,…
Best Password Management

Best Password Management for Businesses

| Security | No Comments
The best password management is important for businesses. If your passwords are weak or not stored in a safe location, hackers can easily penetrate your system, causing a myriad of damage to the company, your clients, your customers, and who knows what else. You don’t want that to happen! Fortunately, there are now a lot of reliable password management solutions that are ideal for business use. Some are browser-based, while others are applications you can download onto your computer or smartphone. But if you want the best password management solutions, go with those based in the cloud. Advantages of Cloud-Based…
Password Management

Why Businesses Need Password Management

| Business Productivity, Security | No Comments
As digital technology becomes more advanced, so do the risks of online security breaches. Cyberattacks continue to be a problem, so businesses need to implement reliable security measures now more than ever. There are many security solutions available. One of the simplest yet most effective is a first-rate password management solution. What Is Password Management? Password management is a general term that refers to the steps a business uses to keep passwords secure. It includes everything about passwords, from knowing how to pick a good one all the way to using advanced software to store and regularly update all the…