Streamline and Unify Your Security Infrastructure with Zero Trust

The coronavirus (COVID-19) pandemic is forcing companies to completely rethink their workplace. Work-from-home (WFH), which used to be a model mostly for remote employees or used on an occasional basis, has very quickly become the recommended and preferred approach across many large organizations, for all employees. And while we hope and expect the pandemic to subside in the weeks and months to come, some of these work habit changes may never go back to “how it used to be.”

This sudden and significant shift imposes a significant burden on IT and InfoSec teams. Legacy approaches to IT have required a different infrastructure and a different security framework for employees accessing applications and services when on the “intranet” versus when on the “internet.”

One example of this is having a dedicated VPN infrastructure for remote employees. With the sudden push towards WFH, this approach severely tests the limits of traditional IT and security frameworks, not just in terms of scaling the infrastructure to accommodate the rapid shift towards WFH, but also in terms of the human resources needed to manage, monitor and secure the infrastructure, data and applications. And while the impact of the pandemic is at once sobering and humbling, bad actors are not about to give up on what they perhaps perceive as a huge opportunity to take advantage of a strained, tested and constrained InfoSec team and infrastructure.

As an example, fake COVID-19 maps are being set up that are acting as droppers for malware. Unsuspecting users who are seeking information on the COVID-19 spread are being enticed to download these maps, resulting in their systems being compromised (see this KrebsOnSecurity post). The end goal in many cases is credential theft, such as stealing usernames and passwords. These same users may then come in on the intranet, and with the implicit trust of being on the intranet, gain access to systems that can then be easily compromised. Many other such schemes are being rapidly deployed by bad actors to take advantage of unsuspecting users and thinly stretched IT and InfoSec teams.

In the face of this shift, the move toward a Zero Trust (ZT) architecture takes increasing importance. The basic premise of Zero Trust is to eliminate implicit trust associated with locality of access, and move the emphasis towards protecting assets, not network segments — assets being users, devices and applications. In other words, Zero Trust assumes there is no implicit trust granted to assets based solely on their physical or network location. The four key principles encompassing Zero Trust are:

1. Identify all assets and their access/communication patterns
2. Deploy/enforce VERB authentication, authorization and access control of all assets
3. Encrypt all data flows regardless of network location
4. Monitor data flows and assets to detect changes, violations or anomalies

The end goal here is to have a unified security framework for all assets. In doing so, IT and InfoSec teams can reduce the burden of dealing with different infrastructure for users on the intranet versus internet, provide a unified experience to users independent of the locality of access, and have one consistent framework for security. In a world where the workplace is increasingly shifting toward a “work anywhere” model, moving toward a ZT architecture simply makes sense.

To be sure, moving toward a ZT architecture requires more than a night and a weekend. ZTA is a journey that requires organizational commitment. Severe dislocations, such as that caused by COVID-19, force organization to adopt such policies with surprising urgency. For organizations that embark on the journey, the worry and difficulty can result in a more secure, more reliably high-performance network of assets. And your organization can embrace the journey with a few key steps:

1. Map out your assets. Leverage nonintrusive techniques such as network metadata for visibility, along with leveraging host/endpoint-based approaches.
2. Discover and understand asset communication flows and patterns. Once again, monitoring network traffic provides an excellent approach for gaining this insight. This is important in order to define the right access control policies. Not understanding this can lead to potential disruption in the business.
3. Implement authentication and access control policies based on your discovery. For legacy devices and applications that can’t easily be authenticated, isolate them on different segments of the network and monitor and control all access to and from them. 
4. Set up a continuous monitoring strategy. Monitor network traffic, as well as log host/endpoint data. Use tools that can work off this data to analyze it, and surface incidents and violations of the policy.  

Zero Trust is a journey that requires significant thought in terms of executing to the above steps. Many organizations have in the past delayed this initiative. With the workplace being completely reimagined due to the tragic disruption of the COVID-19 pandemic, the need to streamline and unify the security infrastructure of organizations is perhaps never as urgent as it is now.  

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today