BSGTech Blog

BSGTech has been serving the Chicagoland area since 2009, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Understanding Zero Trust Security and Why It Works

Understanding Zero Trust Security and Why It Works

Zero trust security is an invaluable approach that helps significantly boost how protected an organization is against threats. Nevertheless, many people may need to become more familiar with the term or what it entails. Let’s take a few moments to review the concept and clarify how beneficial it can be.

Zero Trust Security: What it Is, and How it Works

You can almost think of a zero trust security strategy as actively implementing the phrase, “Trust no one.”

The development of zero trust security is actually closely tied to the growth of remote work. Back when teams worked at the office, hard stop, it was relatively easy to secure a business network. You could establish a perimeter to keep threats out, reinforce it with a ton of protections, and be confident that everyone inside was confirmed to be a trusted team member.

However, once the Internet advanced to the point where it was relatively accessible outside of the business setting, the idea that work could be done anywhere was too appealing to waste the opportunity—despite this breaching the perimeter. Virtual private networks (VPNs) helped to an extent, but as greater and more powerful threats developed it was soon apparent that a perimetered network simply wasn’t a viable option.

The term “zero trust” actually dates back to 1994, when Steven Paul Marsh included the phrase in a doctoral thesis on computer security for the University of Stirling. This thesis, titled Formalising Trust as a Computational Concept, focused on creating a proposed mathematical model to assist distributed artificial intelligence in its calculations. Greatly simplified, this model seeks to quantify trust so that AI can consider it as another variable.  

However, it wasn’t until 2010 that John Kindervag combined two years of effort and research at research and consulting firm Forrester to produce a report. In this report, No More Chewy Centers: Introducing the Zero Trust Model of Information Security, Kindervag presented the Zero Trust Model. 

The Concepts of the Zero Trust Model Should Sound Familiar

Kindervag’s report outlined the three core tenets of the model:

  1. All resources must be accessed securely, regardless of location.
  2. Access control and the principle of least privilege must be implemented.
  3. All traffic needs to be inspected and logged.

These same principles began to appear in new policies and publications, from Google’s BeyondCorp initiative that reinforced the importance of the above tenets (never using the phrase “zero trust,” however) to the standards that the National Institute of Standards and Technology—NIST—proposed in 2020’s publication Zero Trust Architecture.

It is NIST’s report that adds the following assumptions to the above tenets (we’ve added a bit of clarification to each):

  1. The entire enterprise network is not considered an implicit trust zone.
    As we said before, it isn’t uncommon for an attacker to sit and wait on a network for a while, observing what they can.

  2. Devices on the network may not be owned or configurable by the enterprise.
    Bring Your Own Device is a common tactic that many businesses use to reduce costs. As a result, networks have expanded past what they used to contain.

  3. No resource is inherently trusted.
    Spoofing now allows attackers to pose as someone else. That someone else could be anyone from the CEO to the new hire.

  4. Not all enterprise resources are on enterprise-owned infrastructure.
    While not aligned with best practices, it is safe to assume that some documents exist on individual devices, not the business network. Some of these devices could be those used under a BYOD policy.

  5. Remote enterprise subjects and assets cannot fully trust their local network connection.
    Whether working from home or traveling, any network could have threats hiding on it. Therefore, the appropriate protections are necessary to protect against these threats.

  6. Assets and workflows moving between enterprise and non-enterprise infrastructure should have a consistent security policy and posture.
    Regardless of where technology is used, the same practices and safeguards are critical to protect your organization.

When it all comes down to it, it’s less “Trust no one” and more “Protect and verify.”

Zero Trust Security is So Important Today

Security precautions have undoubtedly improved over the years. Unfortunately, the same can be said of the threats that target businesses. At this point, zero trust is practically the only feasible option for a modern business—at least, one concerned with protecting itself, its data, and its customers and clients.

BSGtech is here to help. As a part of our managed services, we’ll help you ensure your business’ data and infrastructure are locked down, regardless of where your team works. Learn more about how we can keep you protected by calling (866) 546-1004.

Software that Allows You to Have More Fun in Your ...
How to Conduct a Successful Social Media Detox
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, 23 November 2024

Captcha Image

Mobile? Grab this Article

QR Code

Customer Login


News & Updates

BSGtech (formerly Business Solutions Group) is proud to announce the launch of our new website at www.bsgtech.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more infor...

Contact us

Learn more about what BSGtech can do for your business.

BSGtech
800 E. Business Center Dr.
Mt. Prospect, Illinois 60056

123 W Madison Street, Suite 1700
Chicago, Illinois 60602