The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.
Titled “Embracing a Zero Trust Security Model,” the document details the benefits and challenges of the security model, and also provides a series of recommendations on the implementation of Zero Trust within existing networks.
Leveraging a set of system design principles and a cyber-security management strategy, the Zero Trust model assumes that a breach has occurred or is inevitable and eliminates trust in systems, nodes, and services, requiring continuous verification through real-time information.
Zero Trust allows administrators to limit access and control the manner in which devices, processes, and users engage with data, to eliminate the abuse of compromised credentials, along with remote exploitation, and insider threats.
“Systems that are designed using Zero Trust principals should be better positioned to address existing threats, but transitioning to such a system requires careful planning to avoid weakening the security posture along the way. NSA continues to monitor the technologies that can contribute to a Zero Trust solution and will provide additional guidance as warranted,” the NSA notes.
Addressing the modern threat environment, the agency says, requires aggressive system monitoring and management, defensive operations capabilities, assuming requests for critical resources may be malicious, assuming the compromise of any device or infrastructure, accepting the risks associated with access to critical resources, and preparedness for rapid damage assessment and remediation.
With Zero Trust, every user, application/workload, device, and data flow is considered untrusted and access is denied by default, resources are protected and operated with the assumption that they might have been compromised, and access to all resources is provided in a secure manner.
The design of a Zero Trust solution, the NSA notes, implies defining mission outcomes, first protecting Data/Assets/Applications/Services (DAAS) and securing access paths, determining who needs access to the DAAS, creating control policies, and constantly looking for suspicious activity through full visibility into all activity (the inspection of all traffic logs).
The NSA also explains that implementing Zero Trust requires time and effort, and that additional capabilities are required to transition to a mature Zero Trust architecture, for full benefits. Furthermore, the agency says, it is not necessary to move to a mature Zero Trust architecture all at once, as such implementations mature over time, enabling defenders to keep up with threats.
Challenges faced when implementing Zero Trust may include the lack of full support within the enterprise, “possibly from leadership, administrators, or users,” scalability, the need to continuously apply access control decisions, and fatigue from constantly applying default-deny security policies.
“The Zero Trust mindset focuses on securing critical data and access paths by eliminating trust as much as possible, coupled with verifying and regularly re-verifying every allowed access. However, implementing Zero Trust should not be undertaken lightly and will require significant resources and persistence to achieve,” the NSA also points out.