NC May-Jun 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
FEATURE: ZERO TRUST<br />
ZERO TRUST: THE TRUTH IS OUT THERE<br />
THE CONNECTED WORLD IS A CHANGED WORLD, AND ENTERPRISES CAN NO LONGER ASSUME THEY<br />
HAVE FULL CONTROL OVER CLOSED NETWORKS, ACCORDING TO MATTHEW MARGETTS, DIRECTOR OF<br />
SALES AND MARKETING AT SMARTER TECHNOLOGIES<br />
The COVID-19 pandemic further<br />
accelerated the new normal, which shifted<br />
a large proportion of the workforce to<br />
remote working and forced businesses to<br />
increase their use of cloud platforms to support<br />
a variety of devices and networks.<br />
Unfortunately, criminals can take advantage of<br />
this upheaval and attempt to increase network<br />
infiltrations for nefarious gains.<br />
The truth is that legacy security solutions<br />
cannot support a Zero Trust network. In the<br />
legacy model, security measures are reliant on<br />
a closed perimeter security model that assumes<br />
that all users and applications are coming from<br />
the same network location and entry points.<br />
This approach is no longer sufficient, which is<br />
why Zero Trust security is becoming the<br />
preferred network security architecture.<br />
WHAT IS ZERO TRUST SECURITY?<br />
Zero Trust architecture is an approach to IT<br />
system design where inherent trust in the<br />
network is removed. The network is assumed<br />
to be hostile, and each request is verified<br />
based on an access policy. Regardless of the<br />
device, network and user activity, Zero Trust<br />
architecture is built on access management<br />
checks at every level.<br />
The National Cyber Security Centre (<strong>NC</strong>SC)<br />
says: "In a Zero Trust architecture, inherent trust<br />
is removed from the network. Just because<br />
you're connected to a network doesn't mean<br />
you should be able to access everything on that<br />
network. This is commonly seen in breaches;<br />
an attacker gains a foothold in a network and<br />
is able to move laterally because everything on<br />
the network is trusted. In a Zero Trust<br />
architecture, the network is treated as hostile."<br />
The key concepts of Zero Trust are:<br />
The network is hostile and should be<br />
treated as compromised<br />
Inherent trust is removed from the network<br />
Every request to access data or a service<br />
should be authenticated and authorised<br />
against an access policy<br />
Gain confidence dynamically by<br />
continuously evaluating the trustworthiness<br />
of connections<br />
THE 8 DESIGN PRI<strong>NC</strong>IPLES OF A ZERO<br />
TRUST NETWORK<br />
The <strong>NC</strong>SC has introduced eight Zero Trust<br />
architecture design principles that are paving<br />
the way for future networks for the government.<br />
These eight principles are intended to help the<br />
public sector and large organisations to<br />
implement a Zero Trust network architecture in<br />
an enterprise environment.<br />
1. Know your architecture, including users,<br />
devices, services and data<br />
2. Know your user, service and device<br />
identities<br />
3. Assess user behaviour, service and device<br />
health<br />
4. Use policies to authorise requests<br />
5. Authenticate and authorise everywhere<br />
6. Focus your monitoring on users, devices<br />
and services<br />
7. Don't trust any network, including your own<br />
8. Choose services that have been designed<br />
for Zero Trust.<br />
Let's take a closer look at the eight<br />
principles' objectives:<br />
1. Know your architecture, including users,<br />
devices, services and data<br />
To get the benefits from Zero Trust, you need to<br />
have a clear understanding about each<br />
component of your architecture so that you<br />
can identify:<br />
Where your key resources are<br />
The main risks to your architecture<br />
How to avoid integrating legacy services<br />
that do not support Zero Trust<br />
2. Know your user, service and device identities<br />
An identity can represent a:<br />
User (human)<br />
Service (Software Process)<br />
Device<br />
Each identity should be uniquely identifiable<br />
in a Zero Trust architecture. This is the most<br />
12 NETWORKcomputing MAY/JUNE <strong>2022</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK