Zero Trust Architecture (ZTA) is a concept that proposes there is no implicit trust given to user accounts or assets simply on the basis of their network or physical location or based on their ownership of the asset. Prior to establishing a connection with an enterprise network, authorization and authentication of both the device and the subject need to be performed discretely to meet the NIST ZTA cybersecurity guidelines.
Tenets of Zero Trust
There is a paradigm shift from wide network perimeters to a laser focus on the protection of smaller or individual groups of networks or resources. There is no implicit trust granted to anyone simply because they happen to have access to the network or physical location. At the core of ZTA is the elimination of unauthorized data and services access and making access control as granular as possible. NIST has outlined a number of conceptual principles related to the design and execution of ZTA.
- All data and computing devices shall be considered as resources. For instance, if an employee's personal smartphone can access enterprise data, it should be classified as a resource.
- Communication must be secured regardless of the location of the network. Whether the requests are originating from inside or outside the network, identical security levels must be maintained. All communication must be authenticated and encrypted.
- Individual enterprise resource access should be provided per request. Authentication to a single resource doesn't automatically grant access to other resources.
- Resource access should be governed by policy including the user identity state and the system making the request along with other behavioral attributes.
- Businesses must ensure that all of their owned and associated systems are in the highest possible state of security through constant monitoring. Patches and fixes should be applied immediately to diffuse vulnerabilities.
- Authenticating the user shall be strictly enforced prior to access and must be a dynamic process.
Zero Trust Architecture Approaches
Enterprises can choose a variety of ways to enforce ZTA for their workflows. The policies and components may vary from organization to organization given their business objectives and culture. Despite differentiation, all approaches ensure compliance with all the tenets of Zero Trust. That being said, they have an option to put more focus on one or a few tenets as the primary security policy drivers. The following is an overview of those options.
ZTA with Enhanced Identity Governance
This involves making the identity of actors the crucial component of policymaking. In this approach, enterprise resource access terms and conditions are defined based on identity and assigned attributes where the main requirement is the access privileges provided to the subject for accessing a resource.
ZTA with Micro-Segmentation
In this approach, the enterprises choose to deploy ZTA by positioning an individual or groups of resources on a separate network segment that has gateway security protection. In such cases, the organization relies on infrastructure devices like routers, switches, and next-generation firewalls to act as policy enforcement points (PEPs), which safeguard every resource or associated group of resources. This can also be enforced through software agents.
ZTA with Network Infrastructure and Software Specified Perimeters
Using this approach, the enterprise implements ZTA by deploying an overlay network, usually layer 7 but lower OSI network stack can also be used. This approach is also called software-defined perimeter (SDP) as they often include ideas from Software Defined Networks (SDN).
Weaknesses Associated with Zero Trust Architecture
Despite being one of the most effective cybersecurity architectures, ZTA has its limitations when it comes to ensuring absolute privacy and security of your enterprise network. There are loopholes that can be exploited to gain control which can lead to data breach and further malicious behavior. The most prominent of them include the following:
Subversion of ZTA Decision Process
In Zero Trust Architecture, the policy administrator and engine are the primary enterprise components. Without policy administrator (PA) and policy engine (PE) approval, there is no communication to and from enterprise resources. This means that it is essential to adequately maintain and configure these components. An administrator who has configuration access to the engine's rules can make unauthorized and unapproved changes or may commit a mistake that may compromise enterprise security.
Similarly, a policy administrator who has been compromised could enable access to those resources that would otherwise not be authorized.
Insider Threat & Stolen Credentials
Attackers can use various tools and methods to gain access to credentials or an insider can abuse their authorized privilege. They may employ social engineering, phishing, or a blend of different attacks to acquire credentials of high-profile accounts. MFA/2FA can minimize the risk of this type of attack but a perpetrator who has access to valid credentials can still access resources for which the access has been granted. For instance, a compromised employee may have access to the employee database.
It should be kept in mind that the accounts that have access policies surrounding resources are at a greater risk of insider attacks since they are the keys to gain access to other resources.
Use of Non-person Entities (NPEs) in ZTA Administration
Many enterprise networks have deployed AI or automated software-based agents to deal with their security issues. They have to communicate with the ZTA management components including PA and PE instead of a human admin. Authentication of these components in the enterprise while ensuring compliance with ZTA is an open debate. The assumption is that the majority of automated systems will use some kind of means for authentication for API access to resources.
The major security risk here is false positives and false negatives when utilizing automated systems for PE and configuration which can severely compromise enterprise security.
When it comes to improving cybersecurity, the enterprise has come a long way and Zero Trust Architecture is a living testament to that fact. While ZTA eliminates a wide variety of security risks, it should be noticed that there are still some threats that need to be addressed. The most impactful one probably is that a policy decision point (PDP) and corresponding policy enforcement point (PEP) can be potentially subverted by a privileged insider at the identity provider.