Traditionally, organizations based their permissions and access controls based on user location. If a user was located externally, limited access was given to the “trustless” account. If the user was on the internal network, administrators assumed that the user could be trusted. Employees could be trusted, because they were a part of the internal organizational team, but this mistake led to data disclosure, stolen intellectual property, and corporate espionage from insider threats. Cybersecurity experts changed the standards for access and authorization using a zero-trust model and using a “least privilege” mindset to reduce risk of a data breach due to insiders exposing corporate assets.
Picture this scenario. You get an email. It’s from the HR Director of your employer asking you to review the information on the attached PDF file and confirm its all up to date. The Director explains that you will have to type in the last 4 digits of your social security number along with your username to open the secured file. Based on what you know at that moment, clicking on that attachment requires a lot of trust on your part.
- You are trusting that the person who emailed you is indeed the HR Director. It could be someone spoofing that email address. Even worse, an attacker could have cracked the credentials of the HR Director’s AD account and is using their email account to implement a BEC attack.
- You are trusting that the PDF file is indeed an actual HR document and doesn’t contain a malware installer that will infect your computer with ransomware.
- Even if it was sent by the HR Director and the file is legit, you are assuming that the HR Director’s computer used to send the email isn’t infected with malware, thus exposing your computer to possible infection as well.
- You are trusting that your computer hasn’t been infected with a key logger that will record your keystrokes and forward them to the attacker.
Email is a very trusting communication medium, having been invented at a time when there weren’t malicious hackers, ransomware gangs or cybercriminal organizations to worry about. When you read the headlines these days about all the cyberattacks that routinely take place today, why would you ever even consider clicking the attachment?
The Traditional Model of Trust but Verify
More than a decade ago, network security was very straightforward. Network security was all about protecting the perimeter from external attack threats. Traffic from outside your perimeter was not to be trusted while traffic originating from within was. In this fashion, security was simply a function of location; secure the trusted internal environment from the untrusted outside world. Once an on-premise user assigned to a stationary desktop was authenticated early in the morning, they were good to go for the rest of the day. Users were trusted and given default access and privileges to the resources they needed without repeated validation. While traffic entering the perimeter had to be validated and analyzed by firewall rules and IDS/IPS tools, parallel traffic and intra VLAN traffic was trusted by default and left unabated. While a healthy dose of skepticism was encouraged for emails from external sources, internal emails were accepted on merit.
The Erosion of Trust
There is no doubt that trust has steadily eroded enterprises over the years. Just as many older people miss the nostalgic era in which they didn’t feel the need to perpetually lock their doors at night, the old practice of trust but verify within the enterprise network is long gone. There’s a lot of reasons, the first being the dissolving of the perimeter. There is no hard borderline outlining the trusted and untrusted zones of a network today. Users, computers, and digital resources are now dispersed across a vast plane of corporate offices, remote workspaces, and public clouds. Outside actors are constantly using credential stuffing and spray attacks to steal legitimate credentials and gain access and privilege to the network. Attack avenues permeate the enterprise in the form of remote access tools, supply chain networks, BYOD initiatives and cloud computing. They say that money changes everything, and it certainly has reshaped the world of cybercrime as dedicated ransomware gangs now implement ransomware attacks to garner a large payday and state sponsored hacking organizations steal proprietary data as part of elaborate espionage efforts. No doubt, the concept of a single perimeter that separated the trusted from the nontrusted is outdated, or maybe it was a fallacy all along.
Never Trust, Always Verify
The term, Zero Trust, was first coined back in 2010 by the renowned technology research group, Forrester. Zero trust assumes a world lacking any defined traditional network edge, only a vast uninterrupted IT estate with no physical borders. In a zero-trust network environment, all accounts and objects are considered external to the network. It requires networks to continuously monitor and validate end users and their devices as one-time validation will no longer suffice. Zero Trust architecture is enforced using security controls such as micro segmentation, security policies, heuristic analysis, compliance requirements and security baselines just to name a few. Trust is no longer assumed throughout the day. It must be continually earned and validated. Users are no longer granted local admin rights by default and in some cases, can no longer install an application or printer without assistance from internal IT. Traffic originating from an internal VLAN can no longer be granted default access to other VLANS. East-west lateral traffic is now scrutinized to the same degree as north-south traffic traversing the firewall.
How Zero Trust and Least Privilege Protect Data
Older cybersecurity models verified authorized users, and then let administrators assign permissions across the network without any additional validation. Should an attacker gain access to a user account, any actions using the compromised account would be successful. No additional validation of user environment, device, location, and context of the request was incorporated into authorization.
A zero-trust model changes the way organizations and administrators think in terms of cybersecurity and protecting data. Even servers and infrastructure are no longer trusted. Any requests from servers, devices, users, and services must be authorized and validated for every access call. Instead of implicitly trusting internal resources, a zero-trust model assumes every call to a resource or data is a potential attacker.
As an example, suppose that a user is authorized on the network and makes a call to an API for data. The user would have an access token, and then send this token to the API. Instead of assuming that the access token is legitimate, the token would be re-validated to ensure that it has not been compromised or stolen by an attacker. The token is revalidated and authorization reverified to ensure that the user is not an attacker. In this sense, the user is not implicitly trusted simply for being an internal account. The user is not trusted and every call for data is verified.
Zero-trust models do not include users only. All assets on the network that interact with each other and share data are also considered untrusted. In older models, services would allow other services to communicate with very little authorization and validation. Should the service be compromised, an attacker could take advantage of the unauthorized requests and steal data, intercept traffic, or take over communication.
Using Least Privilege Concepts for Zero Trust
The methodology of using least privilege (also called privilege access management or PAM), works alongside zero-trust to limit authorization to sensitive services and data. A zero-trust model assumes all users and services could be attackers, and least privilege defines the services and data authorization. Administrators working with a least privilege model should give access permissions to data necessary for every user to do their job.
A common mistake in many organizations is allowing users to keep old permissions when they change positions within the organization. As users move to different positions within the organization, they collect more and more permissions. Eventually, they have access to various systems that they don’t need to perform their job. If the account is compromised, an attacker would have access to several systems across the network.
To combat this issue, the “least privilege” standard always limits permissions to systems that are necessary for the user to perform a work function. When the user changes positions within the corporation, permissions are changes and any access unnecessary for the new job are revoked. It should go without mention that the user’s permissions are also revoked after termination of employment and the user account disabled.
Zero trust and the standard of least privilege work well together to limit the organization’s attack surface and risk. It does not completely eliminate risk, but it restricts access should an attacker compromise an account. In turn, it reduces risk of a compromise and the amount of data an attacker can access should he gain access to the account.
Guide: An IT Pros Guide to Layered Security – Protecting Your Company’s Data
Protecting Data Using the Right Standards
With numerous devices accessing data and storing data, it’s important for organizations to validate every request for data regardless of the user. It sounds counterintuitive, but users should always be considered possible attackers, and data access should be strictly restricted.
The right cybersecurity and authorization practices will greatly reduce cyber risk. As you define your access controls and the way to set up infrastructure, make sure to consider a zero-trust model with implemented least privilege standards to protect data.
TitanHQ as a Trusted Partner
TitanHQ is a leading cloud security vendor, that provides organisations with solutions to protect against malicious malware and advanced threats. TitanHQ creates the controls that enterprises require to protect themselves in the zero-trust network world. SpamTitan Email Security protects against phishing and BEC attacks, EncryptTitan protects your email transmissions and WebTitan manages the internet traffic of your users with content filtering.
Contact us today about setting up a trial to validate our solution products for a zero-trust environment.