Network Security

Zero trust security: mastering the fundamentals

juanhernandez@preyhq.com
Juan H.
Jun 23, 2023
0 minute read
Zero trust security: mastering the fundamentals

The FBI reported 800,944 cybercrime complaints in 2022. With a projected increase in 2023, there’s more of a need than ever to address digital cybersecurity and safety within an institution. It’s no longer feasible to trust users after they enter the perimeter of a network—user accounts are constantly compromised and used to attack sensitive information.

Moving to a Zero Trust security architecture addresses many of these modern cybersecurity challenges. Instead of trusting users once, Zero Trust software takes a no-trust approach and requires verification before allowing someone access to each point of entry —every time they try to access it. Zero Trust systems limit the attack surface by segmenting networks and mitigating new security threats by constantly monitoring and adapting to modern needs.

Zero Trust isn’t a rigid framework; instead, it’s a security concept that promotes a holistic and continuous evaluation of trust and security controls throughout an organization's infrastructure. Its processes are built off of standard pillars that work together to provide a comprehensive security framework that minimizes the attack surface and enhances overall cybersecurity.

Some companies will add extra categories and subcategories that better align with their needs—such as the National Institute of Standards and Technology (NIST) which created a Zero Trust Architecture (ZTA) with seven pillars. Other organizations or experts may interpret and implement the main Zero Trust principles in slightly different ways, which also leads to variations in the number of pillars of Zero Trust. 

In this guide, we’ll look at five of the most common pillars of Zero Trust: Identity Access Management (IAM), network segmentation, device and endpoint security, application security, and data security. As you learn more about each pillar, you can decide if it needs to be adjusted or modified to better meet your institution’s needs.

The five pillars of Zero Trust

Every Zero Trust system requires a few critical components to ensure a secure environment. Although the amount can vary, there are five pillars of Zero Trust that are used in most organizations.

1. Identity and access management

Identity and access management (IAM) is the process used to: 

  • identify users on your computer systems 
  • verify that users have permission to access information 

A Zero Trust system never assumes permission—instead, each user is granted permission by continuously verifying their identity via strong authentication and verification tools that users access when signing on or moving around a system. 

Users can sign into your organization using a single sign-on (SSO) protocol, which uses other system logins to verify identity and enables access to resources and applications within a single domain. The SSO will trigger a multi-factor authentication (MFA) system for a secondary login code, which will be sent to an authentication device. This code is needed for final authorization to gain access to the organization’s resources. 

SSOs work in conjunction with federated identity management systems. In many organizations, users not only need access to the internal system but often third-party resources and tools as well. Federated identity central management systems contain all system users and roles, enabling the SSO process for outside domains and resources. 

Identity federation tools help IT teams: 

  • Assign permissions to users under the principle of least privilege (access to the minimal amount of resources a user and group need to function)
  • Set all other files and network areas in the system as off-limits and invisible to the user, which ensures a secure and seamless point of access

2. Network segmentation

Network segmentation takes a computer network and divides it into smaller, more secure segments. In a traditional system, you may have a single network for all the devices in your organization. Computer servers, workstations, and user devices can all see each other as well as all of the files and data available.

The problem with this connected network architecture is that one compromised device can impact the entire organization with malware. A small compromise can spread throughout the system—leading to company downtime and a huge data breach.

Network segmentation takes different units of your organization and separates them to stop lateral movement and data breaches from affecting a whole system. Networks can be segmented into sections like:

  • Individual wifi networks for Bring Your Own Devices (BYOD) 
  • Small isolated areas where sensitive data is hidden from other segments that allow third-party access
  • Micro-segments for proprietary company information that are only available to select employees

The exact configuration of your network will depend on your organization and its needs; however, segmentation will always minimize potential widespread damage. If a user with limited access becomes compromised, the attack can’t move through your network and make its way to other network segments without hitting another point of identity verification.

3. Device and endpoint security

Securing individual devices on your computer network is a critical part of the Zero Trust model. This process includes: 

  • installing antivirus software 
  • installing antimalware software
  • setting up computer firewalls
  • maintaining software updates
  • guarding against phishing attacks with spam detection

In a Zero Trust environment, you only give individual devices as much trust as they need to function. Take desktop computers, for instance. If you want to control the software on the machines and prohibit unknown programs to run, limit the user’s permissions to prevent them from being able to install unapproved software.

Your authentication procedures also apply to endpoint devices. Each device on your network should be identifiable before it is authorized to access resources. Once you secure your devices, it then becomes a matter of watching over them. 

You’ll experience external and internal threats constantly as you add more complexity. Monitoring and logging tools will enhance your endpoint security by showing you what’s happening on your network, identifying malicious attacks, and offering remedies for security breaches.

4. Application security

Application security is essential for all of the applications your organizations use to run—including desktop and web applications as well as the servers that host the application backends and data.

In a Zero Trust model, no application should have access to computers or servers that don’t relate to its function. A Customer Relationship Management (CRM), for instance, should only have access to the database that stores customer information. Your device security should block the application from accessing other servers and file systems that contain data it doesn’t need.

Apply the principle of least privilege to applications by: 

  • wiping the access an application has
  • then gradually adding access to specific resources it needs to function correctly
  • setting up micro-segmentation of networks to ensure that a third-party app can’t access the most sensitive proprietary information 

If an application you use has a security flaw that compromises your devices, this application security will contain the damage to the impacted apps.

If you have custom applications in your organization, you may need to hire developers to: 

  • write programming code to create custom workflows and reduce the attack surface since some commercial applications won’t meet unique business requirements. 
  • establish secure practices for future development teams 
  • test applications before launch to make sure they follow your Zero Trust security procedures

5. Data security

The last of the 5 pillars of Zero Trust is data security. These are the procedures you put in place to limit access to organizational data to the users who need it to function.

Protecting data should be one of your most important considerations when implementing Zero Trust—you don’t want attackers to access sensitive information like social security numbers, credit card information, or proprietary company secrets. 

To start:

  • Identify your critical files 
  • Classify the data and label the files by how valuable they are
  • Set permissions for users and groups that should have access to them
  • Encrypt all network data when it’s not in use so an unauthorized user can’t read it (even if they somehow gain access)

After setting up data security protocols and processes, Zero Trust teams will need to focus on monitoring the network data with the help of data loss prevention (DLP) tools. These tools allow you to: 

  • constantly monitor data to look for abnormalities
  • see if information goes missing
  • identify users who misuse data
  • flag abnormal access patterns 
  • find gaps in your environment that you need to patch

Additional considerations and best practices

In addition to the five pillars of Zero Trust, there are some other considerations to make during Zero Trust implementation—based on your organization’s structure.

Securing cloud environments for Zero Trust

You may not have complete control over your environment if you use cloud tools in your organization. 

To make your cloud environments more secure and inline with your Zero Trust protocols: 

  • Look at the data you plan to store in the cloud, the people who have access to that data, and any security precautions offered by your cloud provider. 
  • Then add services that enhance the cloud provider’s security precautions and that offer a granular level of control to account administrators so they can restrict access and set up policies.

Zero Trust in remote and hybrid environments

While some organizations have returned to in-office work, hybrid or remote work environments are still prevalent with 48% of knowledge workers engaging in remote work globally. However, in a remote or hybrid work environment, there is less control over the network. 

To follow Zero Trust principles in a remote work environment, remember to:

  • create a secure environment for your remote workers by requiring them to use a VPN to decrypt data
  • assign devices as company devices so that you can allow IT teams to access and control them when needed 
  • require MFA before signing in to use company resources
  • educate your workforce on potential threats and engage them in the Zero Trust model so they actively report possible attacks

Adding Zero Trust to third-party vendor access

Every organization uses third-party vendors to streamline their operations. But, how do you apply your Zero Trust principles to third parties? 

  1. Delete all third-party vendor access
  2. Add back in segmented third-party vendor access to necessary network areas 
  3. Monitor their activity for abuse

A reported 98% of companies are connected to third-party data breaches, so watch the information you share with any third-party vendor. It’s best to limit access as much as possible. Then, grant it on an as-needed basis.

Network monitoring and analytics for Zero Trust

You’ll need to continuously monitor your network over time to see how successful your Zero Trust implementation and software is at maintaining the security posture of your company. 

To do this, it may be best to use device monitoring tools that help you keep track of: 

  • data access
  • user behavior
  • network devices
  • other pieces of data you acquire

Then, create reports to summarize this information and look for anomalies that indicate you may have a problem.

Conclusion

Zero Trust architecture can work for organizations that want to step up their security. It functions on several foundational pillars that help Zero Trust teams effectively secure every part of a computer network.

  • Identity and access management: This pillar ensures that user verification happens at every level before allowing resource access
  • Network segmentation: This pillar breaks your network into small segments to isolate critical business operations from threats that have breached your system
  • Device and endpoint security: This pillar fortifies devices from threats by locking them down after anomalies are detected as well as updating them with the latest spam and antivirus software
  • Application protection: This pillar secures applications by limiting their access to the required resources to function
  • Data protection: This pillar secures your data by limiting access, encrypting anything not in use, and constantly monitoring to look for threats

There is no one-size-fits-all approach to Zero Trust. You’ll need to customize your Zero Trust approach to meet your organization’s unique needs and ensure your workforce buys into the philosophy of the approach. Work with your Zero Trust team, stakeholders, and outside experts in the field to learn what you need in a secure Zero Trust environment in your industry. Then create a roadmap to get you there. When you use the five pillars of Zero Trust in tandem with device tracking software, you’ll create an environment that safeguards your network and your devices from cyber threats.

Prey offers tracking software that will help you monitor your device locations, track what happens on them, and manage the software on each device—all from one dashboard. Avoid losing information about your remote workforce using our persistent device tracking & security solution by signing up for a free trial today.

Discover

Prey's Powerful Features

Protect your devices with Prey's comprehensive security suite.