Research companies tend to create trendy abbreviations. The hottest and trendiest term at the beginning of the year may be Zero Trust Network (ZTN). Admittedly, the model was introduced by John Kindervag as early as 2010 when he served as Forrester’s chief analyst. It is now being offered as a lifeline in a market situation where cyber-attacks are mocking traditional cybersecurity solutions for computer networks.
I agree that the ZTN model is a route to improving cybersecurity management. However, I predict the journey will be long and challenging. The model requires new thinking, new technology, new skills, and determined work and communication.
In the world of cybersecurity, we are used to referring to the frameworks of different institutions. Indeed, the NIST cybersecurity framework has also been considered a guideline outside the US or has been inherited from Europe. The challenge of the market situation is illustrated by the fact that this framework is also designed for an entity controlled by one company and organization. It has parts that are almost impossible to implement in a multi-cloud environment. In any case, the ZTN is now a strong recommendation in the NIST framework to get the situation under control.
What is ZTN?
In the ZTN model, “everything is forbidden unless specifically identified and allowed”. Sounds simple. The first challenge is corporate culture if the practice has allowed traffic to operate freely. Too often, everything is allowed and accessible even if the services are not related to the company’s operations. The advantage achieved is difficult to change. The old model is based on the idea that there are trustworthy parties inside and outside the corporate network. The firewall has acted as a sacred network device and water divider, but with the opposite “all allowed, if not specifically forbidden” practice. In firewalls, access control rules are based on IP spaces or address pairs (OSI layer 3). In addition, the busiest administrators have defined TCP ports (OSI layer 4).
If the national border check at the airport were to take place like this, it would be decided that “Everything that comes from London is okay”. It would then invest in repairing the damage and tracing criminals around the country.
The challenge for the ZTN model and maintenance is the requirement for application-level access control (OSI layer 7). At the local level, this could be done by upgrading the company’s own technology, but the new multi-cloud environment is challenging.
The new operating environment (Cloud, SaaS, WFH, BYOD, IoT) requires more
The business environment with its applications is highly fragmented for numerous SaaS, PaaS, and Cloud operators. When the computer starts up, it shoots into the bit space hundreds of sessions around the world. The network routes and filters IP packets, but hundreds of applications chat in application sessions that the network doesn’t really understand. Traditional network segmentation, unable to implement in the new operating environment. Adding to the equation the fact that 90% of Internet traffic is encrypted and few companies implement SSL scanning and DNS Sec is non-existent for the protection provided by a traditional enterprise network solution, segmentation, and firewalls. A fragmented operating environment leads to an even wider area of attack. The realization of a cyber attack is mainly a matter of time.
The budget is not enough to fight without the ZTN
By moving to the ZTN model, there is much less attack area and supervised activity online. Applications that are necessary and authorized for a business no longer move on the network under strict control. The cost of the network and related security services will decrease as capacity needs decrease. Utilizing modern and expensive cybersecurity technology effectively is reasonably priced for this entity.
The ZTN transition begins with the leader
To corporate management, “anything forbidden that is not specifically identified and allowed” sounds easy. It is forgotten that network experts have been studying and building networks at the 2 to 4 levels of segmentation of the OSI model for the past three decades. The technology may have enabled locally layer 7 functionality, but few application owners have instructed network and firewall administrators. The first step is to move to solutions where it is possible to reliably identify SaaS, PaaS, Multi-Cloud applications and link them to identified users and IoT devices. Only then will the controlled transition of ZTN policies begin.
The first task of a leader is now to create the conditions for a new architecture.
Hannu Rokka, Senior Advisor
5Feet Networks Oy