Zero Trust Architecture: Paving a way for Cybersecurity

15th March, 2022

With the advent of the cloud, the traditional parameter security models, Zero Trust sometimes is also known as perimeter less security has become a key while designing and implementing digital products. In today’s world where there is an acceleration in digital services, cybercrime is one of the greatest threats which is for every enterprise and every individual in the world. To make sure that there is no financial loss, compromises to customer information and reputation loss for organizations, Zero Trust Architecture or ZTA has become an imperative.

What is Zero Trust?

As per NIST Special publication, ZTA is a collection of concepts and ideas designed to reduce the uncertainty in enforcing accurate, per-request access decisions in information systems and services in the face of a network viewed as compromised. Rooted in the definition and some key principles ZTA is designed to protect modern digital applications from any cyber-attacks.

Why is ZTA so important?

As per the report from Cybersecurity Ventures, the losses indicted by cybercrime will increase by 15% per year and will be reaching $10.5 Trillion annually by 2025. During pandemic the cybercrime went up by 150% and has caused billions of dollars of loss. Ransomware – malware that locks access to the computer system has been growing exponentially. WannaCry Ransomware in 2017 impacted 200,000 computers across 150 countries and demanded millions of dollars in bitcoin as ramson while impacting billions of losses as businesses productivity. Security experts believed that the worm originated from North Korea, but it was never established.

Key Principles for a ZTA

The Zero Trust Model (based on NIST 800-270) includes standards that help protect against the attacks that would plague the cloud-first deployment architectures.

The model talks about all the components which are rooted in a few key principles:

1. Never Trust, Always Verify: Principles mandates to never trust the user identity and level of access. Just because somebody is on your corporate network does not guarantee that it does not need validation hence whenever a user requests to access an enterprise resource always authenticate and authorize the user. While designing a ZTA architecture this is very important though the design should keep this as frictionless for the users as possible.
2. Establish Micro-segmentation: Micro-segmentation is a way to create segments within a data center and these segments can be isolated from each other and secured individually. This limits the span of the damage and prevents an attack to expand once it penetrates the network.
3. Implement Least privilege access: Confidentiality, integrity, and availability are considered the goals of any security program. The least privileged access helps organizations achieve these goals. With privileges, the software developers can be very specific about what the user of the application can do with the application without giving too much access. Privileged Access Management is a great way of implementing the least privilege for any user.
4. Assume Breach: This principle encourages teams to plan for worst-case scenarios and build robust and tested response plans so that when attacks do occur, the time to respond is rapid & well-practiced. Security is everyone’s responsibility, and we need to be always on alert. The threats can come from within the organization or outside the organization hence the right checks and balances must be set-up to do the right monitoring and take corrective actions as needed.

At Brillio we have been helping our clients in ensuring that the digital products that adhere to a blueprint we follow for ZTA. Our clients in various domains such as Banks, Financial institutions, Healthcare, Retail, and hence the confidentiality of their customer information is paramount. The digital products that we build have ZTA and its principles embedded as the solution, most of our solutions implement SSO, MFA, PAM, micro-segmentation, threat monitoring tools so on and so forth. Brillo has also co-developed a product Blue Planet Enterprise which enhances network visibility and control, it’s powered by AI models for closed-loop automation.

Conclusion

Zero Trust isn’t something that can simply be delivered by implementing a new piece of technology, nor is it a point product or service that you can just go out and buy. It is a security strategy that has some core principles and these need to be adhered to, all the time. In today’s world, the value of a business depends largely on how well it guards its data, the strength of its cybersecurity, and its level of cyber resilience. Hence the applications must be built around this strategy to build secure applications.