Last Updated on August 2, 2021
In the wake of recent mega-hacks, Zero Trust is big news. In fact, “Zero Trust architecture” is the end goal of President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity.
What exactly is Zero Trust? And how do we achieve it? Is it a software solution? A strategy? Yet another framework? And what makes it such a powerful defense against cyber-attacks?
To get to the heart of Zero Trust, The Virtual CISO Podcast sought out the person who conceived Zero Trust ten years ago: John Kindervag, now Senior Vice President of Cybersecurity Strategy at ON2IT Cybersecurity. Hosting the show as always is John Verry, Pivot Point Security CISO and Managing Partner.
Why our current “trust model” is broken
“Zero Trust looks at the trust model where we have trusted versus untrusted systems and networks,” John explains. “It goes back to the old days of firewalls. The untrusted side went to the internet where all the bad things are. The internal network was the trusted side. And then you’d set up a policy based upon those trust levels.”
“What I realized both deploying all those technologies and then later as an analyst, is this trust model was the fundamental problem. Trust is a hard thing to define. But it is a human emotion that we’ve injected into digital systems for no reason at all.
“It turns out trust is actually a vulnerability—the only vulnerability that is also an exploit at the same time. You don’t need to create malware to exploit trust. All you have to do is be on a network.
“The only actor who gets value from trust in digital systems are the malicious actors who are going to exploit it. Almost every single negative security event has fundamentally as its root cause a problem of trust. It is an exploitation of this broken trust model,” John relates.
Take a ransomware attack, which generally works by co-opting a “trusted” internal system to send a command and control call out over the internet, and then retrieving the symmetric key for the ransomware. Because we “trust” and allow that outbound connection by default, we enable the attack. But what if that system’s outbound connections were limited to just the resources it needed to access? Defining explicit “whitelists” of allow rules are one of the keys to instantiating Zero Trust.
The protect surface concept
To organize and conceptualize what rules are needed, Zero Trust defines the tactical concept of a protect surface. “The idea is to take the overall attack surface, which is the entire internet, and break it down into something very small and understandable called a protect surface,” John clarifies. “If you’re doing PCI, for example, then the cardholder data environment becomes the protect surface. You just have one single thing that you’re protecting, so now the problem is very small.”
“Typically, we look at our entire environment, and then our entire network or whatever,” continues John. “Then we find a problem, buy new technology, fix it, do it again, do it again, do it again… And you eventually run out of money before you run out of problems. But if you break the problem down into individual small pieces, that’s something that’s easily doable. Eventually, you have this protect surface mentality. You have a finite number of protect surfaces in your organization, and you can build Zero Trust out incrementally, iteratively, and non-disruptively.”
If you want to explore how Zero Trust could look in your organization, look no further than this massively informative podcast with Zero Trust progenitor John Kindervag.