The term “Zero Trust” can be confusing, because it can be used to describe both the Zero Trust architecture of a network or cloud (which encompasses the structured layout of network elements and the virtual design of cloud environments), and the holistic approach combining a Zero Trust architecture with a cybersecurity platform designed to detect, analyze, and contain threats. This blog uses the terms “Zero Trust Architecture” and “Zero Trust Security Model” (as defined by the National Security Agency) to distinguish between these two uses of the term “Zero Trust.”
What is Zero Trust Architecture?
Zero Trust Architecture moves away from the traditional concept of a "network perimeter"— where all devices and users within a local area network (LAN) or virtual LAN (VLAN) are automatically trusted and granted extensive permissions. From a simplistic viewpoint, think of Zero Trust Architecture as minimizing a network or cloud environment’s attack surface by utilizing segmentation via VLANs, and enforcing least-privileged access controls, detailed microsegmentation, and multifactor authentication (MFA).
Zero Trust Security Model
A Zero Trust security model goes beyond Zero Trust Architecture. The Zero Trust security model is a comprehensive set of design principles and a coordinated strategy for cybersecurity and system management. Under the Zero Trust security model, it is assumed that a breach is either inevitable or has possibly already occurred. The model therefore continually restricts access to only what is essential while actively searching for unusual or malicious activity. It incorporates extensive security monitoring, granular risk-based access controls, and active detection and containment of threats across all infrastructure components. The focus is on protecting critical assets in real time within a dynamic threat landscape.
“The National Security Agency (NSA) defines a Zero Trust security model as one that “assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.”
-The National Security Agency
With many organizations (especially SMBs to mid-market enterprises) struggling to find sufficient budget to adequately address their cybersecurity defenses, the question arises whether budget-constrained organizations might adopt a Zero Trust Architecture as their principal, or even sole, cybersecurity defense. That is, can the architectural minimization of your network and cloud environments’ attack surfaces, combined with the implementation of least-privileged access controls, rigorous microsegmentation, and multifactor authentication, constitute a sufficient cybersecurity posture for SMBs and mid-sized enterprises?
Although integrating Zero Trust Architecture into your IT systems can enhance your cybersecurity posture, depending solely on Zero Trust Architecture as your primary or sole cyber defense carries considerable risks:
Gartner analysts forecast that by 2026, over half of cyberattacks will target areas not protected by Zero Trust controls, rendering them ineffective. “The enterprise attack surface is expanding faster and attackers will quickly consider pivoting and targeting assets and vulnerabilities outside of the scope of zero-trust architectures.” https://www.gartner.com/en/newsroom/press-releases/2023-01-23-gartner-predicts-10-percent-of-large-enterprises-will-have-a-mature-and-measurable-zero-trust-program-in-place-by-2026
Weaknesses in Multi-factor authentication. Multi-factor authentication (MFA) is a critical component of Zero Trust security. Unfortunately, cybercriminals can use malware to bypass MFA. Here’s an example: https://www.hipaajournal.com/mfa-bypased-cyberattack-la-county-department-mental-health/
Zero Trust does not Stop Zero-day attacks. Zero-day attacks are previously unknown vulnerabilities that cyber attackers exploit before a patch becomes available or is generally deployed. Hackers use these exploits to access systems, exfiltrate sensitive data, or execute malicious code. Zero Trust Architecture alone is not designed to prevent Zero-day attacks, and if the Zero-day vulnerability provides the hacker direct access to a crucial system or the confidential data they are targeting, the hacker could steal that data or install harmful software without detection or containment.
Supply Chain attacks against Managed Service Providers can evade Zero Trust defenses. Supply chain attacks target third-party vendors within an organization's supply chain. These attacks exploit the trust between an organization and its vendors whose software has been breached. These attacks are particularly dangerous when they involve software networking tools or software used by managed service providers (MSPs), because attackers take advantage of the access the network tools or MSPs have to an organization's network or cloud.
Configuration Errors. Configuration errors can lead to data exposure. Even though Zero Trust focuses on verifying each access request, configuration errors that expose data directly to the internet can bypass these controls.
Insider Threats and API Misconfigurations. Zero Trust can significantly reduce the risk of insider threats by enforcing strict access controls and verification procedures; however, if an API is misconfigured to allow broad data access without proper authorization checks, insiders or authenticated users could still access or manipulate data they shouldn't.
Other methods to circumvent Zero Trust include exploiting public-facing APIs, targeting employees through social engineering or bullying, and taking advantage of shortcuts employees might create to sidestep strict Zero Trust policies.
