“Users inside a network are no more trustworthy than users outside a network”
That’s a quote from the Oversight and Government Reform Committee in the latest 231-page OPM breach report. The report highlights an important solution for preventing data breaches: implementing the Zero Trust Model.
What is the Zero Trust Model?
Developed in 2009 by Forrester Research, the Zero Trust Model enlists enterprises to inspect all network traffic, from the outside and on the inside.
John Kindervag, senior analyst at Forrester says:
“We have to know what’s going on in our networks. Users can’t have willy-nilly access … they will either inadvertently do something bad and maybe get fired for it or illegally access data they actually had access to.”
Zero Trust Model Doesn’t Mean You Don’t Trust Your Users
The name of the model seems to imply that it’s the end users you can’t trust. Nothing is further from the truth! Zero trust instead refers to tracking the network traffic, auditing, and access control.
There are three principles underlying the Zero Trust Model.
1. Ensure all resources are accessed securely regardless of location.
This first concept really emphasizes that you must protect internal data from insider threat in the same way you protect external data.
When it comes to choosing where your data is stored, there are no simple answers. Should you choose the public cloud? Private? Hybrid? Click here for a breakdown of the dilemma.
2. Log and inspect all file and email touch.
Zero Trust advocates two methods of gaining network traffic visibility: logging and inspecting.
Yes, log internal network traffic. For instance if someone deleted your file, how would you find out who?
3. The third key concept is the least privilege model
Least privilege is a way of saying that users only get access to only what they need in order to get their job done. The principle of least privilege, is also often equated with the military ‘need to know’ rule, which is one of the most referenced security principle.
When employees are with a company for a long time, they change jobs, departments, and responsibilities. Temporary projects often require temporary access, but temporary access also has a way of becoming permanent. Sometimes permissions are granted accidentally.
As a result, users end up with more permissions to data than they need. But no one ever calls the help desk to complain that they have too many permissions – so it’s really important that you’re working towards a least privilege model.
First, analyze a user’s activity. If he stops accessing data, then you can probably just disable his account. However, double check by correlating his access activity with his security groups’ activity. Even if the user no longer accesses data granted to him by a specific group, it doesn’t always mean he no longer needs access.