XIV Международная студенческая научная конференция Студенческий научный форум - 2022

A zero trust architecture (ZTA) is an enterprise cybersecurity strategy that is based on zero trust principles and designed to prevent data breaches and limit internal lateral movement. This publication discusses ZTA.

ZT is not a single-network architecture but a set of guiding principles in network infrastructure and system design and operation that can be used to improve the security posture of any classification or sensitivity level . Transitioning to ZTA is a journey concerning how an organization evaluates risk in its mission and cannot simply be accomplished with a wholesale replacement of technology. That said, many organizations already have elements of a ZTA in their enterprise infrastructure today. Organizations should seek to incrementally implement zero trust principles, process changes, and technology solutions that protect their data assets and business functions by use case. Most enterprise infrastructures will operate in a hybrid zero trust/perimeter-based mode while continuing to invest in IT modernization initiatives and improve organization business processes.

Organizations need to implement comprehensive information security and resiliency practices for zero trust to be effective. When balanced with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and best practices, a ZTA strategy can protect against common threats and improve an organization’s security posture by using a managed risk approach.

A zero trust architecture is designed and deployed with adherence to the following zero trust basic tenets:

1. All data sources and computing services are considered resources. A network may be composed of several different classes of devices. A network may also have small footprint devices that send data to aggregators/storage, software as a service, systems sending instructions to actuators, and other functions. Also, an enterprise may decide to classify personally owned devices as resources if they can access enterprise owned resources.

2. All communication is secured regardless of network location. Network location does not imply trust. Access requests from assets located on enterprise-owned network infrastructure (e.g., inside a traditional network perimeter) must meet the same security requirements as access requests and communication from any other nonenterprise-owned network. In other words, trust should not be automatically granted based on the device being on enterprise network infrastructure. All communication should be done in the most secure manner available, protect confidentiality and integrity, and provide source authentication.

3. Access to individual enterprise resources is granted on a per-session basis. Trust in the requester is evaluated before the access is granted. This could mean only “sometime previously” for this particular transaction and may not occur directly before initiating a session or performing a transaction with a resource. However, authentication and authorization to one resource will not automatically grant access to a different resource.

4. Access to resources is determined by dynamic policy—including the observable state of client identity, application, and the requesting asset—and may include other behavioral attributes. An organization protects resources by defining what resources it has, who its members are (or ability to authenticate users from a federated community), and what access to resources those members need. For zero trust, client identity includes the user account and any associated attributes assigned by the enterprise to that account to authenticate automated tasks. Requesting asset state includes device characteristics such as software versions installed, network location, time/date of request, previously observed behavior, and installed credentials. Behavioral attributes include automated user analytics, device analytics, and measured deviations from observed usage patterns. Policy is the set of access rules based on attributes that an organization assigns to a user, data asset, or application. These rules and attributes are based on the needs of the business process and acceptable level of risk. Resource access and action permission policies can vary based on the sensitivity of the resource/data. Least privilege principles are applied to restrict both visibility and accessibility.

5. The enterprise ensures that all owned and associated devices are in the most secure state possible and monitors assets to ensure that they remain in the most secure state possible. No device is inherently trusted. Here, “most secure state possible” means that the device is in the most practicable secure state and still performs the actions required for the mission. An enterprise implementing a ZTA should establish system to monitor the state of devices and applications and should apply patches/fixes as needed. Devices that are discovered to be subverted, have known vulnerabilities, and/or are not managed by the enterprise may be treated differently (including denial of all connections to enterprise resources) than devices owned by or associated with the enterprise that are deemed to be in their most secure state. This may also apply to associated devices (e.g., personally owned devices) that may be allowed to access some resources but not others. This, too, requires a robust monitoring and reporting system in place to provide actionable data about the current state of enterprise resources.

6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed. This is a constant cycle of obtaining access, scanning and assessing threats, adapting, and continually reevaluating trust in ongoing communication. An enterprise implementing a ZTA would be expected to have Identity, Credential, and Access Management and asset management systems in place. This includes the use of multifactor authentication for access to some or all enterprise resources. Continuous monitoring with possible reauthentication and reauthorization occurs throughout user interaction, as defined and enforced by policy that strives to achieve a balance of security, availability, usability, and cost-efficiency.

7. The enterprise collects as much information as possible about the current state of network infrastructure and communications and uses it to improve its security posture. An enterprise should collect data about network traffic and access requests which is then used to improve policy creation and enforcement. This data can also be used to provide context for access requests from subjects

An organization looking to develop a ZTA for its enterprise may find that its chosen use case and existing policies point to one approach over others. That does not mean the other approaches would not work but rather that other approaches may be more difficult to implement and may require more fundamental changes to how the enterprise currently conducts business flows.

References:

1. "Transition from the traditional cybersecurity model to the zero-trust model" [Electronic resource].URL:https://alley-science.ru/domains_data/files/15November2018/perehod%20ot%20tradicionnoy%20modeli%20kiberbezopasnosti%20k%20modeli%20nulevogo%20doveriya.pdf

2. Zero-trust network access — a marketing term or a real tool? [electronic resource].URL: https://www.anti-malware.ru/analytics/Technology_Analysis/What-is-Zero-Trust-Network-Access

Https://www.anti-malware.ru/analytics/Technology_Analysis/What-is-Zero-Trust-

3. «Zero_trust_vision_paper_final» [электронный ресурс]. url – файл:///c:/пользователи/пользователь/загрузки/zero_trust_vision_paper_final%2010.28%20(1).pdf