Page 227 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 227
Zero Trust: Security Model for A Fluid
Perimeter
By Debanjali Ghosh, Technical Evangelist, ManageEngine
The concept of a network being fully enclosed within a building, and therefore easier to defend is gone.
Recent trends in cloud computing, BYOD, IoT and remote work have forced organizations to rapidly
adjust their security strategies to accommodate the new threat landscape. External attacks and malicious
insider threats emerge one after another, and traditional security perimeters fail to fulfil the urgent need
for comprehensive network security.
With remote work comes a string of considerations that require security professionals to change
their approach towards perimeter-based security models. Everyone within the corporate perimeter is
trusted by default in a castle-and-moat approach. Therefore, once the attacker gains access to the
network, they are free to move around, initiate ransomware attacks, and exfiltrate sensitive data onto
their systems. This is where Zero Trust emerges. The Zero Trust security model considers all resources
with suspicion, irrespective of the location. All inbound traffic and entities undergo strict authentication
before access is granted. In a Zero Trust security model, the fundamental basis of "trust" is based on
fine-grained access control and contextual authentication.
NIST, the National Institute of Standards and Technology, is among the most widely recognized federal
agencies for cybersecurity guidance. NIST's Special Publication 800-57 provides organizations with a
detailed blueprint for implementing Zero Trust architecture to tackle organizational security risks. Zero
Trust is a journey involving assessing, planning, and constructing the new generation network security
architecture gradually. This whitepaper provides an overview of the fundamentals of Zero Trust and the
components of migration methodology. Furthermore, it discusses the deployment scenarios of Zero Trust
in detail, where risk-based adaptive authentication and policy-driven algorithm optimizations are crucial
constituents to reduce implicit trust zones.
227