What Is a Zero-Trust Architecture and How Does It Compare to Traditional Network Designs
If you pay attention to cybersecurity and networking trends, you may have heard a lot of talk about zero-trust architecture. Zero-trust was even mentioned in the Executive Order on Improving the Nation’s Cybersecurity.
Hi, I’m Jeremy Dodson, CISO here at NextLink Labs, and today we are talking about what zero-trust architecture is and how it can benefit your organization.
Traditional network architecture takes on a castle defense design, with users, devices, and applications on the outside considered untrustworthy.
Those on the inside, behind the perimeter defenses, are considered trustworthy and are generally allowed to freely traverse the network.
This traditional design has become problematic for several reasons. Here's two issues with traditional network architectures.
Dangerous Assumptions with Traditional Network Architectures
First, the assumption that any user or device behind your firewall is authorized and well-intentioned, is dangerous. Malicious actors may gain access to your network through unexpected vectors like web connected printers, cameras, or misconfigured tools. Once inside, they can move laterally to their real target, your data.
This design also allows internal users to intentionally or unintentionally compromise data or disrupt critical systems.
Traditional Strategies Don't Reflect Modern Techniques
Second, modern designs no longer reflect the binary ‘inside or outside’ architecture. With the increasing prevalence of cloud hosted data and workers accessing the network remotely, it’s time to rethink secure network design.
Zero-trust architecture design addresses these concerns by assuming everything is untrustworthy. Trust is only granted after strong authentication and authorization controls are passed.
In addition to these controls, filtering, analytics, and logging are employed to monitor activities within the network. Many tools and services are available for organizations who want to implement zero-trust principles. If you choose to use these third-party offerings, ensure your team is properly trained and the tools are configured to fit your organization.
If you want to know what others are doing to integrate zero-trust and modernize their security measures, reach out to us here at NextLink Labs. We would be happy to answer any questions to support your organization and your endeavor to improve your cybersecurity program.
As always, stay safe, stay secure, and stay curious.