By Johna Till Johnson
Zero-trust security sounds like motherhood and apple pie: one of those things it’s hard to be against, even if you aren’t quite sure what it really means to be for.
To a cybersecurity professional, zero-trust sounds like the only rational stance: Trust nothing and nobody. That seems a lot safer than running the risk of being too trusting, and putting the organization at risk.
But zero-trust is actually a catchy (though slightly misleading) term for fundamentally rethinking how an organization structures its cybersecurity, and particularly its network security infrastructure.
Let me explain.
First off, there’s no such thing as true “zero-trust”. If you really don’t trust anything or anyone, you’re limited to crunching numbers via abacus in a locked room—not very effective.
So “zero-trust” is really more about distributing trust across the enterprise network in small enough network quanta that breaches aren’t fatal, because no single breach can take down the enterprise.
But that’s not all. Zero trust also implies policy-based, dynamic control over different network components, so that technologists can turn connections off and on depending on the needs of the application.
That sounds pretty abstract, so let me try and use some concrete analogies.
Traditional security is based on the concept of a “firewall”, which comes from the military (the army, to be precise). The idea is that the area within the firewall is secured, and the area outside it is dangerous. It’s a broad-brush approach to security: Outside equals bad. Inside equals good.
Zero trust security requires replacing traditional firewalls with what we like to call “deep segmentation”: a highly segmented network infrastructure that protects each component, and permits communications between components only where “greenlighted”. In other words, the concept of “the network” (the physical network itself) is replaced by multiple layers of virtual networks, each of which comprises a small circle of assets that can talk to each other in specific ways.
Instead of a firewall, in other words, think of a bulkhead. Bulkheads protect ships by containing any potential damage. If a bulkhead is pierced, it may fill with water, but the ship won’t sink.
Now let’s go one more step, and think of a ballast tank. Ballast tanks are essentially bulkheads that can be filled with water or air to control the movement of a ship. In particular, ballast tanks are an essential part of what makes submarines submersible.
In other words, ballast tanks are policy-controlled bulkheads that deliver granular control of the ship.
And that’s the key concept of zero-trust security: policy-based control over when and where something is greenlighted. That policy can change with time, just as ballast tanks are sometimes filled with water and sometimes filled with air, depending on whether you want the submarine to rise or submerge.
The beauty of zero-trust security, in other words, is not that it’s “zero” trust. It’s that it’s policy-based, centrally-managed, highly distributed trust that gives enterprise technologists granular control of the environment.
And it’s as different from traditional security as a submarine is from a surface vessel.