Everything you need to know about zero trust network architecture (ZTNA)
“A good portion of our job is to research what is happening in the attacker world, and according to the FBI there has been a 400% increase in successful breaches year over year,” says Kevin Switzer, Ingram Micro technology consultant. He continued, “Key assets that attackers are going after are usernames and credentials, which are typically accessed through phishing attacks. Getting logins is the name of the game, and remote work created a lot of new vulnerabilities. Employees were distracted by the shift, and not as tuned into security if they were working from their desk.” This underscores why zero trust is so important, because it creates a foundation in which no person is trusted and automatically provided access. In fact, a frequently used phrase within zero trust is “trust nothing, verify everything.” Switzer provided us with steps to implement ZTNA framework:
Step 1 - Start by determining DAAS
DAAS stands for data, assets, applications and services. Data refers to all the assets that we’re focused on, and organizations need to categorize it by what is most and least important. What’s the “gold chest” and needs security to the highest degree? Assets refer generally to endpoint devices. Applications refer to applications accessed both on-premises and in the cloud. Services refer to exactly what you’d expect—services the company offers to their customers.
Step 2 - Establish micro-perimeters
Divide up all the different types of DAAS. Who or what job roles should have access to what areas of your network? Be critical in the establishment of the micro-perimeters—this is the foundation upon which zero trust is based.
Step 3 – Determine access
Determine who should have access to which DAAS. If you work in sales, you don’t need access to all the HR information. Determine access by role.
Step 4 - Verify identities
The first step to verify a level of zero trust is to verify identities to protect against stolen credentials. This is achieved through multifactor authentication (MFA), which allows access based on something you have, such as a token or text code, in concert with something you know, like a user login. Another popular option is a facial ID or thumbprint (cell phones). This step is simply to determine that the user is indeed who they claim to be.
Step 5 - Verify device health
Even though the identity of the user is now known, zero trust network architecture posits companies should not trust that their device is up to date. Out-of-date or compliance devices can open up holes on the network which can then be exploited. Switzer elaborates: “You’ve verified that you are who you say you are, but we still don’t trust you—we need to do further digging.” The network also needs to ensure the device health, that antivirus is running, that operating systems are up to date and that other applications are appropriately patched.
Step 6 - Prevent data hoarding
Now that we have verified identity and a healthy device, the last step is preventing data hoarding or unauthorized data access. This could include tracking of usual login times, commonly accessed data and how much one typically downloads to a device. Monitoring data hoarding, or downloading above-average amounts of information, can potentially alert that an attacker got through all the security mechanisms to get information. This activity could also point to a rogue employee stealing info.
Step 7 – Monitor and maintenance
ZTNA is not a one-and-done situation. Companies need to monitor and maintain networks, identify suspicious behavior, hunt for threats, investigate anomalies and respond. As business goes on, employees shift jobs, projects go on and people will have access to DAAS they may no longer need. Always be conscious that even though micro-perimeters are established, they need to be monitored and updated thusly.
Consider the following when not only establishing your zero trust network, but also on an ongoing basis:
Ingram Micro’s Cybersecurity Delta Force is here to help you determine what ZTNA looks like in your environment and what tools can assist you in getting there. Leverage our team to help work through available options that meet your needs and maximize security posture.
Zero Trust 101
Get an introduction from Kevin Switzer, technology consultant II at Ingram Micro, on zero trust network architecture (ZTNA) and why it’s more important than ever to “trust nothing, verify everything.”
Zero Trust 201
Take a deeper dive into zero trust network architecture (ZTNA) with Kevin Switzer, technology consultant II at Ingram Micro.
Zero Trust Specialists