What are the pros and cons of adopting zero trust security?
As an industry best practice, Zero Trust Security has gained much respect in recent years as the recognized way to prevent insider threats and increase the overall security of a company’s network. Many in the cybersecurity industry are of the philosophy that a breach is inevitable, and using microsegmentation – a recognized improvement on just network segmentation – can effectively prevent the lateral movement of any attacker and limit unapproved access across data centers and cloud environments.
The principle behind Zero Trust Security is that every application, every device, and every person is considered “guilty (or perhaps we should say “compromised”) until proven innocent” and must be monitored, checked, and verified before they are granted access to a system. While Zero Trust Security can be a massive boost to a company’s security posture, it’s not without its drawbacks. With the proper preparation, however, security teams can mitigate against potential hurdles while enjoying the benefits.
Con: More applications, devices, and users to monitor
One of the more apparent downfalls of Zero Trust is the inevitable increase in the management of devices and users. The number of applications, devices, and users to monitor and manage increases under this system, seemingly making management more challenging.
Each user (and department) must be individually registered. Each application will need to be found and its relationships and dependencies mapped.
At first glance, this can be a significant amount of work, especially when employee users need to be monitored more closely, applications in development need ongoing security support to ensure compliance, and misconfigurations and system vulnerabilities bring new risks and vulnerabilities as time goes by. Additionally, users can go beyond employees, with customers, clients, and third-party vendors also using the company’s systems, programs, software, or accessing data. This means there’s a wide variety of access points, and a Zero Trust framework requires specific policies for each type of group.
The bulk of Zero Trust monitoring and setup can, thankfully, be safely automated. Behavioral workload protection tools exist to make the lives of busy cybersecurity teams easier and mitigate this problem with surprisingly little investment; compared to the team hours involved in doing this manually.
Pro: Reduce susceptibility to insider attacks
One significant advantage of Zero Trust is that it can decrease a company’s vulnerability to insider threats – be they malicious or accidental. Monitoring every device, program, and person in the system and requiring them to be verified before they are granted access makes it much harder for suspicious activity to occur on the network. As a result, the Zero Trust model can better secure the company, especially from in-network lateral threats that could easily manifest under other security models.
Con: Zero Trust can take time security teams don’t have
Zero Trust takes time and significant effort to set up effectively. Sometimes, it may seem that an organization needs to start its framework over again, and organizations can struggle with properly configuring the tools they already use. Not all applications, for example, provide the means of initiating least privilege, which is the backbone of Zero Trust philosophy. Additionally, reorganizing policies within an existing network can be difficult because it still needs to function during the transition.
Time-saving tools exist that use their own or existing agents to significantly help in workload hardening, throttling lateral movement, and deploying microsegmentation best practices. This can prevent the need to start from scratch when legacy systems seem incompatible with the Zero Trust framework or environments are complex with poor visibility into their architecture and existing communication paths between applications.
Pro: Discovering user identity and permissions
Deploying Zero Trust Security gives organizations insight and visibility into who and what has access to what, and how people and applications are using those connections. Knowledge is power, and visibility is a critical part of anomaly detection and real-time response.
When individual accounts and applications are secure, the entire network is more secure. By implementing a Zero Trust security strategy, companies can deploy a solution for continuous monitoring and logging of asset states and user activity based on a defined baseline of common activity and confirmed and continuously validated against CIS benchmarks. Having a reliable standard to compare against, as well as ongoing verification of approved behavior, including tracking changes in versions, modification dates, content, and checksum discrepancies, is crucial for a timely response. Furthermore, this allows for the flagging of genuine risks against predefined rules to ensure minimal alert fatigue and genuinely actionable insights.
Through the process of having each individual account and application separately registered, it becomes easier to track and monitor employee and program activity across a system. By categorizing users, devices, and applications, security teams can grant access to data and accounts as necessary in relation to their actual tasks.
Con: Data, data, everywhere…
Zero Trust naturally leads to more data and connections to secure, and modern compliance and regulatory standards require clear evidence around critical file changes and data handling security. Having your data in multiple places means multiple places to monitor and secure, which can be difficult if a company has limited IT staff.
Many organizations are moving to the cloud as remote working becomes more prevalent and applications and devices require access to data from more sources.
Current management and monitoring tools are inadequate for identifying potential risks in workload configurations or detecting malicious activity precisely, often resulting in a high volume of false alerts.
Any cloud workload protection solution must adapt to unusual activity and provide protection for both on-premises and cloud workloads.
Pro: Narrowing the attack surface
Dividing data access into smaller segments, down as granular as the individual workload level, makes it more secure. By reducing an attacker’s ability to travel laterally around a network by piggybacking on accounts, it prevents them from gaining access to large amounts of information. In a Zero Trust model, access to data is not granted to all users but instead is segmented according to type, sensitivity, and purpose. The same applies to programs and how they talk to each other and how they access information. As the potential attack surface is reduced, critical or sensitive data is better protected.
Change is never easy
41% of organizations report that Zero Trust adoption has visibly reduced breaches [TrueFort/ESG], and it is considered the best practice protection framework for agile business growth and lateral protection.
Initiating microsegmentation across the enterprise is the industry-recognized best practice for Zero Trust, and while there may be hurdles to adoption none are insurmountable with the right strategy, preparation, and tools.