Forrester Research Inc. is proposing a new mantra for IT security. In his report “No More Chewy Centers: Introducing the Zero Trust Model of Information Network Security,” Forrester analyst John Kindervag suggests that we should dispense with the old Reaganism “Trust but verify” and replace it with “verify and never trust.”
[kml_flashembed movie="http://www.youtube.com/v/As6y5eI01XE" width="425" height="350" wmode="transparent" /]
Forrester says enterprises must adopt a zero trust security model because there is no reason to ever trust any packets that are passing over a network. Packets aren’t people. You can’t look at them as say, “That’s a packet that I have faith in not to betray me.” Malicious insiders and incompetent insiders alike are both real threats that no hardened perimeter can protect against. There is always the potential for a person to abuse the access they have to network resources or to be negligent with their access to those resources. You can’t afford to lower your guard on your network just because someone has presented the proper credentials for getting on a network.
So what is a zero trust security model? Forrester is promising to roll out subsequent reports that detail the architecture it has in mind and some case studies from enterprises who have adopted something like it. This first report mostly argues the case for why enterprises should consider this security approach. It’s one of the more entertaining reads I’ve had with analyst research.
In the meantime, Kindervag lays out some basic concepts:
- Use network access control (NAC) technologies to manage access to network resources tightly. Specifically, Kindervag says enterprises should consider role-based access control features from NAC vendors. Use this and other technologies to strictly enforce access privileges, giving users only the minimum of access they need to resources.
- Even then, enterprises can’t assume that people won’t abuse or be careless with the access privileges they have. Traffic must be logged, and better yet, inspected. This requires more than the log management capabilities many security professionals use. Network analysis tools that are capable of seeing and analyzing network flow technologies like Netflow and sFlow are also critical to giving network security pros a real-time view into what’s happening on their networks.
Kindervag writes that this approach will lead to more collaboration between networking pros and information security pros, because infosec folks are going to to be using the network more actively than they have in the past to monitor and secure the enterprise. NAC products and network analysis products are often implemented on the network and managed by networking teams rather than security teams, so these two groups will have to come together more than they have in the past.
I’m hearing echos in the zero trust model of what Cisco has talked about recently with its Borderless Networks strategy. That strategy is very much a network story, about providing access to network resources for users regardless of where they are, what devices they are using and how they connect those devices to the network. First and foremost this is a networking strategy for Cisco, but security is a critical piece. Cisco is aligning its security products so that network and security teams can make this ubiquitous access vision secure. I talked in depth about this concept with Cisco in my recent story on Cisco’s overall security strategy.
The concept is also relevant to other security trends we’re seeing right now. For instance, there’s a lot of chatter about the future of firewalls… about so-called next generation firewalls. Vendors like Palo Alto Networks have built firewall products that don’t rely on ports and protocols to determine whether to allow or disallow traffic in and out of a network. Instead they are building Layer 7 inspection engines that can identify traffic by application. Suddenly all those Port 80 apps that look like simple Web traffic to older firewalls are identifiable as YouTube, peer-to-peer sites and Facebook.
The concept of deperimeterization — that a secure perimeter just isn’t good enough — has been bouncing around for years now. This zero trust model seems like a logical evolution of it. It’s a nice articulation of how enterprises need to adjust their mindset toward security fundamentally. Not only is the perimeter no long the best line of defense. There is no single line of defense. You need to protect everything on your network everywhere on your network from everyone on your network.