Cover Feature
Zero trust security
A step in the right direction for cyber hardening
T By Annu Singh
raditional security focused mainly on external threats, working on the assumption that internal actors are trustworthy and mean no harm – this was sometimes referred to as the castle and moat model since effort was mostly expended on counter intrusion – i.e. keeping the bad guys out. The disadvantage of this model is that once an attacker has gained access, they have full control of the systems, without any further hindrance. With cloud computing, data is dispersed and distributed across the infrastructure, limiting the efficiency of this perimeter-centric security approach. Zero trust security systems recognise that threats can be from anyone, including insiders. Zero trust treats both internal and external actors the same and continuously evaluates person or system behaviour and actions, identifying and eliminating potential threats. In zero trust, a risk score is calculated, based on the evaluation of several parameters of defined legitimate/sanctioned factors of an individual’s behaviour. These parameters range from basics like a user’s physical location, an IP address, authorisation and permissions to advanced clearances etc. If the risk score exceeds the approved threshold, the actor is locked out of the network, or required to undertake additional checks (such as a second factor of authentication or one-time password).
68 | Australian Cyber Security Magazine
Zero trust systems are based on 4 key principles, as follows: 1. Never Trust, Always Verify: Attackers can be both internal or external to the network, no users or machines should, by default, be given access. 2. Need to know basis: Users should be given the minimum access privileges i.e. Only on what they need to know to minimise the threat and risk exposure to the network. 3. Micro-segmentation: In micro-segmentation, the security parameter is broken into smaller zones, to control authorisation and access to these zones. A user may have access to only a specific zone and not the entire network. 4. Multifactor authentication (MFA): In addition to password, MFA requires additional information to authenticate the user to gain access. The most common form of MFA is two factor authorisation (2FA) in addition to passwords, users who enable 2FA for the authorised services must also enter a code, which is sent to another device, such as a mobile phone, thus providing two pieces of evidence to authenticate their identity and authorisation.
