Skip to main content

Zero trust is all about trust

A well-functioning society is based on trust between people - in the authorities, the workplace, the police and the healthcare system, etc. but also trust in data, applications, devices and systems. If you lose trust in the data technology elements, their use will decrease and digitalization will stagnate.

Which elements affect trust?

  • Confidentiality
  • Integrity
  • Availability and accessibility

Transferring emotional trust to the digital world is problematic and is a vulnerability that can be exploited. Trust in digital systems should be severely limited, and verification should be used both on the way in and out of critical systems.

Operate as if someone is on the inside and you are compromised!

"Trust is a vulnerability

- John Kindervag

Zero trust was developed by then analyst at Forrester Research Inc, John Kindervag, in 2010.

Why Zero Trust?

Successful attacks happen in permitted traffic

There are many good reasons why your company should use Zero Trust. Digital attacks are happening more and more often, even in companies that have invested significant funds in security equipment. Attacks can include, among other things, disruption of operations, data leakage or alteration of data. Traditionally, the focus has been on attacks happening from the outside and into systems. The attackers know this and find other ways into the systems, for example via email, VPN, RDP, Citrix, exploitation of vulnerabilities or rogue servers. If they find these vulnerabilities, the path to critical data and systems can be short.

For the vast majority of companies, data going astray will be very serious, whether it happens internally in the organization or outside. In recent years, many companies have adopted cloud storage for storing sensitive data, among other things. This makes the requirements for visibility, monitoring and control even greater. Mindsets and strategies must change to be better equipped to deal with these new threats. Attackers are constantly evolving. The defense must also be.

How does Zero Trust work?

Think security from the inside out

This type of strategy is based on never trusting anything, either externally or internally. This applies to IT components such as PCs, phones, servers, IoT etc. If an intruder finds a weakness in the system, there is a good chance that they can access critical data. Access should therefore be granted after verification, based on the fact that access is absolutely essential for someone to do their job (principle of least privilege).

In combination with such an approach, it is recommended to carry out a ROS (risk and vulnerability analysis) to map your assets, risks and vulnerabilities. Job prioritization is based on this result.

Access control is done for risk-assessed elements based on the following criteria:

  • why - who - what - how - where - when

Zero Trust is recognized for its thorough access control that is carried out for permitted traffic to reduce the attack surface to an absolute minimum. To reduce the likelihood of data leakage, outbound security will be key. Therefore, outbound access control must be carried out in the same way as inbound. Full inspection of all permitted traffic, both ways, which will require SSL decryption, as well as logging of all data traffic, is central to this type of strategy.

Never trust, always verify.

What is Zero Trust?

Zero Trust is a cybersecurity strategy that focuses on protecting data and resources, wherever they may be.

Zero Trust alone is not a guarantee of not being hacked, but makes it as difficult as possible to compromise an entire infrastructure.

Elements of Zero Trust:

  • You are already compromised
  • External and internal threats exist on the network all the time

  • Network location is not enough to build trust

  • All devices, users and communications are authenticated and authorized

  • Rules must be dynamic, and formed from as many elements as possible

1
Access management
With Zero Trust, only people with a real need to know are given access to data (need to know), and only access to data that is absolutely essential for you to do your job satisfactorily (principle of least privilege). Once access has been granted, all communication will be continuously monitored in order to stop harmful incidents.
2
Microsegmentation
By reducing access to and from the company's data, the risk of malware and hacker attacks is minimized. With Zero Trust, access will be controlled by needs and responsibilities. Micro-segmentation forms the basis that prevents internal spread if a component of the data has been compromised.
3
Logging

Successful attacks happen in permitted traffic. The success of Zero Trust depends on consistent logging of all traffic, from both external and internal sources. By continuously monitoring user behavior, it will be easier to detect any security threats.

Netsecurity is a full-service provider of security solutions and strategies

Netsecurity is a total supplier of security solutions and aims to be one of Norway's leading suppliers of cost-effective and timely solutions in security and data communication.

Alongside Zero Trust, we deliver complete security installations with traditional perimeter security, data center security, cloud security and new innovative endpoint security tools. Zero Trust has been in focus for a long time and has been central in our communication with customers for a more secure everyday life by changing the status quo to adapt to today's threat landscape in a much better way.

Jens Elmholt Birkeland

Jens Elmholt Birkeland

+47 920 23 456
jensb@netsecurity.no

Talk to us about Zero Trust

Our goal is to help make Norway more secure and to be one of Norway's leading providers of cost-effective and timely IT security and infrastructure solutions.

Feel free to contact us for more information about how Zero Trust can benefit your business!

Oslo

Drammensveien 288

0283 Oslo

Bergen

Sandviksbodene 1

5035 Bergen

Stavanger

Kanalsletta 4

4033 Stavanger

Grimstad

Bark Silas vei 5

4876 Grimstad

Kristiansand

Dronningens gt 12

4610 Kristiansand

Trondheim

Krambugata 2

7011 Trondheim

Stockholm

Kammakargatan 22

111 40 Stockholm