Graph Image
Invictus Insights

From Hero to Zero: The Zero Trust Adventure

By: Kyle Boyles, PhD - Senior Director of Cyber Security Defense

Why the Change from Defense in Depth and Perimeter Security?

The traditional approach to cybersecurity focused on barriers, such as firewalls to control traffic coming in and out of the network. Zero Trust assumes there are no physical or logical barriers, think cloud and shifting perimeters, and IT system will be breached, hence do not trust anything. ZTA focuses on network micro-segmentation, which is separating security edges into isolated security zones to keep up independent access for isolated pieces of the organization. All traffic is logged, inspected, and resources are accessed using dynamic and static attributes to derive confidence levels for contextual access to resources

The Invictus ESITA Zero Trust Team has been helping our customers navigate the complexity of planning and implementing the Department of Defense Zero Trust Reference Architecture framework. We bring years of experience in the cyber defense realm coupled with industry-leading certifications including the new Forrester Adopting Zero Certification to provide innovative and technical proven solutions to develop a zero trust journey strategy to meet mission objectives. The zero trust journey is not an acquisition but a fundamental shift to protecting the data.

Forrester created the term “Zero Trust” to highlight the numerous trust assumptions made in various security architectures. Organizations can no longer assume internal network traffic is legitimate or that user or device access credentials accurately establish identity. Trust must undergo a continuous, risk-informed assessment that provides a trust score to protect the data. Key concepts are 1) Continuous Diagnostics and Mitigation to verify users’ and endpoints’ identity trust scores, 2) Network and application isolation to prevent lateral movement.

Zero Trust Architecture in Plain Language

Zero Trust can be explained by using the airport security model allowing anyone to gain access to all departure areas once the traveler’s identification and boarding ticket have been verified at the TSA checkpoint. The traveler is allowed unrestricted to all terminals, even the terminals where the traveler’s flight is not located to access shops, restaurants, boarding gates, or can even exit the terminal. The zero trust model requires the traveler to present their credentials and boarding passes for screening when visiting shops, restaurants, and other boarding gate areas because no one is trusted. The traveler who buys an item from a store to carry on the flight now requires additional screening since the traveler’s TSA trust score has changed. The traveler is screened before entering another store, exiting the store, screened again as they make their way toward their departure gate, and screened again entering the walkway for boarding. The burden of having numerous security control points would be labor-intensive, expensive, and would create long waiting queues to gain access to services. Automation and orchestration are key digital services to provide rapid security screening and trust scores to successfully implement zero-trust strategic initiatives.

Zero Trust framework provides a proven tool to achieve its enterprise data-centric strategy by providing the cybersecurity tools and organizational policy controls necessary to secure assets regardless of function, deployment, and data format type. This strategy will also provide insight to prioritize the skills and capabilities necessary to secure emerging technologies, such as quantum encryption and blockchain to facilitate the adoption of cloud and service model resources. A mature Zero Trust environment fosters innovation by having security controls baked into the infrastructure mitigating risk by ensuring applications and services are confined to the macro or micro-segment of the infrastructure. Zero Trust pillars provide the framework for end-to-end visibility, context, and threat remediation for managed and unmanaged devices to protect users, applications, and data from cyber threats. Device discovery and classification content provide a risk and threat assessment measurement referred to as a trust score to discover managed and unmanaged devices. Device risk management requires real-time monitoring of device characteristics to detect malicious behavior with cybersecurity tools for remediation. Secure Access Service Edge (SASE) combines security, networking, and security architecture strategies using cloud-native security technologies to provide seamless and secure access to applications, anywhere from any authorized device and user.