Moving toward zero trust: Protecting data as a strategic asset

The National Security Agency recently released its Embracing a Zero Trust Security Model, reinforcing several design principles of zero trust. Two of these principles are especially apt in light of the latest supply chain hacks: “Breach is inevitable or has likely already occurred” and a “deny by default security policy.” These tenets should be the minimum acceptable practices for cyber defenders in the Department of Defense and throughout government.

The NSA document also recommends that an organization invest in identifying its critical data, assets, applications and services. It goes on to suggest placing additional focus on architecting from the inside out, ensuring all paths to data, assets, applications and services (DAAS) are secure, determining who needs access, creating control policies and, finally, inspecting and logging all traffic before reacting. These practices require full visibility into all activity across all layers -- from endpoints to the network (which often includes cloud) -- to enable analytics that can detect suspicious activity.

Visibility from endpoint to cloud

Fundamentally, every organization knows it must understand what assets it has as well as the purpose and value those assets deliver. That sounds simple in theory, but in our experience, most organizations have yet to fully realize all the benefits their assets can provide beyond operational performance indicators. The first step toward realizing those benefits, as NSA points out, is to have full visibility of all activity across all layers, endpoints, networks and clouds to enable analytics that can detect suspicious activity.

Yet full visibility of all activity across all layers, especially for a large organization like DOD, is a tall order -- if it’s even possible. Having that dictum in the NSA document is a reminder that every asset class represents a risk vector and must be accounted for in zero-trust planning.

These assets combined with the correct telemetry data also serve as a powerful sensor grid -- essentially an organization’s local source for threat intelligence. When architected correctly, the sensor grid serves as an extremely effective weapon against adversaries, becoming an early warning system that can even initiate proactive defenses. As agencies begin to combine global and local threat intelligence, their defenders can become more proactive and prescriptive by leveraging artificial intelligence-powered pre-emptive guidance, analytics and intelligence. This is only possible when agencies have full visibility across an entire sensor grid.

Recognizing the value and capabilities of a modern sensor grid allows agencies to leverage the grid’s ability to share threat intelligence across those sensors in real-time, mitigating threats and becoming more proactive. It’s then possible to defend against attacks in their planning stages instead of, at the moment of attack, asking, “Are we at risk? How bad is it? How do we fix it?” Once an organization has a modernized sensor grid, it is one big step closer to embracing a zero-trust security model.

DAAS protection. protecting critical data assets in real-time

Another important step in achieving NSA’s zero-trust model is ensuring all paths to DAAS are secure along with determining who needs access and creating control policies to enforce the desired security model.

As DOD continues its migration to cloud services, it becomes increasingly difficult to control the aperture, distance or location where sensitive data can flow. Most cloud services bring a wealth of collaboration capabilities designed to quickly distribute content both inside and outside an organization’s boundaries. While valuable, this compounds the challenges of protecting data and introduces additional risk, requiring advanced user behavior controls to minimize the exposure.

Moving from basic conditional access control and identity management capabilities toward the intermediate and advanced stages of data protection requires implementing granular control policies with dynamic attribute-based contextual access to DAAS resources. This entails incorporating data loss prevention along with user behavior information to ensure trusted users have not been compromised. That determination process is aided by advanced user behavior tracking and analytics, which provide oversight and continuous monitoring, giving defenders real-time decision support.

For example, privileged escalation tactics, or lateral movement across a network or access requests to specific DAAS resources, could be signs that a trusted user’s credentials have been compromised. This type of violation may trigger multiple remediation actions including an adaptive re-authentication and authorization process or -- depending on the severity of the breach in policy -- an isolation of the user to a quarantine state until the issue is resolved.

Obtaining visibility from endpoint to cloud and protecting critical data assets in real time are two of many approaches to adopting advanced zero trust capabilities in the DOD environment. Additionally, in the spirit of the NSA zero-trust guidance, zero-trust planners should start with the outcome in mind and visualize their situational awareness dashboards, invest in creating awareness and a culture of zero trust at all levels of the organization. Finally, agencies must trust but verify all controls by executing operational readiness testing [red teaming] as frequently as possible.