When it comes to networks, trust can be a very dangerous thing. A lot of networks, in fact, are going to what's called a “zero trust” model to reflect this new reality and it's really rather unconventional in terms of network security. But at the same time, it might be just the model to ensure the greatest degree of security for a network possible similar to NetFlow, a robust network traffic analyzer tool.
In a “zero trust” model, the network starts with the assumption that not even the internal network can be trusted, according to recent blog post from NetFlow provider Plixer. Zero trust. None at all. Inside or outside, everyone's just as likely to be a threat as anyone else. In order to establish a “zero trust” network model, the network is built into multiple segments and employees are actually kept away from critical resources.
The predecessor of “zero trust”, commonly called the “inside / outside” model, essentially figured that, if it managed to get on the network, it must be trustworthy. Thus, the larger Internet, Extranet users, and the various partners and VPN users were kept segregated from those on the internal, corporate network. Since there was little in the way of wireless connectivity around—it's easy to forget that Wi-Fi wasn't always available in the office and no one had even heard of an iPad even just five years ago—the “inside / outside” model made plenty of sense. Most of the connections were wired and smartphones and tablets weren't in play so getting on the corporate LAN without corporate credentials was fairly difficult.
“Zero trust”, meanwhile, assumes that everyone may be a bad actor in disguise, acting accordingly. Originally created by John Kindervagg from Forrester Research (News - Alert) in 2010, the “zero trust” model works within multiple levels of security, with one level being for internal users and a second level for external users. It's similar to “inside / outside” in that there's less security for inside users, yet actually establishes security on those inside users instead of just trusting them to not be evil.
“Zero trust” is great for security, but has a high cost in the form of rules-based management for the firewall which suddenly becomes a much more cumbersome task. Much in the same way a paranoid person will check the locks on his front door incessantly, not trusting any user means a whole lot of trouble just to get users access to the things they actually need. Luckily, things like Cisco (News - Alert) Trust Sec look to make the process easier to implement and manage, which is exactly what this system needs given its lack of trust in anyone else in the system.
While this type of network may not be easy to implement, with the increased focus on security necessitated by the growing bring your own device (BYOD) movement it's certainly worth taking the time to set it up. As the process grows easier and more efficient with better security programs coming into play, it makes establishing a “zero trust” model more feasible and thus more likely to come into being with each successive improvement.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Jamie Epstein