This post is also available in: heעברית (Hebrew)

“As cybersecurity professionals defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats, embracing a Zero Trust security model and the mindset necessary to deploy and operate a system engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services,” claims the US National Security Agency (NSA). The agency and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today’s increasingly sophisticated threats.

The concept centers on the assumption that an intruder may already be on the network, so local devices and connections should never be trusted implicitly and verification is always necessary. The NSA and Microsoft are recommending the zero-trust security model for critical networks (National Security Systems, Department of Defense, Defense Industrial Base) and large enterprises.

The guiding principles for this concept are constant verification of user authentication or authorization, the least privileged access, and segmented access based on network, user, device, and app.

Systems that are designed using Zero Trust principals should be better positioned to address existing threats, but transitioning to such a system requires careful planning to avoid weakening the security posture along the way. NSA continues to monitor the technologies that can contribute to a Zero Trust solution and will provide additional guidance as warranted. 

To be fully effective to minimize risk and enable robust and timely responses, Zero Trust principles and concepts must permeate most aspects of the network and its operations ecosystem. Organizations, from chief executive to engineer and operator, must understand and commit to the Zero Trust mindset before embarking on a Zero Trust path. 

To show the benefits of a Zero Trust network, the NSA gives some examples based on real cybersecurity incidents where the threat actor would have been unsuccessful if the concept had been implemented.

In the first one, the actor accessed a victim organization’s network from an unauthorized device using legitimate credentials stolen from an employee – a level of authentication that is sufficient in a traditional security environment.

Another example from the NSA is that of a supply-chain attack, where the actor adds malicious code to “a popular enterprise network device or application” that the victim organization maintains and updates regularly following best practices.

Under a Zero Trust architecture, the compromised device or app would not be able to communicate with the threat actor because it would not be trusted by default.

The NSA is now working with DoD customers in setting up Zero Trust systems and coordinating activities with current NSS and DoD programs.