By Vince Lujan Posted March 20, 2019
Finding the best Zero Trust Security solution to suit your specific IT environment is critical, but therein lies the challenge as well. After all, the Zero Trust Security model stipulates that all sources of network traffic are regarded as potential attack vectors that must be tirelessly authenticated and authorized for user access.
As such, certain network architectures and strategies are perhaps better suited to support a Zero Trust Security initiative than others. So, before you can determine the best Zero Trust Security solution for your IT organization, it is important to understand the approach you would like to take and do an inventory of your existing solutions.
Overview of Zero Trust Security
Recently, the concept of Zero Trust Security has been making some waves. While the construct isn’t new, it does seem that the time has come for this security model to take hold.
At its core, Zero Trust Security espouses that the network and its components are untrusted, which means that they need to generate trust when they are used. Fundamentally, this model goes against the traditional idea that there is a network perimeter and that inside that perimeter is safety and outside is dangerous.
Historically, this concept was known as the domain, and there were network security components protecting the internal domain from the external Internet. This perimeter based model was implemented using tools like Microsoft® Active Directory® (AD) and the AD domain controller along with firewalls and VPNs.
Users would either VPN into the corporate network or log in on their Windows machine and have access to their IT resources. It worked well while the network was virtually all Windows-based and on-prem and with less security threats.
Today, networks are far more fluid with WiFi, web applications, cloud infrastructure, and more, which has resulted in the advent of new security models along with the new tools and technology to support them. The Zero Trust Security model attempts to build trust one layer at a time – i.e. the user is who they say they are, their device / machine can be trusted, their connection to the IT resource is secure, and their access rights to IT resources are valid.
How Does Zero Trust Security Work?
At each step, the Zero Trust Security model leverages tools and technology to assist users and IT admins to make the process seamless. At the foundation of the Zero Trust Security model from a solutions perspective is your identity and access management platform.
This directory service or identity provider (IdP) will ensure that the right people have access to the right IT resources. Access starts at the person’s Windows®, macOS®, or Linux® laptop or desktop, which is tightly controlled by the IdP and ideally includes multi-factor authentication (MFA) to further verify the person’s identity. Once they have accessed their system, that system then becomes their gateway to whatever IT resources they need. As a result, the best IAM solutions will also ensure that the system is secure through policies and the addition of tools such as anti-virus.
As the system then connects to IT resources via the network, solutions such as RADIUS and 802.1x ensure that the connecting user and device are safe and place them in the proper network segment. By using dynamic VLAN assignment, IT admins are layering another level of trust into what services may be available to that particular user and device. Then, finally, when accessing IT resources such as AWS cloud servers, web applications such as GitHub and Slack, and Samba file servers and NAS appliances, each login is properly authenticated ideally using strong factors such as long passwords, SSH keys, MFA/2FA, or other mechanisms.
The best identity and access management solution will support these needs as well.
The Best Zero Trust Security Solution
The best Zero Trust Security solutions support a wide range of these needs including identity management, system management, and secure network access. A modern cloud identity management platform called JumpCloud® Directory-as-a-Service® is supporting these needs.
Contact JumpCloud to learn more about the Directory-as-a-Service platform, and to see how it can support your Zero Trust Security initiative. Of course, you can also sign up for a free account and test it for yourself. We offer 10 users free forever and extensive documentation to help you get started.