Zero trust is a tricky business. Organizations constantly have to make high-stakes decisions involving trust, balancing risk with employees’ need to remotely access technology, anywhere and anytime. In a never-ending fight against breaches, how can organizations make the best decisions about access? Zero trust seems like the obvious answer, but implementing a true zero trust system is more challenging than one might think.
According to NIST Special Publication 800-207, “Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. Zero trust architecture is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.”
Zero Trust Challenges Put Security at Risk
The idea behind zero trust was to prevent a user’s credentials from being compromised. However, rather than a panacea for all security woes, there remain a large number of zero trust challenges. Unlike the name implies, a lot of trust must actually be exercised. Access to resources and authorization are still given out constantly. Implementing zero trust doesn’t mean zero things are being trusted, and many firms should rethink their remote access strategy as a result.
Zero trust often relies on an authentication system, such as a single sign-on provider. However, these solutions can create a dangerous single point of compromise. The SANS Institute defines single points of compromise as, “Key enterprise central services that could be misused by an intruder or an insider to compromise critical portions of an enterprise’s computing environment. When determining what services should be classified as a single point of compromise, consider services where a compromise would allow login or root login on many assets within the environment, ensuring a complete ownership of the institution’s environment by an adversary.”
What often happens is a bad actor will compromise a SSO provider, issuing credentials to themselves and logging into any and all systems, moving laterally through the environment undetected. Once in a system, attackers may escalate privileges until they own the entire architecture.
A Guide to Implement True Zero Trust Security
It’s clear that the pitfalls of zero trust are enough to give you trust issues. How can organizations create true zero trust access without introducing a single point of compromise? We have the zero trust implementation guide for you.
In BastionZero’s new eBook, From Zero to Trustless: A No-Bull Guide to Zero Trust Access, you can learn more about traditional approaches and their challenges, understand the growing need for true zero trust, and see how BastionZero provides multi-root authentication while maintaining zero entitlements to your systems.
Cancel your therapy appointment, BastionZero has your trust issues sorted. Download the eBook here.