An expression commonly associated with Zero Trust is “never trust, always verify.”
The implication is clear—to eliminate assumed trust from an IT environment, an organization must be able to verify the legitimacy (or not) of everything within the environment.
As we’ve discussed in previous articles, this requires far more than the access and authorization capabilities typically associated with Zero Trust. It also requires a foundation in cyber hygiene… and system integrity.
How Integrity Fits Into Zero Trust
Some of the most important subcomponents of integrity in this context include:
Visibility. An organization must be able to see and communicate with all subjects, assets, and resources within its IT environment. This is a foundational concept in both IT operations and cybersecurity—but many organizations aren’t able to achieve it.
Change Monitoring and Management. Similarly, an organization must oversee everything that happens—i.e., changes—within the IT environment. This is essential to detect malicious activity.
Allowlist permissions. At every level, organizations should favor allowlists over denylists—not just for identity and access but for everything within the environment. This means:
- A device or asset should only be present in the environment if it is expressly permitted.
- Only permitted software and services should only be allowed to run.
- Only expected changes to data and files should occur—everything else is blocked.
- Permitted subjects are allowed access to defined resources—all other requests are denied.
Naturally, this approach requires a greater upfront investment of resources to establish comprehensive allowlists. However, from that point on, maintenance becomes much less resource-intensive as only unexpected subjects, resources, and changes must be reviewed. If an unexpected subject, resource, or change appears and is deemed acceptable, the relevant whitelist is updated accordingly.
An example of effective allowlists in action is Trusted Computing, which allows hardware manufacturers to control which software can run on a system by blocking unsigned software.
Configuration enforcement. Zero Trust Tenet #5 requires organizations to “monitor and measure the integrity and security posture of all owned and associated assets.” The organization must know what an asset’s configuration should be and continuously monitor for discrepancies. Ideally, configuration should be enforced so any changes to secure baseline configurations are blocked or automatically rolled back.
The simplest way to achieve this is to ensure all enterprise assets are hardened in line with an accepted standard—for example, DISA STIGS or CIS Benchmarks—and track or prevent deviations from these standards using a system integrity assurance tool.
The Missing Components of Zero Trust
Our new report ‘The Missing Components of Zero Trust,’ explains what Zero Trust really is, examines some significant gaps in existing guidance, and details the most important concepts and capabilities required for an effective Zero Trust Architecture.
Download the report to learn:
- The Core Principles and 7 Tenets of Zero Trust.
- How the Zero Trust strategy and architecture eliminate implicit trust.
- How to elevate your security posture and avoid making the most common Zero Trust mistakes.
- The answer to the question, "Does Zero Trust actually work?"
August 16, 2022