Today’s Cyber Security scenario is constantly changing. New zero-day threats, fileless attacks and intrusion techniques challenge organisations, who struggle to keep their data safe.
Examining these two facts we realise how the transition from the world of SMSs to one of the apps and social networks happened quickly and ubiquitously. If we were asked today to leave our smartphones at home for a week, we probably wouldn’t be able to maintain our normal routines.
Moreover, SaaS models such as MS Office 365 were released only years later, thus the “as-a-Service” concept was far from being spread and very few organizations adopted “Bring-Your-Own-Device” policies.
The 'castle approach' in Cyber Security
This was mainly due to the lack of IoT and smart devices: the ones in use at that time were not able to threaten a network - sometimes not even to connect to it. It is noteworthy that just a few organisations depended on cloud computing, and most of the adopted services were hosted on-premise. Cloud had yet to have a major effect on business.
At this time the typical security approach was what we call the “castle approach”, in which the boundaries of the network were protected by the firewall (the walls of the castle). The latter monitored the main entrances to the internal network making sure that requirements such as source and destination address, source and destination port, protocol and application-level control, were met (the guards at the gates of the castle).
A key idea is that once the traffic had been allowed inside, then it was assumed to be intrinsically secure. Consequently, there were often no authentication or authorisation procedures in place, internal traffic was often not encrypted and no micro-segmentation was implemented.
Such a model is no longer suitable in today’s heterogeneous networks. The technological advancements since 2008 have created devices that are often constantly interconnected with each other and their respective central management servers in the cloud in order to provide smarter and more reliable services.
A fading network perimeter and bigger exposure to cyber threats
Priorities have shifted and the idea of a well-defined organisation’s network perimeter fades away as the number of cloud services and connected devices increases. As the adoption of this change takes place, the bigger the exposure to threats becomes: the attack surface keeps increasing, together with the number of increasingly sophisticated techniques to penetrate into the network.
Today’s applications break down the walls of the castle as data flows freely in and out of the castle.
Nowadays is quite difficult for organisations to clearly define the location of their data and the devices it resides on such as IoT, smartphones, smart printers, Cloud applications, SaaS, IaaS and personal devices. Employees, contractors, partners and customers are all playing a role in data generation, handling and processing.
We could state that fixed network boundaries don’t exist anymore. Data is travelling around in numerous locations across several countries and parties. As a consequence, keeping track of it becomes complex and time-consuming.
As with the Castle model (whereby people were trusted once they had entered the castle grounds) so networks often rely on trust in providing access to services and resources. Such trust can be based on people, location, or both. This trust has been at the base of the traditional approach to Cyber Security: trust the network, the IP address, the VLAN, the user, etc.
Unfortunately, while such a model was considered reasonably secure within the well-defined networks boundaries of the past, it becomes increasingly ineffective in protecting access to resources in heterogeneous environments like the networks of today, in which we can’t really control all of the entry points.
A new Cyber Security paradigm in 2020
A new Cyber Security paradigm becomes necessary; thus, the approach shifts towards the so-called “Zero Trust Model”. The statement at the base is “Never trust, always verify”.
Network resources, internal IP addresses, servers and services should be accessed through authentication and authorisation procedures, per means of access requests, adopted everywhere and every time. Such a strategy gives users and devices only the strictly necessary entitlements to perform their tasks: additional permissions have to be explicitly requested and granted each time necessary.
The key aspects can be summarised in the picture below:
- The internal network is assumed as potentially hostile, and its traffic should be treated as Internet traffic. Thus, encryption should be implemented to secure communication. Protocols such as MACsec and securing M2M communication are some examples of good practice.
- Network micro-segmentation is necessary to significantly decrease the attack surface and network reachability in case of a security breach. Next-Generation-Firewalls and Application-Delivery-Controllers can work in synergy to protect the network in a dynamic and automated fashion while implementing granular access policies.
- Visibility, Identity and Access Management (IAM) solutions, and Data Loss Prevention significantly help organisations to achieve compliance and to effectively implement a Least Privilege Strategy.
The journey to comprehensive and effective Cyber Security in 2019 is a complex and sometimes confusing one. As borders have disappeared and data has dispersed it can be hard to imagine where your data is and how you should secure it.
Adopting the Zero Trust Model (and zero trust cyber security framework) is a step on this journey to regaining control as applications spread and cloud adoption continues to grow as businesses fully embrace their potential.
For this reason, Nomios has developed an innovative vision and strategy to help organisations reach their targets and grow their business. Our international team of experts is always available to help organisations on their journey to be secure.