Trends in Government Contracting

by iPTW

Zero Trust Security

Zero Trust Network IT Security Model vs. Trusted Network IT Security Model

by Carol Ingley
president, ingleyPRICE-TO-WIN
Week of January 6, 2020 through Week of February 3, 2020

Digital Trends: cybersecurity, Zero Trust network IT security model

 

Cybersecurity Responsibility and Importance. On May 11, 2017, the President of the United States issued the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Responsibility for the cybersecurity of federal networks and critical infrastructure was made clear: “The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.”

 

While the responsibility for network security at the federal level is quite clear, the methodology for achieving it is not as clear. With so many agencies and divisions of the U.S. government, the undertaking to reach the highest level of network security is enormous.

 

Yet the importance of cybersecurity is high for many reasons. Businesses are being hacked in record numbers. Huge amounts of data are being transferred to the cloud. Cyber threats are a constant. And, as the GAO website points out, “The security of these systems and data is vital to public confidence and national security, prosperity, and well-being.”

 

Equally important, the GAO notes. “Because many of these systems contain vast amounts of personally identifiable information (PII), agencies must protect the confidentiality, integrity, and availability of this information.” The kind of bulletproof cybersecurity the U.S. president desires and the GAO website describes is tough to build. Enter the Zero Trust Network IT Security Model.

 

Zero Trust Network IT Security Model Defined. Zero trust is all about looking both inside and outside the network perimeter. CloudFlare defines a Zero Trust Network I Security Model as “an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.”

 

Another characteristic of Zero Trust models is least-privilege access. Similar to the corporate concept need-to-know, individuals will only get as much access as they need. The concept of zero trust was developed at Forrester Research Inc. in 2011.

This “zero trust” of access to the network whether inside or outside the network contrasts with the traditional Trusted Network IT Security Model.

 

Trusted Network IT Security Model Defined.  Zubair Alexander says about the Trusted Network IT Security Model: “This model is based on the theory that the external network is not secure, while the internal network within the corporate boundaries is considered secure.” While this trusted model has been the traditional one, leaving out security from the inside of a company is no longer secure enough, in the opinion of many in the IT industry.

 

In Use Today by Google. Google uses the Zero Trust Network IT Security Model today.  It has created a division within Google Cloud  called BeyondCorp. According to the Google Cloud website, “BeyondCorp is Google's implementation of the zero trust security model that builds upon eight years of building zero trust networks at Google, combined with ideas and best practices from the community.”

 

It’s Complicated. There are so many access points – and so many more access points coming – to networks today –well, simply said, it’s complicated.  Computers, mobile devices, Internet of Things (IoT) sensors – all of these have to be incorporated into the Zero Trust Network.

 

Open Doors. In current networks, there are open doors. Zero Trust networks are about closing these open doors. For the system to work, every end-user must participate in the new security initiatives. From an overview perspective, Zero Trust networks appear to offer the kind of security the U.S. government is seeking.

 

 

Trends in Government Contracting by iPTW
a microblog