Zero trust security whitepaper

We've all heard the buzz around the virtual water cooler that zero trust architectures are the next big thing in network security, but what do we know about them? And, perhaps more relevant to our discussion today, why should you care?

This white paper examines how and why zero trust defines a data-centric security model and what that means in a real-time production environment. We build on that conversation to take a deeper look at how Pexip's video conferencing platform integrates with your existing zero trust strategy and can even give you some new zero trust concept ideas to consider.

Written by Kevin Davis, Principal Consultant Advantage Engineering at ZTX-S, and Joel Bilheimer, Strategic Account Architect at Pexip.

What is the zero trust concept?

The biggest challenge in implementing zero trust is agreeing on what it encompasses. The easiest way to answer this question is to describe what zero trust is not. Then, we can discern what it is and, potentially, what it can be. 

At its core, zero trust is a cybersecurity framework that upends the assumptions behind traditional data security and lets you see where those assumptions lead you.

The tradition of perimeter-centric security

Traditional security is based on the notion that "they" are "out there" and "we" need to protect ourselves and our data "in here." 
 
As a result, cybersecurity has historically focused extensively on defining and defending the perimeter, which means the boundary between the known and the unknown, or between what is "trusted" and what is "untrusted." 
 
Critically, as we shall see, this is illusory, as "trust" is a human concept, not one that has a place in enterprise information security. Even the naming​ of networks (e.g., firewalls, demilitarized zones, gateways, gatekeepers) implies that there is a right side and wrong side of the network boundary, with our precious systems and data surrounded by barriers that keep it all safe.

There are two main problems with the traditional perimeter-centric network approach from a security perspective. 

First, suppose we focus all our resources on establishing external barriers while ignoring similar internal protections. In that case, it only takes one crack in the dyke for our data protection level to break.

Second, it turns out that blithely ignoring half of each public network transaction – for example, assuming all outbound traffic is valid – essentially guarantees that when (not if) your system is breached, the bad guys will have free reign to do whatever they want, in many cases, without you even knowing that they're doing it. Phishing is one example of an "insider threat" that has proven extremely difficult to combat under traditional network security concepts. 

Cybersecurity architects have committed two cardinal sins by focusing so much energy on hardening the perimeter over the years.

For one, we haven't achieved the core objective of protecting our data's confidentiality, integrity, and availability (the "C-I-A Triad").

If we had, "data breach" wouldn't be a household term, and there would be no need for zero trust. Additionally, this approach has made legitimate cross-boundary uses much more challenging to implement, especially for video collaboration traffic.

Video architects and engineers have endured this environment for decades, and we have all experienced its negative operational impacts. Up until now, however, we have all been led to believe that perimeter data restrictions are necessary structural limitations in service of the greater good of protecting the network.

It is a fundamentally false assumption.

It's okay. We can fix it.

Time to upgrade for data-centric security

In contrast to the perimeter-centric threat model, zero trust architecture focuses on data's inherent qualities. Zero trust does not ignore the perimeter. However, zonal trust is outdated in a world where data can be anywhere at any time. 

If you are defending the perimeter, you must always be right, every time – but the attackers have to be right only once. Furthermore, the main attack threats are inside your organization, which you can't defend under perimeter-centric security. Those are long odds on which to build your entire network security plan.

Zero trust holds two fundamental principles: disregarding outdated network security norms and proving extremely powerful. 

First, zero trust assumes, point blank, that the bad guys are already in your network. 

You might think your network security is good enough and that only the government and healthcare care about that stuff anyway. You may argue that you are too small for hackers to care about your network.

However, experience shows network security is usually much lower than you think. That false sense of security has allowed nation-state attacks such as Stuxnet and more commonly accessible tools such as Mirai to be wildly successful.

Secondly, zero trust also recognizes that the impact of a breach is not about how the bad guys got in but what data they were able to see and export while they were there.

It doesn't matter if someone can penetrate your system because it only matters whether they can impact your data's confidentiality, integrity, and availability. 

Zero trust creates structures and policies that prevent infiltration (which, again, we assume has already happened) from becoming exfiltration. 

By deploying a deny-any policy (meaning that, by default, no traffic or data is permitted to flow in any direction on any segment) and only then identifying specifically authorized data actions, zero trust ensures that only approved and authorized traffic ever moves through an organization's networks, either internally or across a boundary. 

From this perspective, it doesn't matter if a microphone array or VoIP system gets hacked, for example, as long as the audiovisual data provided can only ever travel to those internal destinations you approve.

Ultimately, you can and will live with inbound breaches under zero trust because they will not impact your operations.

How does the zero trust concept work?