A zero-trust security model is a framework that starts by assuming all users, devices, and applications are compromised. In response, the model requires continuous user and device authentication, authorizations, and security validation before allowing them to connect to networks, applications, and data.
When everyone was connected to local area networks (LAN), simply logging into the device ensured security. Because no wireless connections existed, people needed to be in a physical location to access networks. IT teams could push security configurations to all devices because the company owned them. This meant that they were “trusted.”
However, adopting wireless networks and moving to the cloud changed this. Companies no longer have the same level of control, especially when people want to access resources from their own devices. Even if users are inside the organization’s firewalls, wireless network connections and “Bring Your Own Device (BYOD)” policies mean companies no longer control all traffic and devices. This removes the ability to “trust” any user or device.
How Zero Trust Security Works
The guiding technical document for establishing a zero trust architecture (ZTA) is the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207. However, in June 2021, the Cybersecurity and Infrastructure Security Agency (CISA) outlined its Zero Trust Maturity Model (ZTMM), setting out five pillars aligned to SP 800-207.
At the enterprise level, CISA’s ZTMM is not a mandate. However, the five pillars help better understand how zero trust security works.
Pillar 1: Identity
Identity is the core principle underlying ZTA. Under this pillar, organizations should:
- Authenticate user identity
- Use multi-factor authentication
- Limit access according to the principle of least privilege
Pillar 2: Device
The device pillar is where zero trust starts to get more challenging. For example, the CISA ZTMM includes everything from traditional workstations to Internet of Things devices and user-owned devices. The Device Pillar includes creating an asset inventory and ensuring device security posture. Endpoint security is a key component of mitigating attack risks.
Pillar 3: Network/Environment
Devices connect to networks and environments which is why endpoint security is a way to mitigate attacks. At the network level, zero trust incorporates monitoring for suspicious traffic that indicates a compromise as well as segmenting networks to prevent malicious actors from moving laterally.
Pillar 4: Application Workload
Under this pillar, zero trust focuses on identity, device security, and other attributes prior to allowing access to applications. Since malicious actors can use a compromised device to spread malware to an application, endpoint security is once again a primary risk mitigation control.
Pillar 5: Data
Taking a “data-centric” approach to ZTA means incorporating device risk, identity, and other attributes. Additionally, it includes controls like data encryption and methods for detecting data exfiltration.
Challenges with Implementing Zero Trust Security
Zero trust may offer a way to enhance security, but the process is challenging. Digital transformation and remote workforce models only increase the problems organizations have as they try to embrace zero trust.
Malicious file downloads
To secure a remote workforce, companies need to prevent users from downloading malicious files on company-owned and user-owned devices. This includes mitigating risks across file types, including password-protected and zipped files.
Too often, the technologies that help ensure endpoint security by preventing malicious file download reduce productivity. They either block files entirely or remove elements that users need. Additionally, the number of false positives put stress on already overburdened IT and security teams.
Application-to-application file transfers
Creating a zero trust approach to cloud security also needs to consider hidden, unknown threats in files transferred from one application to another. Zero trust means assuming everything is compromised, including file transfer processes. Threat actors increasingly target APIs, knowing that they are weaknesses in a company’s security posture.
Web applications expand the number of people uploading data to a company’s networks. For example, customers, vendors, and contractors might all be uploading data through a web portal. Even before cloud migration, these users would normally be considered “untrusted,” but today, they pose an even larger security risk.
However, companies need to allow these data transfers to ensure business operations across human resources, legal, sales, and marketing departments.
How to Implement Zero Trust Security for Files
Endpoint security is a fundamental pillar of zero trust security, yet it is also the most difficult to implement. While installing antivirus solutions acts as one preventive measure, the increased number of malware threats means that companies need something beyond traditional sandboxing that reduces productivity.
File security solutions that scan for safe elements, rather than targeting suspicious elements, prevent malware from being transmitted through risky files.
Application file security
When a user, application, or process receives a file, file security solutions like content disarm and reconstruction extract the content, text, and layout. Then they process any embedded objects and analyze the content directory, identifying known-good content and packaging only that known-good content into a new file so it can be used.
With the increased number of successful phishing attacks over the last year, companies need to assume that all email is compromised. Companies need to incorporate email as part of their zero trust security initiatives by defending all emails and attachments. Since file security solutions work in the background, companies can enhance their endpoint and zero trust security initiatives without interrupting end-user activities.
Protect web browsers and portals
Employees and third parties need to use the internet to interact with a business. Companies need to apply a zero trust approach to internet use because malicious actors use it precisely because it is so ubiquitous. Installing a file security web browser extension protects endpoints from malicious downloads outside the organization’s networks. This supports the zero trust security initiative by enabling secure file downloads without compromising productivity.
Enhance API security
When implementing zero trust, companies also need to assume that all file transfer processes have been compromised. Organizations need to treat all files across web services and applications the same way to prevent malware from entering their cloud storage environments. Using an API-centric solution that integrates easily into the cybersecurity stack can help secure file processing across existing services, apps, and processes easily and quickly.
Votiro: Clean Files for Endpoint Security and Zero Trust
Votiro Cloud’s content-disarm-and-reconstruction-as-a-service technology searches for the file elements that belong rather than scanning for suspicious elements. This reduces the risks associated with signature-based detections that are often inadequate as malicious actors change their methodologies and utilize unknown-malware-based attacks.
Vorito’s SaaS-delivered solution requires no internal maintenance and updating resources. As a cloud-deployed, agentless solution, companies never need to worry about whether users installed it on their own devices. This gives organizations a way to protect the riskiest devices that they normally lack the ability to control with installed antivirus solutions.
Our API-centric solution can easily be integrated into an organization’s existing services, applications, and processes. This gives them a way to secure file transfer processes without impacting user productivity or file processing speed and scale.
To discuss Votiro’s CDRaaS with one of our team members, request a custom demo here.