A QA on Zero Trust

I mentioned in my last blog that we’re kicking off a Data Center Summit starting in Dallas, Texas today. One of the special guests at our seminar will be John Kindervag from Forrester Research, presenting on the Zero Trust Model. If you haven’t yet heard of Zero Trust, check out the video here.

With the current state of security attacks on organizations, this new security model, called “Zero Trust” recommends that enterprise take a new architectural approach to securing their networks. Kindervag’s model recommends trusting no one (not even internal users), ensuring secure access to all resources, and inspecting and logging all traffic among other things. He also introduces what he calls a network segmentation gateway or a “firewall on steroids” that does firewall, IPS, content filtering and encryption without a performance impact.

There has been lots written up on this Zero Trust model, but we really wanted to drill down on the actual implementation of the Zero Trust model, in particular in the data center. We spoke with John Kindervag, security analyst at Forrester to get his perspective:

Question: What’s with the state of attacks recently? Zappos, Justice department? Are attackers just getting better at finding holes in networks, or are enterprises just not thinking of security in the right manner?

Kindervag: I doubt that much has changed other than public awareness of these breaches. The fact that the SEC requires disclosure means that most companies will have to at least acknowledge breaches. Look at Verisign. They weren’t exactly forthcoming about their recently reported breaches. The SEC forced their hand. Compliance mandates such as that from the SEC or the PCI Security Standards council have gone a long way to increasing public – and corporate executive – awareness of these breaches.

Having said that, I do believe that the gap between the attackers and the enterprise is getting wider. Attackers are mutating their attacks in near-real time. Enterprises are trying to secure old, clunky network designs. One global CIO told me “It just not fair.” That’s true. Enterprises continue to be encumbered by old designs, broken processes and apathy about security at the highest levels of the organization. Those things must change before we stand a chance in fighting off these attacks.

Question: How does the Zero Trust Model apply to a data center environment?

Kindervag: Zero Trust is data centric which is precisely why it applies to the data center. It mandates building the network from the inside out. This means the controls start at the data itself and then we figure out the transport later. Too many companies are focused on the transport – the network – or the place – the physical data center – when they should be focused on the data. That’s what attackers are trying to steal.

Question: You discuss the importance of segmentation in Zero Trust. This is important to limit the scope of compliance or limit the scope of vulnerabilities. What’s the best practice you recommend for segmentation – VLANs, physical segmentation, zones?

Kindervag: Modern networks must be segmented. Flat networks are too easy to compromise. Throw in the reality that many compliance initiatives can only be effectively met through segmented networks and you have a convergence of outside pressure that will force network designers to adopt segmented networks. That’s why it’s important to understand what equals segmentation.

Segmentation must enforce separation of traffic. VLANs just don’t do that. They were never designed for security and as a result are inherently insecure. If we want to mitigate the ability of attackers to own our entire network, it must be segmented by a control that does the segmentation that can be enforced by affecting traffic that tries to bypass segmentation controls. The controls must be at Layer 3 or above. In the real world segmentation is done with firewall technology of some type, which is why Zero Trust relies on Uber-Firewalls we call Segmentation Gateways.

Question: How can customers start implementing Zero Trust in their data center, in particular when they are considering new designs like virtualization or Ethernet fabric architectures?

Kindervag:  Zero Trust allows you to secure evolve your network and securely adopt new technologies. Zero Trust as a model and a concept translates to any environment and Zero Trust as a design methodology helps secure virtualization by default. It creates virtualization-friendly Layer 2 segments that make deploying virtualization easy. Plus, fabric architectures fit well with Zero Trust. Fabric architectures have given very little thought to security and Zero Trust gives fabric technologies a path towards security.

Thank you John for a great explanation of how Zero Trust applies in the data center. At our data center summit, we’ll be talking about this in-depth. In particular the afternoon technical segment goes into detail on how customers are implementing network security in the data center. We’ll also describe how you segment servers appropriately as advocated by Zero Trust, where traffic in and out of a segment is only allowed via the Palo Alto Networks next-generation firewall. Calling all you fellow data center security geeks out there....I hope to see you at one of our Data Center Summit venues!