Jeff Talks Tech: Zero Trust Models
iCorps IT Services
Jeff Lauria, iCorps VP of Technology, highlights the security benefits of the zero trust model in this short educational video.
[Jeff Lauria] So I'm Jeff Lauria, Vice President of Technology here at iCorps Technologies. Today, I'd like to discuss the Zero Trust Model.
Zero Trust Model has been around for a few years. Fundamentally, it's about your LAN Network or your Local Area Network. It's about the security level within your local area network.
Most organizations believe that once you're inside your network that everything is trusted. So, for example, Server A talks to Server B. Server B talks to Server C, and all the workstations talk to everything. That has been the model of computing for many, many years. The Zero Trust Model looks at that differently. It trusts nothing. So your LAN is no longer a trusted network.
For example, if Server A doesn't need to talk to Server B, then it doesn't talk to Server B. If your printers only need to talk to your print servers, then that's all they talk to. So it is looking at your security model differently. It is locking down your network using things like virtual LANs. For example, instead of your workstations having the ability to talk to your printers, they ultimately talk to a server. Then only a server should have the ability to talk to those printers.
The idea and concept behind this is, one, reduce what we call the "Blast Radius." So if, indeed, you have a security event, limit it to a very specific area. So if Server A was compromised and Server A can only speak to Server B, then Servers C, D, E, and so forth are protected. Likewise, if your printers were compromised and they can only speak to your servers, print servers specifically, then your exposure is limited only to those devices.
The trust and security model or the Zero Trust Security Model is not difficult to implement. It does, however, require time and consideration, and thought.
A lot of our clients, for example, when they sit down at a workstation, they'll log in with their username, password, and multi-factor
authentication inside the LAN. That then trusts the identity services of that user. That workstation only speaks to resources that it's allowed to, and it does securely.
So think about this. The workstation is actually in one form or another VPN-in or securely connecting to the resources on the network. Another way of looking at it is you shut everything off and only allow those devices and those users access to what they need.
By doing this, you increase your security posture. You reduce your exposure and isolate the impact of a security event. Working with an MSP can help you easily implement these solutions. This will increase your overall security posture, a safer computing environment, and more dynamic.
For additional information, please reach out to us here at iCorps.