Zero Trust vs. Microsegmentation: Establish a Winning Strategy
Rivalries sometimes last a lifetime… and then turn to mist. Stephen Douglas and Abraham Lincoln lived through an intensely personal rivalry. Their political war of words over western expansion and “Popular Sovereignty” became hallmarks of American history and politics. Despite serious courtship from Douglas, Mary Todd fell in love with Lincoln. Yet, as time passed, the mutual respect between Douglas and Lincoln grew into friendship.
Although Douglas and Lincoln followed distinctly different paths to friendship, aligning the similarities and differences between zero trust and microsegmentation produces a better, stronger solution for maintaining security. While zero trust limits access to resources, microsegmentation erects barriers against cyberattacks. Although the paths taken to implement a zero trust architecture or achieve microsegmentation may seem different, the end goal of protecting systems and information from increasingly sophisticated attacks is the priority.
Zero Trust as a Model for Security Strategy
When John Kindervag created the zero trust architecture, he imagined a comprehensive model that could guarantee protection for an organization’s most critical assets even as environments, technologies, and tools changed. Zero trust does not assume that any employee, device, network packet, or interface deserves trust. Support for the zero trust model occurs through constantly and consistently evaluating risks.
With zero trust, businesses gain the capability to proactively secure assets as the organization, its environment, and external threats change. As a result, the zero trust architecture enables remote work by prioritizing resource and information security within hybrid and cloud environments. Rather than rely on techniques that only control north-south access up to the perimeter, zero trust goes within the network perimeter, assumes that every network request introduces risk, and seeks to control east-west access.
Zero trust depends on authentication and verification. Implementing a zero trust-based strategy encourages an understanding of network identities, access controls, and policies. Businesses implementing the zero trust often begin by identifying a central domain and continue with the transition to single sign-on (SSO) and authentication techniques that can include two-factor (2FA), multifactor (MFA), and Extensible Authentication Protocol (EAP).
By eliminating the concept of trust, the zero trust model introduces simplicity. From an employee perspective, the transition to single sign-on emphasizes simplicity through the capability to log in once for access to many applications. From a business perspective, zero trust allows the use of existing technologies to decrease access to data, systems, resources, applications, and services. Simplicity occurs by integrating security tools and systems, solving known vulnerabilities, and automating repetitive tasks. Rather than becoming pushed into making decisions about access, security operations centers (SOC) verify and authorize every network request.
Microsegmentation Is a Method
The days of flat networks that allow unfettered access to all applications and data have passed. As an intermediate method, network segmentation establishes barriers against unauthorized access to critical data by dividing networks into sub-networks or zones. For example, a separate VLAN on a switch may host business-critical applications, while devices that require access to the applications reside on a separate VLAN. SOCs use firewalls between the subnetworks as a gateway between the VLANs.
The firewall permits or denies access between the subnetworks. If a cyber threat materializes, the barriers between zones limit movement. Access to a specific zone translates into free movement within the zone. Movement between zones requires authorization.
Within a segmented network, problems often occur because application servers reside on the same subnetwork. Vulnerability may exist through server-to-server access and communication. Microsegmentation improves the cyberdefense offered through network segmentation by restricting traffic between subnetworks and servers. Businesses gain the ability to monitor and control communication between servers that could become openings for cyberattacks.
Rather than allowing free movement within a zone, microsegmentation connects cybersecurity policies to individual application workloads. Secure microperimeters-within-the-perimeter protect specific applications and associated information Connecting predefined policies to application workloads limits traffic flow and prevents attackers from gaining lateral movement after initially breaching the system. Because microsegmentation decreases attack surfaces and increases efficiency, SOC staff can quickly see threats, apply security measures, and limit the scope of breaches in real-time.
Zero Trust and Microsegmentation Work Together
At times, gaps exist between strategy and method. A zero trust architecture merges high-level planning for cyber strategy with objectives aimed at individual access and risk mitigation. In contrast, microsegmentation bridges the gaps by providing a method for implementing and executing a zero trust-based strategy.
The granularity seen with single sign-on and authentication technologies works as a foundational part of zero trust. SOC teams can view known devices and users and see permission levels, group memberships, and policies assigned to the devices and users. Microsegmentation increases the granularity by establishing secure microperimeters around individual application workloads and controlling traffic between workloads. The SOC can customize security settings for different traffic types and create policies that limit network and application traffic between specific workloads.
Zero trust narrows access to the minimum level needed to perform a task or action. The model also seeks to mitigate risk. Microsegmentation works within the zero trust architecture through policies designed to limit traffic. Security teams can activate controls according to application, infrastructure tier, environment, and environment type. The software used to implement microsegmentation defines segments and detaches security controls from infrastructure. As a result, policies and rules address risk by following devices and users across the network and cloud.
Implementing zero trust improves data management and protects critical information from breaches. Access to data assets or between data assets only occurs after verification. In addition, placing data at the core of a security strategy aligns zero trust with microsegmentation. While zero trust builds from continual evaluation, authorization, and authentication, microsegmentation protects data by controlling traffic between segments and isolating segments from one another if a breach occurs.
Microsegmentation also increases the zero trust cyber maturity of an organization. Network/Environment serves as pillar three of the Zero Trust Maturity Model defined by the Cybersecurity and Infrastructure Security Agency (CISA). Achieving the optimal maturity level for network segmentation occurs through implementing fully distributed ingress/egress microperimeters and deep internal microsegmentation based on application workflows.
Strategy Translates into Action
Every business has a strategy based on mission and vision. For some, though, translating mission and vision into actionable objectives and initiatives becomes challenging. Strategy execution occurs through an incremental approach that considers the needs of the organization, the needs of all stakeholders, possible risks, and the processes needed to achieve success. In the same way, implementing zero trust microsegmentation can remove complexity while emphasizing the work needed to secure organizational resources.
However, businesses should execute a zero trust-based strategy through an incremental approach based on access policies, security controls, and identity and access management (IAM). Combining a zero trust architecture with microsegmentation creates the action that ensures the success of security policies. This incremental approach to cyber strategy also builds from understanding the threats that currently affect an organization as well as the potential for new threats. Given this consistent awareness of policies, controls, access, and threats, auditing the network establishes the visibility and control for setting the trust levels for applications and data.