What Is a Zero-Trust Approach?
Zero trust is a poorly chosen term that would probably be better phrased as “zero trust in the network.” This approach doesn’t mean that nobody is trusted. Rather, the organization’s security philosophy is to trust individuals instead of networks.
This is a marked shift from the way that cybersecurity and networking teams designed security controls in the past. Until recently, these groups implemented firewalls and other perimeter protection technologies that were designed to keep the internet separate from the internal network and to group internal users onto different network segments.
For example, the district network technicians might design a school network so that students are placed on one network segment and faculty and staff are placed on another. All access between those segments and the internet (or each other) must pass through a network firewall that contains rules based upon the user’s network location.
Zero-trust approaches to cybersecurity don’t rely upon network location to determine authorized activity. Instead, they use strong authentication technology to confirm the identities of individual users and then grant them appropriate permissions, regardless of their location. Teachers working from a classroom, in an administrative office or at home would have the same security permissions, no matter where they are.
How Can Schools Establish Zero-Trust Security?
Building out a zero-trust environment requires creating a solid foundation of security technologies. Some districts adopting this approach may find that they need to add completely new technologies to their security programs, while others may simply need to tweak the configuration of other controls.
Identity and access management is the cornerstone of a zero-trust approach to cybersecurity. When the organization no longer depends upon network location to determine whether a user or device is trusted, they must then depend upon strong authentication and authorization controls to verify an individual’s identity and his or her role within the district.
Although IAM is often the most time-consuming and expensive investment on the road to zero trust, it is also an investment in core security infrastructure that will serve as an enabling technology for years to come. Districts should consider adopting a comprehensive identity and access management platform that coordinates activities across the user lifecycle, from initial provisioning to eventual termination. The platform should also provide or facilitate the widespread use of multifactor authentication technology.
Zero-trust environments also require coordinated and sophisticated monitoring to track user and network activity, watching for anomalies that require investigation. Modern security programs incorporate the use of security information and event management systems that aggregate log entries received from a wide variety of security components and correlate those records to identify suspicious activity. Security orchestration, automation and response platforms go even further, allowing cybersecurity teams to program responses to potential security incidents through the use of automated incident response playbooks. The combination of SIEM and SOAR technologies provides cybersecurity teams with deep visibility into network activity and the ability to respond instantaneously to security issues as they arise.
As districts move more of their computing infrastructure to the cloud, cybersecurity teams must work to extend existing controls into those cloud services. The proliferation of cloud services can make it quite difficult to design and enforce consistent security policies across a variety of ever-changing cloud services. Cloud access security brokers simplify this burdensome task, allowing security teams to create a set of coherent security policies in a central location and then automatically apply those policies to cloud services used by the district. CASB platforms also provide the ability to monitor student and administrator use of cloud-based services, watching for indications of unauthorized activity.
Endpoints remain an important focus of security efforts in a zero-trust environment. Although zero-trust approaches minimize the damage that an attacker might cause simply by taking control of an endpoint, the risk remains that a compromised endpoint can lead to a compromised user account, causing a significant security problem. Endpoint detection and response platforms play an important role in zero-trust environments, monitoring endpoints for signs of compromise and automatically remediating security issues as they arise, keeping the network safe for everyone. EDR technology complements the use of configuration management, anti-virus software and other traditional endpoint security controls.
Zero-trust environments are a major shift in cybersecurity philosophy, and they require a foundation of strong security technologies to succeed. Districts should begin planning their security roadmaps now to build this foundation, allowing them to gradually shift toward a full zero-trust environment.