Zero Trust Security Model
With the widespread adoption of cloud computing come new ways of thinking about security. Since many of the systems that users access are no longer on the corporate “internal” network, the traditional trust perimeter security model breaks down.
The above is a rough depiction of the traditional software network. Most of the users and servers where located in the office in the “DMZ” depicted by the blue circle above. Once an entity is determined to reside inside the DMZ, there is a certain level of trust already given. There could be considered a data breach anytime the blue perimeter has been breached.
Covid-19 and the work from home revolution accelerated a shift that was already underway away from this model. The new model did away with this blue circle, as remote computers had to access this blue circle through VPNs, and, in addition, be able to connect directly with cloud native applications.
In this new paradigm, depicted in the diagram above, the perimeter, office-building based network is just a piece of the technology topology. The internet is the new the center involved in connecting every piece of the distributed topology. It would be ideal if we can make that center piece component more secure, by controlling the routers and hops that go from the home user to AWS cloud, Azure, and other internet based applications. Companies that provide direct access to these cloud applications have became increasingly in demand. Enter the “Zero Trust” model, and the zero trust companies that help fill this need:
In between users and applications, is not the open internet but zScaler, or other “zero trust” provider’s servers. In order for this to be cost effective, many different companies need to be able to re-use these intermediary servers. Hence the traffic on them looks like this:
As you can see, the traffic is shared between companies. This network is called “Zero Trust” because of the diagram above in that trust is not granted just because the traffic is originating from a particular server. This is more secure than having traffic go over the open internet between users and applications, however. It is then possible to have complete knowledge where hop traffic flows from user to end application, without losing control of the traffic going over the open internet. Solving this issue is why the zero trust model has become so popular.