Networks continuously change, and new approaches to security are constantly emerging. One particularly noteworthy approach to network security that has been increasing in adoption over the past couple of years is the zero trust security model.
In this article, we examine what zero trust is, how companies could deploy it over the next few years, and its impact on unified communications applications such as voice, video and collaboration.
Conventional security measures for enterprise networks primarily focus on creating a secure network edge and establishing an appropriately protected network perimeter. This approach is sufficient for traditional enterprise networks typically located within one or more physical buildings.
In the classical arrangement, employees work within those buildings at their desks, using computers, telephones and other communications infrastructure.
The organization's data center is also customarily housed within the same location. There is a single connection to the internet and the public switched telephone network (PSTN) for computer and telephony communications with the outside world.
Security is primarily employed at the network edge using firewalls, an intrusion detection system, and other mechanisms, ensuring that everything "inside" is safe and protected from the dangers that lurk "outside" the enterprise network.
A virtual private network (VPN) is typically used by the few employees who work remotely and require access to internal resources, securely connecting these individuals to the inside network.
Focusing on securing the network edge and delivering a strong perimeter defense makes sense with a traditional network infrastructure. However, modern businesses have been evolving for years, and networks are growing with them.
Brick-and-mortar physical locations no longer confine companies, and the adoption of cloud computing, edge computing, and remote work continues to grow.
For example, some enterprise services may be housed on the premises, while others are cloud hosted. Some services may be delivered within a SaaS model, while others are self-hosted. Likewise, companies may store data dispersedly in on-site repositories and in the cloud.
Companies may adopt a hybrid approach to work, enabling employees to work from home, on the go, in remote offices and on site. In these scenarios, a secure perimeter created using security measures at the network edge is difficult to achieve and maintain simply because the network edge is no longer a well-defined border but a blurry boundary.
Securing such a dispersed and multifaceted network is where the zero trust model is invaluable.
Sometimes referred to as zero trust architecture (ZTA), the zero trust security model operates on the premise of "never trust, always verify."
No user or device should be trusted by default—even if connected directly to the corporate network and even if previously verified. ZTA requires that every transaction that takes place on a network be verified.
ZTA depends heavily on a robust identity verification mechanism to validate a device and a user before granting access to any data or service. This verification is performed whenever a device or a user requests access to some network resource.
Another fundamental principle of ZTA is what is known as the principle of least privilege. It says that each user or device should only be given the smallest amount of privilege, or degree of access, to a service or data required to perform the intended task.
Thus, a user or device can access only the resources for which it has explicit authorization, and each receives only as much access as needed for each transaction.
ZTA provides a granular security mechanism, dynamically providing and revoking access to data and resources as needed.
Once a transaction is complete, privileges to access particular resources are removed until they are explicitly requested once again. At this time, authentication and verification mechanisms will take place again.
ZTA has yet to be widely deployed, so only a few examples of its implementation in a production network exist. Still, it is receiving much attention from several influential organizations, such as the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE), two institutions at the highest level of the U.S. government.
These organizations have jointly published Implementing a Zero Trust Architecture, which describes best practices for ZTA.
Similarly, the Cybersecurity and Infrastructure Security Agency (CISA) has published the Zero Trust Maturity Model, which contains a set of pillars that companies can use as guidelines for proper ZTA deployment. Here is a brief description of these pillars:
Unified communications (UC) creates several sessions between client devices and application services. Specific users leverage clients who are authenticated based on their credentials.
Typically, clients may be anywhere where internet connectivity is available. Application services may be located within an on-premises data center, on the cloud, or accessed through native cloud-based subscription services.
The dispersed nature of UC systems makes them next to impossible to secure using a perimeter-based security approach, making zero trust ideal.
For each UC session, ZTA can enhance network security by providing an improved security posture in various ways:
The zero trust model is a modern network security approach better suited to modern distributed networks than conventional perimeter-based approaches.
For UC services, zero trust delivers a truly enhanced level of security, ensuring that sensitive voice, video, and collaboration communications are well-secured and remain confidential.
As it becomes more prevalent soon, we can expect UC systems to take advantage of the augmented security benefits that ZTA promises to deliver.
You may also like:
Voice network security and troubleshooting