What exactly is Zero Trust?
In 2010, Zero Trust was first introduced by John Kindervag, a former analyst. He observed that organisations were adopting a ‘Keep and Moat’ approach to network security. Networks were built by each CIO with a requirement to keep outsiders out and to only allow in those with the right credentials.
Whilst organisations kept services within the bounds of the corporate network, accessed only via locally connected computers, or via VPN’s, the problem was about how strong you could make the walls guarding access. As the world started to migrate to cloud based hyperscalers, like Google, Amazon and Facebook, this model started to break apart. Users wanted to access corporate applications and data from mobile phones, their homes, or coffee shops using the public internet.
Becoming accustomed to public cloud services
Google was the first organisation, at scale, that discovered the need to change the way it operated due to wholesale adoption of public cloud services. In response, Google initiated its ‘BeyondCorp’ Zero Trust security framework. With new mobile device management systems, devices and their subsequent users could be identified using biometrics. The systems could prove the individual user and using GPS data from a mobile allowed the geographic location of the device to be identified. The data capture from the mobile devices meant that the Zero Trust model could be realised.
Adding additional capability per user, allowed other devices, such as laptops, to be used. This left the biggest issue; identifying who should have access, what devices they had and where they were in real time.
Google then asked itself whether it even needed a corporate network. It decided that it didn’t; the internet worked fine for its purposes and so it was dismantled.
How GDS handles Zero Trust
GDS is following a similar path. The well-known GDS blog ‘The Internet is OK’ was the for-runner of the Government’s Zero Trust Networking approach. The intention here has been stated to adopt Zero Trust Networking and dismantle networks within the Public Sector. Innopsis is supportive of the first half of the proposed strategy, but urges caution for the latter half.
If we liken the security of the network to physical security at the workplace, we can liken the firewalls and network access protection to the walls, doors and gates leading into the corporate office, guarded by doormen and access control equipment scanning ID cards.
Most companies employ door scanners as well as requiring ID badges to be shown at all times. Some establishments insist visitors are accompanied at all times by staff. Even though you can get into the building, you are not trusted. You constantly need to reinforce your identity and right to be there. This is similar to the Zero Trust concept.
On the same basis, companies don’t buy networks purely for security. Yes, it’s part of the mix, but so is Availability, Accountability and Latency. The internet works, because network providers play nicely. There are no SLA’s, beloved of Government, data packets get through on a best endeavours basis. There are no rules where and how traffic is routed. If it works, it works, if it doesn’t, it doesn’t.
Currently, escalation processes are in place to allow the communications route to be checked and escalated along the entire path. Engineers can re-route to avoid breakdowns and services can be guaranteed. There is no escalation path with the internet. The provider can only resolve from the customer’s premises to their internet handoff points.
Increasingly, corporate communications are using multimedia, real time IP-based communications. To realise these magical devices, the IP packets must be prioritised to enable stutter free speech, flicker free video and group calls worthy of television. This facility is not available over the internet. You take your chance with all the other data flowing. Is this acceptable?
The answer, in Innopsis’s opinion, is to take a hybrid approach. Adoption of Zero Trust across the network, but maintain MPLS based networks for the major offices and data centres. This will allow flexibility for remote and mobile workers. Branch offices can utilise internet connectivity, but main corporate offices can have a robust controlled environment to communicate with the data centres, hyperscalers and other offices. Whilst the overall solution may cost more; there is Zero Trust hardware to buy, some savings could be made by using internet connectivity and losing the surety of corporate network connectivity to small offices.
Implementing Zero Trust
The next big issue to overcome is the adoption of Zero Trust. It is unlikely to be an easy task to implement a single Zero Trust solution for all the Public Sector. Being able to account, in real time, who exactly the 4.5 million civil servants are, plus identify what devices they have now and are using and are allowed to use, plus knowing where they are and if they should be there, is a challenge that makes Brexit look easy.
A more likely scenario is for each department and council to implement their own version of Zero Trust. The downside of this approach is that there is no common agreed standard between Zero Trust solution providers as is unlikely to be in the short to medium term. This means that if adopted, the Public Sector will be taken back to the situation that PSN was deployed to fix. Each department, each council, each public sector body could be isolated from each other. Information will not flow between organisations. The progress made over the last eight years to share data will be reversed. This is not progress.
Now, let’s return to another point about utilising the Internet. The routing of traffic is usually dynamic and related to cost and bandwidth availability. One day, traffic may route via Germany, the next via USA, the next via China. There is no control on how or when the traffic is routed. It does not take much for traffic to be interrupted.
Recently, due to an ‘accidental’ routing error in Nigeria, all of Google’s traffic to and from North America was routed via Russia and China where it ‘disappeared’ for an afternoon. Imagine the concerns if ‘accidentally’ the Cabinet Office’s traffic was routed to a black hole stopping all communications? Even with the traffic encrypted, given the will and resources, decryption cannot be ruled out.
There are many other scenarios which could apply to Government, which are unlikely in the enterprise world. This is why we need to cautious and not just adopt a novel approach in the commercial world, especially as the UK moves to be independent on the world stage.
Zero Trust will allow mobile workers to have corporate style working, it will allow occasional home workers and undoubtedly the coffee shops will benefit. Will it reduce cost? That is yet to be proved. Will it increase security? For some users, it will. Is it risky to move all traffic to the internet? Yes. Very. Some traffic will be fine, but not all.
Mike Thomas is managing director of Innopsis, the industry association for companies driving innovative information sharing for better public services.