The National Institute of Standards and Technology (NIST) released its new Special Publication (SP) 800-207, a document that provides recommendations for implementing the “zero trust” approach to network security. The publication came when organizations were dealing with increasingly sophisticated hackers and breaches.
As the way we work continues to change, the perimeter of our networks will continue to erode. The traditional “castle and moat” paradigm based on a hardened perimeter is no longer sufficient in this modern world. With the growing popularity of cloud services, teleworking, and mobile devices, traditional security approaches cannot keep up with threats.
Once upon a time everyone just built a moat around the castle.
But what happens when the enemy gets across the moat and into the castle.
In a zero-trust world, we assume, the moat and walls have been breached, so everyone in the castle is already wearing armor and wielding a sword.
The NIST zero trust architecture defines a concept that helps address the changing threat landscape by encouraging organizations to adopt a more simplified and holistic approach to cybersecurity that focuses on minimizing risk from both inside and outside of an organization’s network.
Zero trust aims to minimize the attack surface area exposed to any given threat. By doing so, we can greatly reduce our risk posture by reducing the number of vulnerabilities present within our environment. The goal is not necessarily about detection or prevention as it is about reducing our risk to acceptable levels.
The NIST Zero Trust Architecture provides guidelines and best practices for protecting critical infrastructure, such as energy grids and financial systems.
In summary, two main principles underpin this framework:
- Never trust, always verify: There are no trusted users or devices in this framework – not even those within the organization’s network boundaries. Whether from inside or outside its perimeters, you must verify everything trying to connect to systems before granting access. This security approach aims to reduce risk by limiting potential attack surfaces and stopping threats from moving laterally through networks.
- Least privilege access: Zero Trust demands that no user or device be granted more access than is necessary to perform their assigned jobs.
With these principles in mind, Zero Trust-based security implementations define roles and permissions for each individual user, rather than just relying on location and IP address.
How Do CHIFs play a role in Zero Trust?
The NIST initiative lists every aspect of the Zero Trust model. If a cyber security team follow this model, CHIF files inevitably become the file type of choice. Even if a device is inside the perimeter, it is not to be trusted; imagine taking that same level of security to the file level.
CHIF files inevitably become the file type of choice for cybersecurity teams that implement the NIST Zero Trust Architecture. CHIFs bring security to the file level – advancing security beyond NIST’s device-focused trust standard. Cyber security teams may require an encryption key to access individual files, monitor files for access, and deactivate files if a bad actor is suspected of tampering or infiltration.
If a user is inside the perimeter of their device, they still cannot access individual files without an encryption key. The files themselves can also be monitored for access and deactivated if a bad actor is suspected of tampering or infiltration.
Consider a common scenario: An employee gets a new device and plugs it into the company’s network without first being registered.
If the device is infected with malware, the company’s network is now exposed to the malware because it was not detected and monitored.
The solution is for all devices connecting to the network to be scanned for security compliance and for the results to be monitored for compliance. The solution should also include the ability to take automated actions to remediate non-compliant devices. This helps ensure that no company network is exposed to malicious activity from an infected device.
If exposed, a system that ran CHIF files with their cyber security data features would be resistant to this type of attack. It is a true zero trust file type.
Zero-trust security also shifts security monitoring to the endpoint. To address these shifts and protect against data breaches and other cybersecurity threats, endpoint security solutions are a must.