The zero trust system is more secure than its competitors. That is the argument used by companies such as Microsoft, Google or Cisco when it comes to marketing it, and the experts consulted by Engadget to explain the rise of this cybersecurity technology that controls remote employee access to a company’s private network.
The literal translation of zero trust is zero trust, and that is the philosophy behind this technology: it continuously monitors and authenticates users who have accessed the organization’s private network, even those in the office of the organization. company, in such a way that, in order to consult different data or use different system tools, the employee has to go through a new verification process each time.
” The main difference of this technology with respect to others such as the virtual private network (VPN, for its acronym in English) is mistrust. A VPN is like putting a guard at the door, it can be very good, but it doesn’t budge from there. It asks for the credentials and, if they are correct, lets the user through. The zero trust system adds to that guard at the door others within the facilities who are asking everyone from time to time for their identity, to discover if someone has sneaked in”, explains Rafael García, CTO of the security company Computer Hack By Security.
In this way, the architecture of the zero trust system makes it much more difficult for cybercriminals to attack, because if they violate the first barrier to access the company’s private network, they will not compromise all the organization’s data at once, and to go deepening the system will have to continually break new security barriers. In addition, the company will be able to monitor the steps they have taken to discover how they have managed to evade the first check and how far they have come.
On the other hand, Román Vargas, Cisco Spain cybersecurity consultant, assures that the zero trust also offers a better user experience, because VPNs are not prepared for the enormous increase in remote work that we have experienced, with a greater consumption of resources than before the pandemic. This causes, for example, connection problems in video calls and that users end up disconnecting from those private networks to be able to meet without problems.
“There has been a clash between security and user experience, causing many employees to simply not use VPNs in their day-to-day lives, or to selectively activate them, putting data security at serious risk,” he explains. And that is why, he says, many companies are opting to move to cloud-based security systems such as zero trust , which avoid problems of this type.
VPNs useful in controlled environments
Both García and Vargas point out that the transfer of work devices to the employees’ homes represents new cybersecurity problems. Because these computers, being in a domestic environment, can be used for non-professional tasks that end up infecting the computer with malware , and that it passes to the company’s systems when the employee connects.
“If a company has a very well defined perimeter and is not going to leave it for a long time, it can use a VPN, the normal thing is that it works as it should. But situations like the current pandemic make a company no longer see or know so clearly what its perimeter is, because the workers are at home, ”explains García.
For the CTO of Hack By Security, therefore, VPNs can still be useful and the move towards zero trust will be gradual: “Nor should we go crazy and throw everything current in the trash. Everything must have a transition. Not so long ago, companies were suspicious of the cloud and wanted to have full control from their facilities. It has been difficult to make them see the benefits of using the cloud. With zero trust systems something similar will happen”.
For Vargas, on the other hand, the massive shift to teleworking has already made VPNs insufficient to protect remote access and, therefore, predicts a faster transition to the zero trust model.
“Although for few remote workers VPNs will continue to do their job, the zero trust model will be the star of this year and the following in the business environment. With users, devices and clouds spreading outside the traditional network perimeter, new security approaches are required,”he says.
Disadvantages of the ‘zero trust’ system
But not all that glitters is gold. The zero trust system provides more security by increasing verification processes, monitoring users and compartmentalizing the organization’s data, making it more difficult to access company information. In other words, it uses many more resources, which translates into higher costs and installation complexity.
“Not everything is so nice or easy. Implementing the zero trust system can take time and is expensive”, explains García, who adds that it will also depend on the complexity that each company wants, because with this zero trust technology you can even configure the geographical area or the schedule in which certain users are not allowed to access the network. And those kinds of options make the bill more expensive.
Trust and advantage of big technology
Despite being booming in the wake of the coronavirus pandemic, zero trust technology is not new. Many of the concepts behind it have been known since the early 21st century. However, the new security needs arising from the huge increase in remote work have finally made it emerge in an environment that is increasingly cloud-based.
Big tech is clear: it’s the future of business cybersecurity. Cisco has been developing zero trust tools for five years and says it is here to stay. Microsoft said a few days ago, after its quarterly presentation of results, that this technology “is the cornerstone of effective protection, the basis of the resilience of organizations and the future of security.”
And Google, for its part, recently announced that they have made BeyonCorp Enterprise available to their customers, a series of zero trust products that the Californian company had been using internally until now .