Zero Trust – Data protection on the next level

Trust is good – control is better. But when it comes to the security of companies and their data, many companies are rethinking things. Zero Trust puts security before trust. Get an insight into the system in this article.

Flexible solutions for working methods remain an issue. More and more employees use solutions in the area of home office as well as mobile working. Furthermore, many companies are strongly pushing their own digitalization. Besides extensions in the software area, machine-to-machine communication or cloud computing are becoming more and more interesting.

But with the increase in digital components and the expansion of the company infrastructure, the danger of data theft, industrial espionage or sabotage is also increasing. The danger from outside is not always a threat. The behavior of your own employees can also lead to data falling into the wrong hands, intentionally or unintentionally. The zero-trust architecture offers the opportunity to improve your own IT security. But what exactly is Zero Trust?

As early as 2010, Forrester Research presented the future significance of a zero trust approach. At the end of 2019, the National Institute of Standards and Technology (NIST) published a proposal for the standardization of Zero Trust Architecture (ZTA). This approach focuses on the protection of resources and data. In the past, the focus has been on protecting networks with firewalls and VPNs. A Zero Trust Architecture offers a collection of concepts, ideas and component relationships (architectures). This is intended to eliminate uncertainties in the enforcement of accurate access decisions in information systems and services.

Behind Zero Trust are various approaches to counter modern and growing threats. The risks increase in particular through distributed working such as home office, networking with partners and customers and the use of cloud services in general.

The answer to the various threats is the Zero Trust principle. In principle, no one is trusted. Neither the computers and networks, the users nor the Cloud Services. No difference is made between the protected internal network and the external network. The risks are continuously checked within the process. The difference is made clear by comparing ZTA with other systems.

In standard IT security systems such as VPN (virtual private network), different devices are connected to each other within the network. Since the devices are classified as familiar, access to the network is granted. If, for example, WLAN is now used by home office employees, field staff or business travelers, there is a risk of unauthorized access via this WLAN. Once this has been achieved, access is unrestricted, as no new checks are carried out.

Within the zero-trust model, access is not granted permanently, but dynamically. The applications are not visible in the open Internet. While the so-called tunnels are “laid” within the network in the VPN, ZTA usually works on the basis of a cloud. This makes it possible to work from completely different devices and thus to be able to connect much faster than with the VPN, for example. The corresponding licenses are usually bound to certain devices and users and must first be set up.

1. The authentication of each user is mandatory Required are 2-factor authentication or similar approaches
2. The application itself must authenticate itself before it can decrypt data.
3. Network traffic should be encrypted by the application for the user individually. So that expensive and complex VPN solutions (Virtual Private Network) can be avoided.
4. The encrypted storage of all data, including metadata (such as file or folder names) is mandatory to ensure confidentiality
5.  A consistent separation of administrative access (for user management, infrastructure and data backup) and authenticated access to user data ensures protection against information leaks.
6. The automatic complete recording of all relevant processes in an encrypted audit trail enables continuous monitoring and control.

With consistent implementation of these principles, it is possible to work together confidentially over insecure or unknown network infrastructures. Data can be stored securely from unauthorized access.

For the implementation, companies must determine and map how employees, customers and applications access data in the company. Access controls are shifted to the levels of individual users and devices. Dynamic and continuous checks are carried out in the process. Multiple authentication is performed.

• The advantages of Zero Trust at a glance:
• Micro-segmentation or application segmentation replaces network segmentation
• Apps are not directly visible and accessible on the Internet
• Zero Trust can be used from any device
• Cloud-based solution, hybrid or OnPremise
• End-to-end encrypted TLS tunnel
• Configuration in real time without opening the entire network
• Administration also possible directly from the user

Many of the IT infrastructures used are located outside the company’s own network and therefore all the data traffic that goes with them. This makes it all the more important to adapt the protection of sensitive data. In the future, IT security will undergo this paradigm shift. Even if the implementation takes time, it will be worth it.

TeamDrive supports all the basic principles required for the application of the zero-trust model from day one. As early as 2006, TeamDrive began developing an architecture for secure collaboration over distributed and insecure networks: Security by Design. In this context, a zero knowledge cloud solution was created, in which all data is transmitted exclusively end-to-end in encrypted form. Accordingly, they are also encrypted on the servers (e.g. in the cloud). The respective keys remain without exception under control of the authorized users.

With this modular cloud collaboration platform (CCP) from TeamDrive, companies can collaborate cost-effectively, highly securely and confidentially over the Internet.