Let’s look at how Zero Trust works for your corporate resources in a world of wireless connectivity.
European strongholds and Chinese walls
If you’re struggling to explain ZT and VPN differences to a non-technical person, try this analogy: it’s like the approaches of old-time European Kings versus ancient Chinese Emperors.
Feudal Europe: a VPN way of life
In Medieval Europe, the nobles lived behind metre-thick stone walls and a moat; an ironclad drawbridge was the only way in. Attempt illegal entry, and a pike in your backside would be the result. (Probably with a barrel of boiling oil tipped over your head for good measure.)
But the benefit: if your credentials (and your plague-pockmarked face) looked good, you had free access to the entire castle grounds within this “hardened perimeter”. You could trade in its market, visit its dwellings, even drop by the royal courtroom to tug a forelock or two. It was a straightforward black-and-white model: 100% trusted, or 100% not.
This approach is similar to today’s Virtual Private Networks, or VPNs: once you’re in, you’re in. A Trust But Verify
model. And it has merit for some use cases, like internet access when you’re travelling. But while fairly simple to set up, it has some flaws. Who’s to say that carrot-seller you let into the market square isn’t secretly planning to assassinate the guy wearing the crown?
The Middle Kingdom: a Zero Trust model
China had a different approach. In turbulent times – with emperors changing their capitals as often as their royal robes – noble families lived in compounds, mostly of wood. Defense was more down to people than perimeter walls.
Once inside, you couldn’t wander around freely. Any door you knocked on, any person you wanted to visit, there’d be guards blocking your way unless you could prove your need with an official letter or seal. And if you didn’t have the right identifying characteristic (or, for men in the women’s quarters, the lack of an identifying characteristic) you were out on your ear. Or worse.
So ancient China was more in the Zero Trust world: Never Trust, Always Verify. To this day, “Chinese Walls” is a euphemism for building barriers with customs and practices rather than bricks and mortar.
Zero Trust makes sense for a wireless world…
Note the main difference with the Zero Trust model: granularity. Being trusted for one resource doesn’t mean you’re trusted for another. In fact, trying to gain access to something not relevant to your job description is suspicious; that’s the point. So key elements of Zero Trust include:
- Least Privilege Access. In keeping with the principle of not trusting anybody without specific reasons to, Zero Trust networks tend to be LPA, permitting users to access only the minimum set of applications and data they need to do their job. This minimises the risks of a breach – even if an employee’s ID is completely compromised, the hacker won’t be able to roam freely.
- Microsegmentation is another. Again like the Chinese compounds, it divides the network into separate zones for different purposes, each one “sealed off” from authenticated users in another.
- Multi-Factor Authentication. In times past “authentication” meant a password on a device – which really identifies only the device, not the actor using it. Swinging in extra factors like One Time Password (OTP) codes and biometrics help authenticate the person, not the device.
- Validation as an ongoing process. Unlike a single perimeter check, users in a Zero Trust network have to re-authenticate regularly against approved permissions lists and access privileges – which are themselves subject to regular updates as people change jobs and seniorities.
- A focus on Layer 7. Layer 7 is the “application layer” at the top level of the OSI model. When you can secure at Layer 7, even a successful attack on all the layers below it – TCP/IP, http, connection sessions – is far less likely to compromise your critical data.
This makes it plain that Zero Trust isn’t a technology, but an approach. A way of thinking that can be implemented in various ways suited to different network topologies. And that’s why it’s perfect for wireless broadband in your business: it’s both flexible
and adaptable.
… and its multiplicity of use cases
Think of all the use cases for mobile and fixed wireless connectivity. It’s a longer list than for wired networks. It includes remote worksites far from urban centres, like an unmanned solar energy array or offshore oil platform. Places where the assets move around, like IoT-connected crates in a warehouse. And temporary, pop-up applications like a brand experience shop at a summer festival.
Fortunately, the Zero Trust approach can be applied to all these use cases … and more. After all, fundamentally, it’s still about protecting people, applications, and data. And those needs don’t change whether your network works over airwaves, optical fibre, or smoke signals. Or – as in most enterprises – a hybrid mix.
Zero Trust has all your wireless bases covered
Just as wired networks are increasingly adopting a Zero Trust model, wireless networks benefit from the same approach. It keeps your people managed, your applications secure, and your critical business information safe.
As Wireless Experts, we’re always enthusiastic about all aspects of your network connectivity, and that includes talking about Zero Trust Security. If you're considering to enhance your enterprise wireless network security, just reach out to us and we’d be happy to discuss it further with you!