<
Article | 27 September 2024

Enhancing Network Security: The Zero Trust approach for businesses

800x800 2
Tim
Written by
Tim Patrick, Pre-Sales & Product Manager The Netherlands

Even among seasoned network engineers, the idea persists that wireless connectivity is less secure than the kind with an Ethernet wall jack. It’s not true – but as with most questions, the answer isn’t a strict either/or.

Just as wired networks can be compromised if not set up with skill and care, wireless business broadband are vulnerable if you don’t get the basic concepts right.

That’s where enterprises look into the Zero Trust approach for enhanced network security.

Put into words by Forrester’s John Kindervag back in 2010, Zero Trust (ZT) is a more nuanced approach than traditional VPN-style security, where a single authentication (sometimes just a password) allows access to all resources. Zero Trust networks don’t just let you in, but conduct ongoing checks – whenever you use an application, consult a database, or execute any kind of code. In ZT, not all users are created equal: a detailed set of permissions governs what each person can do. And if you try to skirt the rules, up go the red flags.

It’s an attractive idea: everyone has access to the resources they need, and no more. And it’s particularly suited to enterprise network security with wireless broadband. Because wireless networks are a complex configuration of remote users, different devices, and individual working patterns, with Shadow IT, Bring Your Own Device (BYOD), and Work From Home (WFH) all part of the mix. And ZT gives IT managers a way to keep them all in line.

Cisco Network Trends report:

56% of respondents stated security as the top networking challenge when managing distributed and hybrid workloads.

Let’s look at how Zero Trust works for your corporate resources in a world of wireless connectivity.

European strongholds and Chinese walls

If you’re struggling to explain ZT and VPN differences to a non-technical person, try this analogy: it’s like the approaches of old-time European Kings versus ancient Chinese Emperors.

Feudal Europe: a VPN way of life

In Medieval Europe, the nobles lived behind metre-thick stone walls and a moat; an ironclad drawbridge was the only way in. Attempt illegal entry, and a pike in your backside would be the result. (Probably with a barrel of boiling oil tipped over your head for good measure.)

But the benefit: if your credentials (and your plague-pockmarked face) looked good, you had free access to the entire castle grounds within this “hardened perimeter”. You could trade in its market, visit its dwellings, even drop by the royal courtroom to tug a forelock or two. It was a straightforward black-and-white model: 100% trusted, or 100% not.

This approach is similar to today’s Virtual Private Networks, or VPNs: once you’re in, you’re in. A Trust But Verify model. And it has merit for some use cases, like internet access when you’re travelling. But while fairly simple to set up, it has some flaws. Who’s to say that carrot-seller you let into the market square isn’t secretly planning to assassinate the guy wearing the crown?

The Middle Kingdom: a Zero Trust model

China had a different approach. In turbulent times – with emperors changing their capitals as often as their royal robes – noble families lived in compounds, mostly of wood. Defense was more down to people than perimeter walls.

Once inside, you couldn’t wander around freely. Any door you knocked on, any person you wanted to visit, there’d be guards blocking your way unless you could prove your need with an official letter or seal. And if you didn’t have the right identifying characteristic (or, for men in the women’s quarters, the lack of an identifying characteristic) you were out on your ear. Or worse.

So ancient China was more in the Zero Trust world: Never Trust, Always Verify. To this day, “Chinese Walls” is a euphemism for building barriers with customs and practices rather than bricks and mortar.

Zero Trust makes sense for a wireless world…

Note the main difference with the Zero Trust model: granularity. Being trusted for one resource doesn’t mean you’re trusted for another. In fact, trying to gain access to something not relevant to your job description is suspicious; that’s the point. So key elements of Zero Trust include:

  • Least Privilege Access. In keeping with the principle of not trusting anybody without specific reasons to, Zero Trust networks tend to be LPA, permitting users to access only the minimum set of applications and data they need to do their job. This minimises the risks of a breach – even if an employee’s ID is completely compromised, the hacker won’t be able to roam freely.
  • Microsegmentation is another. Again like the Chinese compounds, it divides the network into separate zones for different purposes, each one “sealed off” from authenticated users in another.
  • Multi-Factor Authentication. In times past “authentication” meant a password on a device – which really identifies only the device, not the actor using it. Swinging in extra factors like One Time Password (OTP) codes and biometrics help authenticate the person, not the device.
  • Validation as an ongoing process. Unlike a single perimeter check, users in a Zero Trust network have to re-authenticate regularly against approved permissions lists and access privileges – which are themselves subject to regular updates as people change jobs and seniorities.
  • A focus on Layer 7. Layer 7 is the “application layer” at the top level of the OSI model. When you can secure at Layer 7, even a successful attack on all the layers below it – TCP/IP, http, connection sessions – is far less likely to compromise your critical data.

This makes it plain that Zero Trust isn’t a technology, but an approach. A way of thinking that can be implemented in various ways suited to different network topologies. And that’s why it’s perfect for wireless broadband in your business: it’s both flexible and adaptable.

… and its multiplicity of use cases

Think of all the use cases for mobile and fixed wireless connectivity. It’s a longer list than for wired networks. It includes remote worksites far from urban centres, like an unmanned solar energy array or offshore oil platform. Places where the assets move around, like IoT-connected crates in a warehouse. And temporary, pop-up applications like a brand experience shop at a summer festival.

Fortunately, the Zero Trust approach can be applied to all these use cases … and more. After all, fundamentally, it’s still about protecting people, applications, and data. And those needs don’t change whether your network works over airwaves, optical fibre, or smoke signals. Or – as in most enterprises – a hybrid mix.

Zero Trust has all your wireless bases covered

Just as wired networks are increasingly adopting a Zero Trust model, wireless networks benefit from the same approach. It keeps your people managed, your applications secure, and your critical business information safe.

As Wireless Experts, we’re always enthusiastic about all aspects of your network connectivity, and that includes talking about Zero Trust Security. If you're considering to enhance your enterprise wireless network security, just reach out to us and we’d be happy to discuss it further with you!

Talk to
Tim

Tim Patrick, Pre-Sales & Product Manager

Let's get your wireless journey started. I am happy to walk you through the best wireless solutions for your business, whichever the use case.

Tim
Redefine your enterprise network connectivity with STARLINK
Global Managed LEO