ArcLight Videos What is Zero Trust

What is Zero Trust?


Boy, have I got something boring to talk to you about today. We’re going to be talking about Zero Trust. If you haven’t heard about Zero Trust it’s probably because whoever your provider is or your internal IT company has not really got involved in it yet. Zero trust is a concept that’s been around for a long time, but only in the last few years has it become more of a platform where software vendors are creating solutions. They’re calling them Zero Trust and their Zero Trust configurations and existing infrastructure.

So I’m gonna launch straight into this and I’m going to read some definitions of Zero Trust from some different companies. I’m going to explain what they mean by that in relation to their applications and what they sell because Zero Trust is not an overarching product. You don’t go buy Zero Trust. You don’t buy someone’s product that says we are Zero Trust. Although there are some products that are very, very robust that cover and check all the boxes maybe or a lot of the boxes for Zero Trust, but there’s a lot that just cover one box. Maybe it’s authentication for anyone that enters your network. Maybe it’s your network segmentation where nothing is trusted on the network. But, in short, I’m going to talk about some of the applications and I have a Microsoft Word document that I will scroll through here and read some of the definitions that various companies have and explain them.

We utilize a product called threat locker and threat locker is an amazing product it is really good at securing an environment as devices like endpoints like windows workstations and so on and it it says that it’s a Zero Trust platform and it’s it is uh it’s not as overarching as what we would expect from a full Zero Trust platform. Now don’t get me wrong, we think threat locker is amazing and everyone should have that to secure their environment, but threat locker primarily works on the application side. The way we see threat locker’s primary value for our clients is we can take and install threat locker agents on a windows workstation for example. When that user wants to escalate to install an application they are either authorized at the application level to do that or they are deny or they can request approval to do that from a sysadmin or someone in the organization that is allowed to do that and it starts a timer and they have so much time to approve it and so on. So why do you need an application for that? Because Microsoft Windows by default only gives you basically two options. You can be a local administrator on your computer or you can be a user with no permissions except to run the apps that are already on your computer. That’s it.

Well, if you’re a user and you’re using mic or you’re using Zoom for instance for meetings and conferencing which exploded as a powerful product a couple of years ago when Covid hit because everyone had to work from home. We either use Zoom or you hope that Microsoft teams was going to check that box for you while they were still developing it as fast as they could. So you run Zoom. Well zoom is releasing updates almost daily and if you were not a local administrator on your computer you couldn’t install those updates. So you’re working from home and you are not a local administrator every time Zoom would release an update. You either choose to update it or you would run on obsolete or older software until you could get your IT team to update that for you. The alternative of that was you were a local administrator on your computer and you could run the updates. Why is that a problem? Well nobody should be a local administrator on their computer and the reason for that, I mean even me as an IT professional, I should not be a local administrator on my computer. The reason for that is if you’re a local administrator and you fall for any kind of compromise on the internet you go to a malicious website that has a payload, you click the wrong thing, you get an attachment, you run it. As soon as you execute that threat or that application on your system, it runs as you, which means that if you’re an administrator on the computer, you can install applications.

Why Zero Trust?

It is the future. It’s here now. We all need to be considering it. It is gonna change the landscape of security. There’s a ton of security tools out there that when you move to a Zero Trust platform you can probably drop some of those other privileged access management platforms. Those will either be incorporated into the Zero Trust platform or maybe they’re not necessary at all because you have limited access to a better extent in a different way. It’s not the most intuitive thing to understand, but my point or one of the takeaways from this is you need to understand the basics of Zero Trust and how it can affect your business.

Most of the Zero Trust platforms have some form of always-on VPN that is on each endpoint. So those endpoints when they leave your network can maintain access to resources within your network. Zero Trust and Crowdstrike mentioned this is basically perimeter agnostic and does not care that you have a firewall. It will talk to any device inside the network that you tell it to. On most of these platforms, those devices can talk to things outside the network.

Share the Knowledge

Brian Largent

Managed Service Provider CHECKLIST

Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.

Download the Checklist

Discover More IT News, Tips and Tricks From The Experts At ArcLight Group