The Zero Trust cybersecurity model has steadily gained traction as a cybersecurity model over the past two decades. Also known as perimeterless security, Zero Trust architecture emerged as an alternative to the perimeter-based security model, which was quickly rendered outdated as digital transformation and remote access were widely adopted across virtually all sectors. And while Zero Trust originally pertained mainly to IT assets, the rapid digitization of operational technology (OT), medical devices, and other cyber-physical systems have made Zero Trust a fundamental best practice for securing the Extended Internet of Things (XIoT).
In a nutshell, Zero Trust seeks to ensure that any given user has a legitimate reason to be doing whatever they're doing. By requiring all users to be continuously authenticated, authorized, and validated, properly implemented Zero Trust architecture prevents adversaries from gaining carte-blanche access to a victim's network from a single point of entry.
In this blog, we'll take a look at why Zero Trust architecture is more critical than ever and highlight why securing remote access to your network is a critical component of its implementation.
In May 2021, the Zero Trust approach to cybersecurity received a hearty endorsement from the White House, when Section 3 of the May 2021 Executive Order on Improving the Nation's Cybersecurity set a 60-day deadline for U.S. federal government agencies to develop a plan to implement Zero Trust architecture. This directive was followed up by a January 2022 release from the Office and Management and Budget (OMB), which further detailed a federal strategy to move the U.S. government toward Zero Trust adoption. To assist agencies in complying with the Executive Order, the Cybersecurity and Infrastructure Security Agency (CISA) has posted a series of documents, including the Federal Zero Trust Strategy, the Zero Trust Maturity Model, and CISA's guide to Cloud Security Technical Reference Architecture.
While these directives pertain specifically to U.S. federal government agencies, the urgency by which these directives have been laid out should be seen as a bellwether of Zero Trust's widespread adoption as a universal standard for protecting data, assets, and operations.
The 2013 cyber attack against Target, which resulted in a $18.5 million settlement after 40 million credit and debit records were compromised, served as an early, high-profile example of what can happen when internal privileges and remote connections are not properly managed and secured. The adversaries behind the attack gained access to the targeted data using stolen credentials to exploit the external remote-access privileges of a third-party HVAC vendor.
As another example, consider Claroty Global Head of Business Development Mor Bikovsky's anecdote of a major consumer goods brand that experienced a security breach at its flagship production site, which involved the use of WannaCry ransomware. The attackers gained access to the network via a vulnerable break-room vending machine that was not properly segmented from the rest of the network. Claroty quickly sprung into action, working with the potential customer to isolate the affected assets with zero downtime. But the main takeaway here is that adversaries should not be able to access critical systems—such as credit card databases or major production facilities—through completely unrelated attack vectors, such as HVAC systems or vending machines.
While the rise of the XIoT delivers many performance advantages for organizations across virtually every sector, the intensified interconnectivity it brings can facilitate the types of attacks described above if not properly managed. Consider the 2022 report finding that 53% of connected medical devices and other IoT devices in hospitals have a known critical vulnerability. Typically, these devices are not within the purview of the security team and are not monitored for weak passwords or default credentials, and without proper Zero Trust implementation in place, they can enable cyber attacks to spread like wildfire within a network.
As organizations continue to build towards a future that is increasingly distributed, Claroty Secure Remote Access (SRA) offers capabilities needed to implement Zero Trust controls and least-privilege principles. In doing so, Claroty empowers organizations to identify connected devices, enforce granular user access controls, and be alerted to non-trusted communications and behavior across the network.
Claroty SRA helps support Zero Trust principles in today's distributed work environment in a number of ways, including but not limited to: