Traditional network security relies on a secure perimeter. Anything inside the perimeter is trusted, and anything outside the perimeter is not. A zero trust network treats all traffic as untrusted, restricting access to secure business data and sensitive resources as much as possible to reduce the risk and mitigate the damage of breaches.
Perimeter-Centric Network Security
Companies were protecting computers with a type of perimeter security well before they were networked together. Companies with mainframes could protect them simply by controlling who had access to the room where they were installed. Once they authenticated a user (i.e. make sure they had the right to be there) they could trust them with access to data, programs, and so on.
As organizations began to connect networks, they began to use increasingly sophisticated techniques to control access. Logins and passwords could hold users accountable for their actions on early computer networks, which connected government and academic researches. However, it soon became obvious that computers were vulnerable to attack. Engineers developed firewalls to filter traffic entering and exiting networks, multi-factor authentication, and other corporate security tactics to keep unauthorized users out.
But perimeter security is no longer sufficient in the cloud age, because networks are fluid. If you log into a corporate network on your phone, for example, your traffic goes through a cell tower or WiFi and multiple servers before it reaches the network. If one of those servers is broken, your phone has a virus or malicious app, or a hacker has access to your WiFi, your perimeter security could let them in with you. A zero trust network mitigates this risk by treating all network traffic as untrusted. Bad guys can’t just slip past the guards and have free reign — they’re subject to rigorous network security every step of the way.
Benefits of a Zero Trust Network
Zero trust network security operates under the principle “never trust, always verify.” Users and network traffic are treated as if they’re operating in the open Internet, where a bad actor could be listening in or impersonating a user to gain access. Network traffic is encrypted to minimize the risk of interception. Attempts to access a sensitive area of the network from another area are screened as if the person (or app) trying to access the network is untrusted.
A zero trust network also restricts users, requiring them to login on every session, and often requiring multi-factor authentication. Access is restricted to the bare minimum required for a user to do their job.
This approach to security prevents hackers from having free reign inside networks. There are more opportunities to catch bad actors, and it’s harder for them to exploit vulnerabilities in the outer layer of the network. This decreases the likelihood of a major breach, as well as the amount of damage a hacker could if they make it into the system.
Zero Trust Network Security and Virtru
Virtru’s data-centric encryption contributes to zero trust network security. Emails and files are encrypted before they leave the sender’s computer and only decrypted when they reach the destination, keeping data protected wherever it is shared (in motion and at rest).
The Virtru platform can use the same approach to protect other applications. Real-time communications, Salesforce or Workday data, or onsite files being migrated to the cloud are encrypted throughout their journey to prevent interception.
Virtru’s access control features are also invaluable to a zero trust network. Users can rescind emails and files — even after they’ve been read — set time limits on sensitive data or disable forwarding. This allows users to communicate while still retaining control of data.