Zero Trust vs Least Privilege

Importance of understanding Zero Trust and Least Privilege

Zero Trust and Least Privilege are critical to cybersecurity as they both act as methods used to ensure devices, users and data remain protected from unauthorized access. They are especially important as part of a holistic security plan that extends across your organization but also provides deeper levels of protection that are crucial to defending against the modern threat landscape. One that impacts traditional computers yet continually evolves, targeting mobile devices on all platforms as well.

As we dive deeper, defining each and explaining what protections they offer, it’s important to know that they’re not diametrically opposed to each other. Rather, they are complementary to one another, as each addresses specific security concerns that work in tandem as part of a larger defense-in-depth (DiD) strategy.

Definition and origin of the Zero Trust model

Zero Trust is a model or architecture that relies on the concept of explicit permissions to replace implicit authorizations when developing the strategy, design and implementation of security for enterprise infrastructure.

“Never trust — always verify” — Zero Trust’s foundational concept

The Zero Trust model is most clearly defined in its Wikipedia entry, whereby states that “users and devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.”

How did Zero Trust come about?

There appears to be a bit of confusion surrounding the true beginnings of Zero Trust (ZT). We don’t know for sure if the credit goes to Stephen Paul Marsh, who initially coined the term in 1994 as part of work on his doctoral thesis, or does it belong to John Kindervag, Forrestor Research, who popularized ZT in 2010?

What we do know is that ZT did mature into a security architecture that calls for the unification of stricter access and security controls, partnering them with a method of hardware and credential verification to comprehensively strengthen cybersecurity plans against myriad, evolving threats impacting enterprise networks. This was especially poignant as:

• mobile devices were increasingly adopted by personal users to complete work-related tasks;
• but as deperimeterization proliferated globally as workforces became increasingly distributed.

Definition and rationale behind the Least Privilege principle

The National Institute of Standards and Technology (NIST) defines the principle of least privilege as, “The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.”

The rationale behind the principle of least privilege (PoLP) as it applies to cybersecurity is simple: user permissions should be limited to access only the locations, hardware, software, data, processes and procedures needed for them to successfully complete their job-related tasks. In a nutshell: by providing users with only the minimum permissions to complete their jobs, the attack surface is minimized from threats without impacting employee productivity.

What is the principle of least privilege?

It’s the practice of logically assigning the minimum level of permissions — nothing more —necessary for users to be productive without preventing them from completing any functions directly related to their job role.

Implementation of Least Privilege in access controls

The best way to describe the PoLP in action is to provide a real-world example of it to show you how it works. One of the simplest and most commonly used instances of least privilege exists when administrators configure permissions to a resource shared by many users, like say, folders on a network share or shared through a cloud-based storage provider.

Typically, folders are stored in a hierarchy, with the root folder in this example being titled “User Folders”. Contained within this root directory are subdirectories, each given a unique name pertaining to a user. To ensure the confidentiality, integrity and availability of business-owned data, administrators would use the principle of least privilege to explicitly configure access permissions to meet the following requirements:

• Users are granted only read permissions to the root directory (User Folders).
• Users are granted read/write/modify permissions only to the folder that bears their name.
• Users are denied delete permissions to all folders.
• Users are denied viewing/opening the contents/files contained in other folders that are not their own (by default).

By configuring the permissions based on least privilege, users can:

• Access the shared folder (root).
• Work with the data that is contained to their folder only.

While being preventing from:

• Viewing or editing data belonging to another user.
• Intentionally/unintentionally changing or deleting data.

The role of Least Privilege in a Zero Trust architecture

Positioning PoLP alongside a comparison between Zero Trust Network Access (ZTNA) and Virtual Private Networking(VPN), highlights how PoLP works in conjunction with the two technologies used to secure remote connections in enterprise networks when set against the backdrop of the modern threat landscape.

Let’s begin our example with a foundational scenario of an organization with a hybrid workforce that is globally distributed. One whose employees can choose when they work from a regional office or when to work from home. Additionally, the organization operates an employee choice program, allowing employees to choose a tablet running either Windows or iPadOS. Employees are also able to use their personally owned mobile devices running Android or iOS for work.

• In the VPN version of the scenario, the legacy technology is used to secure remote connections to organizational resources. Once users authenticate successfully with legacy VPN, they are:
  • Granted access to the entire network.
• The principle of least privilege extends to the individual resources themselves by:
  • Limiting user access to the permissions assigned to their credentials by admins.
  • Should credentials become compromised as part of a phishing campaign, threat actors will have complete access to the network itself.
  • While still being limited by the PoLP permissions assigned to user accounts when accessing protected resources.

• In the ZTNA version of the scenario, the Zero Trust model is used to not only secure remote access (similar to VPN), but the modern architecture adds extra layers of protection, such as:
  • Creating microtunnels for each resource request, isolating communications from one another.
  • Integrating with identity and access management (IAM) to constantly monitor endpoint and credential use.
  • Using IAM and endpoint security integration to verify device and credential health status each time a request is made.
  • Secure by design, with access to protected resources being disabled by default under the ZT model, with more granular permission to each individual resource restricted by PoLP.
    • If a device and/or credential passes compliance verification, access is granted to only the requested resource. How users are allowed to interact with the protected resource is limited by PoLP configured by admins.
    • If the device and/or credential fails compliance verification, the resource request remains denied while native integration between your device management and endpoint security solutions trigger workflows to remediate the security issue automatically.
      • Even if a user is granted access to interact with the resource by PoLP permissions configured by admins, ZTNA denies access to the protected resource itself until after remediation occurs and verification is passed.

FAQ

Are zero trust and least privilege the same?

No.

Zero Trust is a security model based on verifying the compliance status of devices and user credentials requesting access to protected resources before access is granted — despite the device, OS or network being used.

The principle of least privilege is a security practice that provides users only the minimum access permissions required to perform their work-related functions without impacting productivity and nothing else.

What is the opposite of least privilege?

While no exact term exists for it, the opposite of PoLP are open access permissions (or those that have not been configured with security in mind).

Is least privilege part of Zero Trust?

The principle of least privilege is an access control practice, while zero trust is a security model based on authorization. Though they are different approaches to security, they are complementary and therefore, often used together as part of a robust, DiD security strategy.