Our current information system is built on belief; trust is a more precise term. Trust that the lady over the counter handles the inventory correctly, trust that the social media application developer isn't selling out personal data, trust that the internet service provider isn't eavesdropping on the ongoing conversation.
Despite tremendous technological developments, vital information is being put out on the internet by users relying on the belief that others on the other end handle them properly. Not just the internet; authentication and verification technologies are arguably least applied in our modern systems. In contrast to technological advancements, our trust system is relatively unregulated.
Unfortunately, this high trust system hasn't matched a corresponding sincerity and competence. This unregulated trust hasn't turned out well due to data breaches, cyber-attacks, betrayal of trust. Reports on cyber-crime and misuse of personal information have shown individuals and organizations running into grave losses. PurpleSec estimates an average of over $3 million in data breach losses to companies worldwide and an exponential growth of cyber attacks worldwide with over 600% increase in the year 2020 only.
Each time these unfortunate events strike, the need for a more authenticated system built on well-designated verification and organization technologies is emphasized. Diagnosis of cyber-attacks and data breaches show contributions by internal and external factors. This necessitates security approaches that trust no part of the system or organization. Information technology built to ensure that compromises in any other part of the system are prevented or well-identified is proof of these unfortunate events. Systems like this are built on verified information, devoid of trust, guided by protocols, and optimized using clever technologies – a Zero-Trust Architecture.
The Zero-Trust Architecture
First proposed in 2010 by John Kindervag of Forrester inc., a Zero-trust architecture is a cyber security system built using a collection of technologies, applications, and governance processes. It allows the exclusion of control by external or internal parties and ensures that an organization retains complete control of every (vital) aspect of its operation and information system.
A functional system built this way makes the organization accountable for its security.
Don’t trust, verify. A Zero-trust network doesn’t confide in any part of its system. It assumes every environment as ‘hostile’ and considers every role player ‘incompetent’ and ‘not trustworthy.’ Zero-trust architecture fortifies individual and organization’s security by introducing a trustless system and building the security system on the party concerned (i.e., the organization or the individual). A Zero-trust architecture limits external and internal influence and access to the least possible.
Zero-trust network technologies first identify the vital aspects of the system’s operation and leverage micro-segmentation based on users, their locations, and other data to determine whether to trust a user, machine, or application seeking access to a particular part of the enterprise. This allows the organization or individual to identify different parties using or influencing their system and the extent to which they do this.
Having identified the critical parts and role players in the system, achieving a Zero-trust environment would require:
- The organization or individual to Map the transaction flows through these parts;
- Build a Zero Trust architecture by applying an array of encryption, verification, and authentication technologies;
- Create Zero Trust policy via its governance processes;
- Monitor and maintain a trustless system.
Zero-Trust Enterprise
A Zero-trust architecture isn’t just a tool or a product. Instead, it is a cutting-edge concept consisting of tools, applications, and policies. These resources put together in a zero-trust network is known as the Zero-trust architecture enterprise.
Zero-trust enterprise is the network infrastructure and operational policies in place for an enterprise as a product of a zero-trust architecture plan. These infrastructures include; physical and virtual technologies and equipment working together to trim reliance on the authenticity of any part of the network or system to the barest minimum.
Existing technologies such as identity and access management (IAM), encryption technologies, endpoint detection, response (EDR), security information, event management (SIEM), or even cloud security posture management (CSPM), can be configured to work in accord to facilitate the primary purpose of a zero-trust architecture.
These ease the enforcement of centrally managed policies for each access to every system’s set up resource, regardless of where these assets are located or whether they are on the organization’s infrastructure.
Apart from these technologies, specific policies must be incorporated into the governance process to achieve a Zero Trust environment. These, amongst others, include:
- Ensuring that access to the organization or system’s data is solely based on authentication and sources must be verified without privileges. This access should also be granted for a limited time.
- Every part of the system should be assessed at intervals to ensure that compromises are detected and arrested early enough.
- Multi-Factor authentication for devices accessing the system’s data and assets must be enforced.
- Regular checks on the current state of parts of the system are essential and should be considered. Data from these checks should be analyzed and improved in case.
Encryption technology is an emerging Zero-trust enterprise. Data sent over networks are protected using cryptographically generated locks and keys in an encrypted internet. Data encrypted using Locks generated by the sender can only be decrypted using a receiver’s keys.
The Syntropy Way
Messaging applications are utilizing this technology recently; however, the blockchain project – Syntropy currently championed the encrypted internet. Syntropy uses encryption and route diagnosis technologies to develop a ‘smart’ routing protocol with blockchain-level security and routing system guided by an artificial intelligence algorithm to improve the data packet routing.
Nodes on the network serve as data transfer routes. Thousands of nodes are active on Syntropy’s network at each time, thus creating alternative routes for data transfer. Syntropy’s Distributed Autonomous Routing Protocol (DARP) employs a very clever algorithm to determine the fastest route through which a data packet could travel at a time and encrypt this data.
To perform data transfer on the network, the node sending the data first sends a ‘pulse packet’ to other available receiving routes (Nodes). Receiving the ‘pulse packet’; the node estimates their ‘one-way latency’. The ‘one-way latency’ is the relative delay in data transfer. The sending node receives the estimated one-way latency for each receiving node. This information enables it to assess the best (fastest) route for data transfer at that particular time.
On receiving the pulse packet and estimating their one-way latency, each node automatically creates a public/private key pair to connect to another DARP node for later participation in a secure mesh network. These keys are propagated across the secure mesh, thus enabling applications to dynamically create ad hoc Virtual Private Networks (VPNs) and secure channels using these propagated public keys.
In addition to speeding up internet speed by selecting efficient travel routes, Syntropy’s zero-trust architecture encrypts data as they travel around selected routes and across different receivers and networks.
When properly utilized, Zero-Trust applications and processes create an organized security system that is built on substantiation. Identifying a system’s ‘weak links’ and fortifying them using segmentation and inspection approaches creates an ecosystem devoid of chaos. In contrast to our modern high trust system, which creates entropy, a zero-trust network synchronizes management and security to create syntropy.
