Applying Zero-Trust to Voice Networks and the 5G Core
12-Feb-24
Regulatory bodies such as the Cybersecurity and Infrastructure Security Agency (CISA) have worked to provide guardrails and clarity on zero-trust models to ensure the best approach. As defined by the CISA, the five pillars that define a zero-trust architecture are identity, network, application workload, data and device. These five pillars are based on a foundation of visibility and analytics.
Identity – When managing users in a network, identity becomes the first and most important area to protect. Multifactor authentication, continuous authentication, biometrics and even privileged access management are all ways of managing identities and personas attempting to access data.
Network & Environment – The network (including connected networks) should be considered borderless. With the zero-trust approach, assume there are no perimeters in the network. Then, security is applied throughout the network using techniques such as macro- and micro-segmentation and software-defined networking.
Application Workload – It is crucial to start with secure development processes for application workloads. Continuous monitoring, software risk management and secure supply chain management are also other areas to consider.
Data – The goal is to protect the data in the network. Tactics such as data labeling and tagging, encryption (at rest and in transit), access control and constant monitoring are examples of things that can be used to help secure the data in the network.
Device – Devices attempting to access data should all be monitored closely. Mobile device management (MDM), patch management, device detection and compliance and endpoint detection and response should be used to manage devices that access data.
As companies move to a zero-trust architecture in their networks, they will be approaching implementation through three phases: Traditional, advanced and optimal. Each of these phases will enable another level of maturity. In the traditional phase, configurations and policies are managed manually, and automation is incorporated gradually as companies continue their implementation process. This phased approach allows a company to implement basic principles while planning and aspiring towards a more secure implementation as they continue forward.
