Zero Trust Architecture for the Internet of Things

Traditional cybersecurity approaches focus on creating a trusted network of trusted devices and services with a perimeter of firewalls to keep attackers out. However, recent changes are forcing that “perimeter security architecture” to be abandoned for a more sophisticated “Zero Trust Architecture” (ZTA) where devices and services can reside anywhere globally, and no device or service is completely trusted.

A similar change is now coming to the Internet of Things (IoT), even in the Smart Home. This white paper explains how IoT security is being transformed by Zero Trust Architecture, why this change is happening, and what IoT designers must do to adapt.

PROBLEMS WITH PERIMETER SECURITY

For many years, cybersecurity used perimeter-based security with firewalls. This approach harkens back to the time of castles and moats in the Middle Ages. By keeping the bad guys outside of a castle's walls with a moat, the good (trusted) guys inside thought they were safe. When inside, no extra protection, such as armor, was necessary. How easy and efficient!

Unfortunately, perimeter security does not work well in modern cybersecurity. Attackers can use an email with a malicious link or a tempting ad on a web page to infect machines inside the perimeter. An infected machine becomes a base for observing unencrypted network traffic, scouting the target network, and infecting other machines. A more fundamental problem with the perimeter model is that users today spend much of their time outside the office and trusted services are often located in external clouds. Accommodating remote work in a perimeter security model requires extending the perimeter to include remote users and cloud services, which is a tremendous extension—and a substantial risk.