Cyber security for complex networks: Zero Trust

What is zero trust?

Zero Trust works on the basis of 'never trust, always verify'. Whereas in the past certain connections were always open to certain users, in a zero trust design there is no prior assumption as to the degree of trustworthiness of who wants access; be it organisations, users, hosts or datasets.

We want to be sure that these connected systems are reliable. As a result, IT Security Architects must work in a more intricate manner, as the interconnected networks are becoming too complex to oversee as a whole.

Cybersecurity - Decentraal ontwerpen op basis van Zero-trust

Decentralised design on the basis of zero trust.

Decentralised design on the basis of zero trust

By decentralising the design of an IT architecture and thus dividing the design into a number of clear sub-divisions (each with its own responsibilities), an overview can be created. This provides certainty regarding the security of each sub-part, the connections which are relevant to this sub-part and how they can be protected. In this way, an organisation can get a better grip on possible attacks because they can already monitor them within a smaller sub-part. All of this is done on the basis of the Zero Trust philosophy. The foundation for Zero Trust is ‘never trust, always verify’. Whereas certain connections were always open to certain users in the past, a Zero Trust design has no prior assumptions on the degree of reliability regarding those who want access – regardless of whether this concerns organisations, users, hosts or datasets.

Implied trust zones methodology

Dividing an IT design into sub-parts

In the TNO Implied Trust Zones methodology, an IT architecture goes from a centralised process (with one architect at the helm) to a decentralised process with several responsible parties. The relationships and connections are clearly visualised and the system is set up through a series of separate Implied Trust Zones. As an example from the automotive industry, take a car that communicates with surrounding cars, traffic lights, road information, weather information and traffic information in order to drive safely and autonomously in as optimal a manner as possible (or: to support the driver). While this is very complex as a whole, the individual parts can remain clear with the right methodology.

Due to the decentralised design, individual components can now also be tested and validated separately. In other words, a smart traffic light can be deemed secure without the need to test all other connected systems (cars, other infrastructure) as well.

The method is currently being tested in the automotive industry within the SECREDAS project, and a healthcare case is being developed.

Potential impact for organisations

More secure and resilient: This methodology offers major advantages because the architecture becomes clear, processes remain transparent and responsibilities are straightforward. An architecture with a decentralised design conducts analyses more easily and acts faster and more effectively in the event of possible attacks. The Implied Trust Zones methodology ensures that the impact of an incident is kept to a minimum.

Better designs lead to a safer and more flexible environment: The method helps to identify and correct ‘errors’ and shortcomings in IT designs from the outset AND helps to better plan urgent measures to be taken, including where they best fit into the architecture.

Application areas

The Implied Trust Zones methodology is applicable in many areas of cybersecurity:

For more secure information transactions, such as for financial or governmental organisations.
For chain partners: organisations that have to work together and where information is frequently passed on, particularly when privacy and security are important.
For organisations where the design of an IT architecture is large and complex, which could concern policy, people, suppliers, digital services, etc.

But the methodology also quickly helps to provide answers to questions such as:

How do you debug a security architecture?
Systems-of-systems: is the security solution in the right place?
Secure and flexible infrastructures: how do you design them?

Collaboration

TNO has the unique expertise to advise on tailor-made solutions. If you want to work with us and/or learn more about the Implied Trust Zones methodology, please contact Mark Buningh.

Contact us

Skip navigation (Contact us)

Mark Buningh

Functie:
Senior Business Developer Cyber Security
More about Mark
- Standplaats:
  Den Haag - New Babylon
- Telefoon:
  +31 88 866 17 98
- Email:
  Email Mark
Looking for an expert?
View all experts

Back to navigation (Contact us)

Get inspired

14 resultaten, getoond 6 t/m 10

Quantum computing: how can it serve your organisation?

Informatietype:: Article

Solving problems in real time with quantum computing applications? The huge computing power provides opportunities for AI, optimisation, and materials science.

Security monitoring and detection

Informatietype:: Article

Security Monitoring and Detection allows companies to proactively analyse their network traffic and data to identify suspicious patterns at an early stage.

over Security monitoring and detection

Supply chain security

Informatietype:: Article

In our paper "If the chain itself is the weakest link" we specify three concrete steps towards improved digital security in the supply chain.

over Supply chain security

Webinar: explanation of ASOP prototype modulair security platform

Informatietype:: Webinar

28 February 2022

1 aflevering

With the development of the first prototype modular security platform, we are taking a first step towards enabling automated risk management of cyber security operations for the benefit of strategic organisational objectives.

Tech companies and TNO join forces for further development of automated cybersecurity platform

Informatietype:: News