Balance innovation and agility with security and compliance
risks using a 3-step process across all cloud infrastructure.
Step up business agility without compromising
security or compliance
Everything you need to become a Kubernetes expert.
Always for free!
Everything you need to know about Magalix
culture and much more
In the US, the White House announced on September 7th the start of a move towards Zero Trust Architecture to help combat increasing cybersecurity threats from progressively sophisticated and persistent threat actors.
This process has begun with the release of a draft Federal Zero Trust Strategy by the Office of Management and Budget (OMB). Recognizing that this migration will take significant effort over several years, the action is seen as vital to protect US Government systems. The strategy calls for the implementation of rigorous access and monitoring controls for all users, devices, and systems, irrespective of their location, in line with trust no one attitude.
This US government strategy comes when the commercial world is also looking towards improving its cybersecurity posture. So, what is a Zero Trust Architecture?
Zero Trust Architecture is a significant shift in approach in managing security controls. It goes beyond a simple change to network design to a fundamental rethinking of security philosophy. With the deployment of sophisticated attack vectors and uncovering of long-term exploitations, this step change may well give cloud security a lead over the malicious attackers.
Traditionally, architectures imposed security controls between an internal system and the outside world, focusing on blocking unauthorized access. However, once authenticated and inside the boundary, security moved from active management to passive monitoring. Any malicious process inside the system could then exploit further weaknesses to escalated privileges and hide its presence.
In a Zero Trust Architecture, there is no assumption of authenticated trust inside the boundary. Trust must be earned; connections are assumed suspect until proven legitimate. This includes all networks, even hardened wired local networks; there are no exceptions. Every interaction must employ robust authentication techniques.
Zero Trust Architecture relies on the network designers having a one hundred percent complete and fully defined architecture regarding systems, services, devices, and users. Any omission or incomplete definition can lead to weaknesses. This approach requires a robust definition of all devices and users for efficient controls and minimal vulnerabilities.
Establishing trust comes from building confidence in the communications between a device or user and a service. Monitoring and inspecting transactions allow the system to build up a picture of the trustworthiness of the network link, using the results to determine whether to grant access to the service. Thus, establishing trust within the architecture is on a case-by-case basis for every interaction. This is as opposed to concentrated at the boundaries at a firewall or VPN connection.
Continuous monitoring of services and devices is necessary, with action taken on the detection of issues, be that operational health problems or detection of suspect activities. Security should be proportionate with the importance of services and data. Access to critical services and essential data requires strict control using the principle of least privilege to minimize access to information and resources. It is crucial to note that implementing a zero-trust model will require selecting services designed to operate in a zero-trust environment.
You can read more about what Is Zero Trust Architecture and how it works in our blog.
Adopting the viewpoint that all users and devices are untrusted requires a novel mindset when assigning the roles and responsibilities that security policies will enforce. However, applying the following principles will help provide robust cloud security.
The principle of least privilege ensures authorized users are only allowed access to those services and specific data necessary for the performance of their duties. It assumes that all users are equally treated as untrusted but minimizes security incidents due to unauthorized or accidental access to services or data. The policy must include logical and physical access restrictions to be effective.
Division of duties policies prevent a single user from performing a complete end-to-end process but instead impose rules that permit a user to execute part of the process and then require an independent user to perform the next part. This approach will prevent a single compromised account from completing potentially damaging operations. Demonstration of true independence is necessary; for example, separate users accessing a service from the same device should raise questions.
Dual operator policies require actions by two separate users before an activity is permitted to provide independent verification that the action is authorized. Typically, financial transactions or the granting of privileged access will use this approach. A demonstration of true independence is again necessary for this to be effective.
The fundamental principle of using a zero-trust model is that every action a user or device performs is subject to a policy decision that determines if it will be permitted. This invisible operation verifies each access attempt to data or resources. If the policy criteria are not met, access is forbidden, and a security action is initiated. This will severely restrict the activities of an attacker that has compromised a user account or network device.
Zero trust policies provide the mechanism for determining which users and devices are granted authorized access to which services and data. Each policy is composed of a set of rules that are applied to access requests from users or devices that meet defined criteria. The assessment of compliance with the rules results in an assignment of action to that access request.
The criteria identify the nature of the access request to determine which rules will apply. The criteria can be a single individual named user or any access requests originating from a region of the world. The following are examples are typical criteria:
The rules are the set of conditions upon which access decisions are made. These can be affirmative rules such that access is granted if the rule is met, such as an IP address is from a specific country. Alternatively, the rules may be written, so access is denied if the rule is met. The rules can be constructed as logical operations, using Boolean algebra for complex constructs. Rules can be a single condition but will typically include multiple functions to provide robust cloud security. Typical structures can consist of:
Figure 1: The Zero Trust Policy Engine
The zero-trust policies must be complete, correct, and coherent to be robust, effective, and secure. Any errors of omission or conflicts between policies can potentially lead to weaknesses and vulnerabilities that an attacker can exploit. Thus, Zero Trust Architectures put an increased reliance on getting security policies right. This challenge will benefit from the adoption of policy-as-code.
Policy-as-code is the process of using a high-level declarative language to define policies. This methodology provides a formal framework for writing these policies in a structured and systematic manner that allows their verification and validation. Tools can manage configuration control, testing, deployment, and monitoring. Processes that assure that the correct policies are correctly implemented and remain effective over time.
Policy-as-code will deliver significant security robustness benefits while reducing maintenance overheads. In addition, policies can be modified in a controlled manner with a roll-back capability if required, maximizing system uptime and minimizing user disruption.
Zero Trust Architecture is, in simple terms, the creation of systems that assume you can trust no one. Therefore, deny access to every user and device until proven trustworthy and access to services are data limited to the minimum necessary.
Zero Trust Architecture is gaining traction due to the moves in US Government strategy and recent changes to work practices that have seen widespread remote access where homeworking has been necessary to maintain business operations during a global pandemic.
Magalix empowers organizations to define, manage, and deploy zero-trust policies as policy-as-code using a robust policy enforcement engine. This service allows businesses to enforce governance standards across a Zero Trust Architecture and validate and ensure compliance across infrastructure and embedded in workflows. Additionally, it will enable infrastructure monitoring that quickly detects and responds to policy violations. Finally, it implements the rigorous access and monitoring controls necessary to implement Zero Trust Architecture effectively and securely.
To learn more about how Magalix Policy Enforcement Platform can support your Zero Trust Architecture implementation, please get in touch.
Today, we are thrilled to announce that Magalix is joining forces with Weaveworks, GitOps creator, and Kubernetes management company.
Learn the recommended best practices and strategies that can be adopted to secure the microservices deployed in the cloud.
Despite its many advantages over manual approaches to infrastructure configuration, IaC also creates some security challenges. Learn more here.