<img src="https://ws.zoominfo.com/pixel/JHVDdRXH2uangmUMQBZd" width="1" height="1" style="display: none;">
Magalix Logo
Login
Request a Demo
github icon github icon azuremarketplace icon azuremarketplace icon

Policy-as-Code to Manage Zero Trust Architecture

backback
Read Time 5 mins read
Steve Mash
Steve Mash
10. 8. 2021
Find me on:
LinkedIn
Policy-as-Code to Manage Zero Trust Architecture

Introduction

In the US, the White House announced on September 7th the start of a move towards Zero Trust Architecture to help combat increasing cybersecurity threats from progressively sophisticated and persistent threat actors.

This process has begun with the release of a draft Federal Zero Trust Strategy by the Office of Management and Budget (OMB). Recognizing that this migration will take significant effort over several years, the action is seen as vital to protect US Government systems. The strategy calls for the implementation of rigorous access and monitoring controls for all users, devices, and systems, irrespective of their location, in line with trust no one attitude.

This US government strategy comes when the commercial world is also looking towards improving its cybersecurity posture. So, what is a Zero Trust Architecture?

Zero Trust Architecture

Zero Trust Architecture is a significant shift in approach in managing security controls. It goes beyond a simple change to network design to a fundamental rethinking of security philosophy. With the deployment of sophisticated attack vectors and uncovering of long-term exploitations, this step change may well give cloud security a lead over the malicious attackers.

Traditionally, architectures imposed security controls between an internal system and the outside world, focusing on blocking unauthorized access. However, once authenticated and inside the boundary, security moved from active management to passive monitoring. Any malicious process inside the system could then exploit further weaknesses to escalated privileges and hide its presence.

In a Zero Trust Architecture, there is no assumption of authenticated trust inside the boundary. Trust must be earned; connections are assumed suspect until proven legitimate. This includes all networks, even hardened wired local networks; there are no exceptions. Every interaction must employ robust authentication techniques.

Zero Trust Architecture relies on the network designers having a one hundred percent complete and fully defined architecture regarding systems, services, devices, and users. Any omission or incomplete definition can lead to weaknesses. This approach requires a robust definition of all devices and users for efficient controls and minimal vulnerabilities.

Establishing trust comes from building confidence in the communications between a device or user and a service. Monitoring and inspecting transactions allow the system to build up a picture of the trustworthiness of the network link, using the results to determine whether to grant access to the service. Thus, establishing trust within the architecture is on a case-by-case basis for every interaction. This is as opposed to concentrated at the boundaries at a firewall or VPN connection.

Continuous monitoring of services and devices is necessary, with action taken on the detection of issues, be that operational health problems or detection of suspect activities. Security should be proportionate with the importance of services and data. Access to critical services and essential data requires strict control using the principle of least privilege to minimize access to information and resources. It is crucial to note that implementing a zero-trust model will require selecting services designed to operate in a zero-trust environment.

You can read more about what Is Zero Trust Architecture and how it works in our blog.

Zero Trust Principles

Adopting the viewpoint that all users and devices are untrusted requires a novel mindset when assigning the roles and responsibilities that security policies will enforce. However, applying the following principles will help provide robust cloud security.

Minimizing Privileges

The principle of least privilege ensures authorized users are only allowed access to those services and specific data necessary for the performance of their duties. It assumes that all users are equally treated as untrusted but minimizes security incidents due to unauthorized or accidental access to services or data. The policy must include logical and physical access restrictions to be effective.

Dividing Duties

Division of duties policies prevent a single user from performing a complete end-to-end process but instead impose rules that permit a user to execute part of the process and then require an independent user to perform the next part. This approach will prevent a single compromised account from completing potentially damaging operations. Demonstration of true independence is necessary; for example, separate users accessing a service from the same device should raise questions.

Dual Operations

Dual operator policies require actions by two separate users before an activity is permitted to provide independent verification that the action is authorized. Typically, financial transactions or the granting of privileged access will use this approach. A demonstration of true independence is again necessary for this to be effective.

Shift-Left Whitepaper

Zero Trust Policies

The fundamental principle of using a zero-trust model is that every action a user or device performs is subject to a policy decision that determines if it will be permitted. This invisible operation verifies each access attempt to data or resources. If the policy criteria are not met, access is forbidden, and a security action is initiated. This will severely restrict the activities of an attacker that has compromised a user account or network device.

Zero trust policies provide the mechanism for determining which users and devices are granted authorized access to which services and data. Each policy is composed of a set of rules that are applied to access requests from users or devices that meet defined criteria. The assessment of compliance with the rules results in an assignment of action to that access request.

The criteria identify the nature of the access request to determine which rules will apply. The criteria can be a single individual named user or any access requests originating from a region of the world. The following are examples are typical criteria:

  • Access control identifier.
  • Specific email address.
  • Email address domain.
  • Specific IP address.
  • Source IP address range.
  • Validated client certificate.
  • Validated access service token.
  • Login method and credentials.

The rules are the set of conditions upon which access decisions are made. These can be affirmative rules such that access is granted if the rule is met, such as an IP address is from a specific country. Alternatively, the rules may be written, so access is denied if the rule is met. The rules can be constructed as logical operations, using Boolean algebra for complex constructs. Rules can be a single condition but will typically include multiple functions to provide robust cloud security. Typical structures can consist of:

  • All conditions must be met before granting access.
  • More than A conditions from a set of N conditions (N > A) must be met before granting access.
  • Only one condition from a set of conditions must be met before granting access.
  • More than A conditions from a set of N conditions (N > A) and less than B conditions from a set of N conditions (N > B) must be met before granting access.
  • Only one condition from a set of conditions must be met before denying access.
  • More than A conditions from a set of N conditions (N > A) must be met before denying access.
  • All conditions must be met before denying access.

pac-diagram

Figure 1: The Zero Trust Policy Engine

Policy examples:

  • All requests from email addresses from the domain “@zerotrust.com” with a European IP address are granted access to a service.
  • Access requests to financial data from the accounting department access control group members logged on using multi-factor authentication (MFA) from a company-assigned end-user device (as recognized by its MAC address) from a predefined static IP address will be granted access.
  • Access requests to commercially sensitive company data from users who have not logged on from a company-assigned end-user device (as recognized by its MAC address) will be denied access.

Policy-As-Code

The zero-trust policies must be complete, correct, and coherent to be robust, effective, and secure. Any errors of omission or conflicts between policies can potentially lead to weaknesses and vulnerabilities that an attacker can exploit. Thus, Zero Trust Architectures put an increased reliance on getting security policies right. This challenge will benefit from the adoption of policy-as-code.

Policy-as-code is the process of using a high-level declarative language to define policies. This methodology provides a formal framework for writing these policies in a structured and systematic manner that allows their verification and validation. Tools can manage configuration control, testing, deployment, and monitoring. Processes that assure that the correct policies are correctly implemented and remain effective over time.

Policy-as-code will deliver significant security robustness benefits while reducing maintenance overheads. In addition, policies can be modified in a controlled manner with a roll-back capability if required, maximizing system uptime and minimizing user disruption.

Conclusion

Zero Trust Architecture is, in simple terms, the creation of systems that assume you can trust no one. Therefore, deny access to every user and device until proven trustworthy and access to services are data limited to the minimum necessary.

Zero Trust Architecture is gaining traction due to the moves in US Government strategy and recent changes to work practices that have seen widespread remote access where homeworking has been necessary to maintain business operations during a global pandemic.

Magalix empowers organizations to define, manage, and deploy zero-trust policies as policy-as-code using a robust policy enforcement engine. This service allows businesses to enforce governance standards across a Zero Trust Architecture and validate and ensure compliance across infrastructure and embedded in workflows. Additionally, it will enable infrastructure monitoring that quickly detects and responds to policy violations. Finally, it implements the rigorous access and monitoring controls necessary to implement Zero Trust Architecture effectively and securely.

To learn more about how Magalix Policy Enforcement Platform can support your Zero Trust Architecture implementation, please get in touch.

Request A Commitment-Free Consultation

Comments and Responses

Latest Articles

Security as Code
10. 14. 2021
Top 5 Costly Data Breaches of 2021 and Its Impact

From Astoria Company to Reindeer, this article discusses the biggest data breaches of 2021 where the companies paid a huge price and suffered major repercussions

Read More
Read Time 4 mins read
Zero Trust Security
10. 11. 2021
Strengthening Supply Chain Security with Zero Trust Architecture

Here’s why a Zero Trust security approach is one of the most reliable ways to prevent supply chain attacks.

Read More
Read Time 5 mins read
10. 8. 2021
Policy-as-Code to Manage Zero Trust Architecture

Find out how Policy-as-Code can help you manage your adoption of Zero Trust Architecture in a cloud environment securely and painlessly.

Read More
Read Time 5 mins read

Start Your 30-day Free Trial Today!

Implement the proper governance and operational excellence in your Kubernetes clusters.

Request a Demo

“We are on a mission to add intelligence to applications and infrastructure so you can focus on what truly requires human intelligence.”

g
m
Product
Company
Resources
Questions?

Subscribe to the SaC Newsletter

Stay up to date with Security as Code (SaC) Bi-weekly Magalix newsletter.
© 2021 Magalix Corporation. All Rights Reserved.