What is
Zero Trust Architecture?

Isn’t it strange, that although we are watching networks closer than ever before and invest a fair bit of money into enterprise security, it becomes harder and harder for us to know who on our network we can trust?

Although networking professionals have been well aware of this for decades, we still assumed that our data center traffic is implicitly trusted, just by being in our data center. Network perimeter security (aka hard shell, soft center) made some sense, but was flawed from the beginning as anything that entered that shell was able to move freely in the soft center. One compromised workload often is enough to get to the rest of the important applications and data or move freely in that infrastructure.

 With architectural shifts to cloud services like AWS and Azure, the rise of SaaS, IaaS and PaaS, the beginning of what we now see as a revolution called containers, the problem only gets bigger. All of those infrastructures could be anywhere, even public and the assumption of a trusted network only got more false than it was before. The same happens with users and devices, they are spread all over the globe, accessing sensitive data and applications through VPNs or directly. They may be in coffee shops, on hotel wifi or in their home offices, when a global pandemic changes network access dramatically. 

There are more challenges in the traditional approach: 

• Security is an overlay in today’s networks - the network was built before security was a concern and to introduce security the network needs to be rearchitected, traffic needs steering to go through control points granting access 
• IP subnetting gets harder and cumbersome if zones get smaller and smaller, it becomes unmanageable if you need to write layer 3/4 rules for this 
• Hard to write one policy to fit all infrastructures 
• Many enforcement points 
• lateral movement is possible in each of the zones, no matter how small they are 
• Access control limited to the perimeter of the network 
• No visibility into your network flows 
• No orchestration to automate operations 

The answer to the problem shown above is to rethink the trust model from implicit trust to a Zero Trust security model. In short: Never trust, always verify, for each connection in the network. It is an architectural approach based on “Deny first, only allow what you must." 

The Zero Trust network access model was created by John Kindervag during the 2010s during his time with Forrester Research. The model was initially focused on: 

• Segmenting and securing networks across locations and hosting models (private cloud, on premises, public cloud) 
• Preaching the Zero Trust gospel that risk is an inherent factor both inside and outside the network - to challenge and eliminate the trust assumptions we have made over the last decades 

Kindervag has advocated for Zero Trust architecture in continued roles outside of Forrester and Chase Cunningham has taken over the Zero Trust architecture and the Zero Trust eXtended wave that Forrester publishes since 2018. 

The model evolved significantly from then on and is now a usable framework that gives IT and security a chance to implement Zero Trust architecture in a pragmatic way. 

Zero Trust architecture is not a technology, it is an architectural model and we have a couple of assertions to consider before implementing. 

• Assume breach - we assume that no part of the network is trusted, data breaches will happen 
• Disappearance of “inside” vs. “outside - we assume that there are always internal and external threats on all parts of the network 
• Least privilege - everything in the network, devices, users, flows, data should be provisioned with a least privilege approach 
• Never trust always verify - a default deny approach to security 
• Policies must be dynamic and consider more information than locality of the end-user 
• Centrally managed - a place to orchestrate the network 

In the 2010s Forrester research introduced the Zero Trust architecture approach aiming to address lateral threat movement and exfiltration within the infrastructure by using micro-segmentation (Dr. Chase Cunningham). The framework is data-centric and based on five main pillars: 

• Data - obviously the most important part of all security frameworks - is the most important asset to protect 
• Networks - traffic needs to flow for legit users and blocked for untrusted connections 
• Devices - the vehicle for user access to the network 
• People - the human factor often is key in successful attacks and one of the most used vectors into the network 
• Workloads - the devices where applications actually do computation and storage on 

All of this is tied together with Orchestration and Automation and needs visibility as a key component to even start implementing Zero Trust architecture. 

Identify your data 

Knowing where and what your sensitive data is—that's the key to protecting your environment and establishing a Zero Trust architecture strategy. 

Discover traffic 

Identifying traffic flows between applications, spotting the attack surface is one of the most important, but also most daunting tasks in creating your Zero Trust architecture. Not only is it hard to get the traffic, but also your network changes and those changes need to be reflected in the model in real time. Identifying applications and application dependencies is key before moving to the next stage. 

Define policy 

Once you see traffic, it will become easier to create a Zero Trust architecture policy with a default deny standard rule. It gets much easier to define and spot micro-perimeters e.g. for specific applications, but also to see traffic for privileged access at the application boundaries. 

Illumio will help you automatically generate the optimal policy for the application and help you to identify flows that are not compliant. 

Testing the policy is part of the workflow and gives you a way to test without actually going into full enforcement of the policy. Resulting in less risk and decreasing the failure rate to a minimum. 

Enforce 

Enforcing a policy is something that used to be very risky, every policy change could result in network outages and availability problems for applications. With a test mode this threat will go away and get you to enforcement faster and without the risk of breaking applications. 

Track alerts for policy violations in real-time and enhance your alerting with meaningful, contextual data, encrypt east-west traffic transparently and have full visibility throughout the application lifecycle. 

Monitor and maintain 

Keeping and maintaining your enterprise security and your implementation requires constant work and effort. Remember that Zero Trust architecture is not a technology, but a framework and process. With what you learned you can implement Zero Trust architecture with each new application in your enterprise and find the optimal workflow over time while maintaining a never trust, always verify approach. 

Embrace security automation and orchestration 

Only through orchestration and automation will you be able to maintain a stable, predictable and reliable  network security model. 

The above workflow will greatly reduce complexity, decrease the risk associated with changes and get you to a Zero Trust architecture model much faster. 

Discover how Zero Trust architecture can help protect your organization.