An introduction to Zero Trust
What is Zero Trust
Isn’t it strange, that although we are watching networks closer than ever before and invest a fair bit of money into enterprise security, it becomes harder and harder for us to know who on our network we can trust.
Although networking professionals have been well aware of this for decades, we still assumed that our data center traffic is implicitly trusted, just by being in our data center. Network perimeter security (aka hard shell, soft center) made some sense, but was flawed from the beginning as anything that entered that shell was able to move freely in the soft center. One compromised workload often is enough to get to the rest of the important applications and data or move freely in that infrastructure.
With architectural shifts to cloud services like AWS and Azure, the rise of SaaS, IaaS and PaaS, the beginning of what we now see as a revolution called containers, the problem only gets bigger. All of those infrastructures could be anywhere, even public and the assumption of a trusted network only got more false than it was before. The same happens with users and devices, they are spread all over the globe, accessing sensitive data and applications through VPNs or directly. They may be in coffee shops, on hotel wifi or in their home offices, when a global pandemic changes network access dramatically.
There are more challenges in the traditional approach:
- Security is an overlay in today’s networks - the network was built before security was a concern and to introduce security the network needs to be rearchitected, traffic needs steering to go through control points granting access
- IP subnetting gets harder and cumbersome if zones get smaller and smaller, it becomes unmanageable if you need to write layer 3/4 rules for this
- Hard to write one policy to fit all infrastructures
- Many enforcement points
- lateral movement is possible in each of the zones, no matter how small they are
- Access control limited to the perimeter of the network
- no visibility into your network flows
- No orchestration to automate operations
What is Zero Trust
The answer to the problem shown above is to rethink the trust model from implicit trust to a zero trust security model. In short: Never trust, always verify, for each connection in the network. It is an architectural approach based on “Deny first, only allow what you must”.
The Zero Trust Security model was created by John Kindervag during the 2010s at his time with Forrester Research. The model was initially focussed on:
- Segmenting and securing networks across locations and hosting models (private cloud, on prem, public cloud)
- Preaching the zero trust gospel - to challenge and eliminate the inherent trust assumptions we have made over the last decades
Kindervag has advocated for Zero Trust in continued roles outside of Forrester and Chase Cunningham has taken over the Zero Trust architecture and the Zero Trust eXtended wave that Forrester publishes since 2018.
The model evolved significantly from then on and is now a usable framework that gives IT and security a chance to implement a Zero Trust model in a pragmatic way.
Zero Trust is not a technology, it is a architectural model and we have a couple of assertions to consider before implementing Zero Trust:
- Assume breach - We assume that no part of the network is trusted, data breaches will happen
- Disappearance of “inside” vs. “outside - We assume that there are always internal and external threats on all parts of the network
- Least privilege - everything in the network, devices, users, flows, data should be provisioned with a least privilege approach
- Never trust always verify - a default deny approach to security
- Policies must be dynamic and consider more information than locality of the end-user
- Centrally managed - a place to orchestrate the zero trust network
In the 2010s Forrester research introduced the Zero Trust approach aiming to addressing lateral threat movement and exfiltration within the infrastructure by using micro segmentation (Dr. Chase Cunningham). The framework is data-centric and based on five main pillars:
- Data - obviously the most important part of all security frameworks - this is the most important asset to protect
- Networks - traffic needs to flow for legit users and blocked for untrusted connections
- Devices - the vehicle for user access to the network
- People - the human factor often is key in successful attacks and one of the most used vectors into the network
- Workloads - the devices where applications actually do computation and storage on
All of this is tied together with Orchestration and Automation and needs visibility as a key component to even start implementing a Zero Trust network model.
How to implement a zero trust approach?
Identify your data
Knowing where and what your sensitive data is, is key to protecting your environment and establishing a zero trust strategy.
Identifying traffic flows between applications, spotting the attack surface is one of the most important, but also most daunting tasks in creating your Zero Trust security model. Not only is it hard to get the traffic, but also your network changes and those changes need to be reflected in the model in real time. Identifying applications and application dependencies is key before moving to the next stage.
Once you see traffic, it will become easier to create a Zero Trust policy with a default deny standard rule. It gets much easier to define and spot microperimeters e.g. for specific applications, but also to see traffic for privileged access at the application boundaries.
Illumio will help you automatically generate the optimal policy for the application and help you to identify flows that are not compliant.
Testing the policy is part of the workflow and gives you a way to test without actually going into full enforcement of policy. Resulting in less risk and decreasing the failure rate to a minimum.
Enforcing a policy is something that used to be very risky, every policy change could result in network outages and availability problems for applications. With a test mode this threat will go away and get you to enforcement faster and without the risk of breaking applications.
Track alerts for policy violations in real-time and enhance your alerting with meaningful, contextual data, encrypt east-west traffic transparently and have full visibility throughout the application lifecycle.
Monitor and maintain
Keeping and maintaining your enterprise security and your zero trust implementation requires constant work and effort. Remember that zero-trust is not a technology, but a framework and process. With what you learned you can implement zero trust with each new application in your enterprise and find the optimal workflow over time while maintaining a never trust, always verify approach.
Embrace security automation and orchestration
Only through orchestration and automation you will be able to maintain a stable, predictable and reliable zero trust security model.
The above workflow will greatly reduce complexity, decrease the risk associated with changes and get you to a zero-trust networking model much faster.