This is the first post of a series that attempts to discuss Zero Trust in security from a conceptual and implementation perspective.
What is Zero Trust
Zero Trust is a security model where app components and microservices are considered discrete from one another - no component or microservice trusts any other by default.
Zero Trust by design does not trust the underlying internal network fabric, and extends it to things such as input and output validation at app and microservice level. For example, it mandates that input from any source is not trusted unless it can be verified otherwise.
Additional efforts can include designing a defense-in-depth approach to protect against individual components, microservices, or identities compromise.
While conventional network security seek to build a secure perimeter – everything within the perimeter is trusted and anything outside the perimeter is not, a Zero Trust system evaluates actions to reduce the risk of unauthorized access to data and resources.
Zero Trust Principles
Never trust, always verify
Connecting from a particular network must not determine which services user can access
Access to services is granted based on what we know about the user and the device
All access to services must be authenticated, authorized, and encrypted
Security Controls in Enforcing a Zero Trust Model
One components of a Zero Trust system is the ability to verify a user’s identity before access is granted to the corporate network.
Unmanaged devices are an easy entry point for bad actors, ensuring that only healthy devices can access critical applications and data is vital for enterprise security.
Some scenarios require users to work from unmanaged devices. With those situations in mind, it transitioned from a corporate network approach to internet-first access methods, with a final goal of internet-only access methods in sight.
This strategy reduces users accessing the corporate network for most scenarios, and will establish a set of managed virtualized services that make applications and full functional desktop environments available to users with unmanaged devices.
[To be continued]
Zero Trust goes beyond building a network boundary between each microservice in your architecture. Beyond strengthening your component perimeters; rethink threat sources and investment to protect against them.
Zero Trust models are not always appropriate. It offers some security benefits, but it also introduces cost, complexity, and operational overhead for maintaining the overall system.
When considering Zero Trust architecture, evaluate all five pillars of the AWS Well-Architected framework to properly balance your needs.
BeyondCorp is Google’s implementation of the zero trust security model.
Microsoft’s view on “Zero Trust” is based on the principle:
never trust, always verify.
It protects organizations by managing and granting access based on the continual verification of identities, devices and services.