Why Enterprises Should adopt a Zero Trust Architecture
Zero Trust was a concept coined by John Kindervag at Forrester in 2009. As cyberattacks and ransomware have become more frequent, business disruptions and data theft more common, zero-trust has become more relevant.
Central to the notion of zero-trust is “never trust, always verify.” This requires all traffic to be authenticated and permissions verified before granting access to an application or data. In recent years the concept has been extended to reduce risks and reduce attack surfaces in the enterprise IT environment.
While zero-trust security is still as applicable today as it was in 2009, IT environments have changed dramatically since then. In 2009 Azure had not yet been launched and AWS generated approximately $300 million (most of which was storage). In 2021 AWS generated over $17 billion! In 2021 67% of enterprises had significant parts of their infrastructure in the cloud. In the same survey 81% of enterprises reported having or building a multi-cloud strategy.
The pervasiveness of hybrid infrastructures and growth in remote workforces has caused organizations to adopt a zero-trust security mindset. It must be centered on Identity and not on perimeter-based access to cloud and on-premises resources. Implementing zero-trust effectively still requires organizations to constantly review, audit and validate their security defenses.
Implementing zero trust is a journey and a long-term effort. It requires regular audits of in-place security policies and an active review of access roles to identify and reduce risks. This is the only sure way to reduce attack surface, discover and disable unnecessary access that can be introduced over time.
Secure Application Access in the Cloud: Key Considerations
As part of the digital transformation, organizations have migrated applications to a hybrid cloud infrastructure that includes AWS and Microsoft Azure. The resulting IT infrastructure has become decentralized and ephemeral. Adopting zero trust Identity based access aligns with the agility and ephemeral nature of the cloud. It allows security administrators to enforce strict access based on Identities, resources and transactions.
There are three key elements of cloud access that introduce organizational risks. The good news is that these risks can be mitigated by adopting a zero-trust approach, which is also discussed below. The three key elements are distributed identities, interconnected permissions and dynamic nature of the cloud.
1. Decentralized Identities: There are different identities across network access, applications, and cloud infrastructures. Many enterprises deploy applications across multiple regions within and across cloud platforms. The distributed nature of applications introduces challenges for network connectivity. It also complicates the ability of security teams to audit and enforce rules that govern which identities have access to resources.
The distributed nature of identity and infrastructure also creates shadow access. The process to audit and determine which identities should not be allowed access to resources is also tedious and complicated. In addition to identity in Active Directory (or other Identity Providers / IdPs) at the network layer, most internal applications have their own identity and permission settings. Tools like Kubernetes, Bitbucket, and Jira®, and cloud infrastructure like EC2, S3, and the AWS management console add to the complexity.
Organizations provision multiple identities for the same user, instead of consolidating identities among the applications and infrastructure. The result is identity sprawl which creates security gaps and allows permission abuse. Some organizations however, do adopt manual processes to proactively monitor, audit, and simplify user access control privileges. These practices are usually labor intensive and error prone.
2. Complexity of Permission: Cloud infrastructure and services are distributed and interconnected ecosystems without a clearly defined network perimeter. Traditional network perimeter security is inadequate in securing cloud access. An effective approach requires the adoption of a zero-trust strategy with identity as the new perimeter.
Cloud access needs to be authorized through permissions at the networking, application, and infrastructure layer. When securing cloud access, IAM policy for cloud resources should be evaluated along with the permissions in application and network access. A unified view to the layered but connected permission structure is critical in implementing zero trust access.
3. Visibility and Mitigation of Risk: Cloud resources, such as compute, data storage, and Kubernetes clusters, are critical assets to the enterprises. Visibility into these resources and automated discovery of shadow resources is an important piece of managing risk. The dynamic nature of the cloud calls for a mechanism that can keep track of resources as they are spun up and spun down. Real time visibility into resources and access to them, enables continuous risk management.
This visibility allows continuous risks management, which in turn enables additional security mechanisms in the cloud to mitigate threats and secure cloud access. Risks mitigation strategies, and therefore the underlying visibility, should cover networking, identity, permission, and credentials. All of which are key components in securing cloud access.
Limitations of ZTNA and other First Generation Zero-Trust Solutions
Early implementations of zero trust include Zero Trust Network Access (ZTNA). Limitations in ZTNA designs, rooted in network-based access, mean it cannot effectively detect and prevent data theft or permission abuse. Implementing ZTNA access does not result in reducing attack surface when users are connected to internal applications. Further, providing access to applications over SSH, RDP and Kubernetes add a blind spot for IT security teams.
SSH has long been the preferred method used by hackers to exfiltrate data. Hackers exploit the current VPN and ZTNA limitations in decrypting and inspecting the transactions over SSH channels. Since ZTNA solutions do not decrypt traffic, they cannot inspect the transactions across SSH, RDP and Kubernetes applications. Employing ZTNA access for those environments does not close security blind spots.
ZTNA has a broker that inspects network traffic. The broker identifies packet origin and examines HTTP(S) headers for context such as user location and endpoint operating system. It’s an improvement over traditional VPN technology that has been in use for the past several decades. But, it falls short of addressing the challenges of access for cloud applications.
A cloud centric world requires an extension of Zero Trust. It must continuously verify each user and the applications they are accessing. It must monitor user transactions and verify permissions of each access to detect and prevent data theft and permission abuse. Zero Trust in a cloud-centric world cannot be achieved with a network security only approach.
A Zero Trust Cloud Access Approach
In a cloud-centric world, Zero Trust access must encompass identity, permissions, and credentials. The key characteristics of a zero-trust solution are described below.
1. Cloud Integrated access: Securing access to cloud resources cannot be independent from the services in the cloud. Securing access to cloud resources must incorporate existing cloud access services, especially identity and access management (IAM) and key management systems (KMS). Integration with native cloud services, including IAM, security groups, and KMS, are critical to an integrated and simplified access security solution.
Integrating access with the cloud, requires that the solution perform real-time monitoring and enforcement of application access. The solution must leverage runtime access activity to mitigate permission sprawl, monitor identity for internal applications, and centralized key management.
2. Identity brokerage: Identity based access is central to a zero-trust strategy. However, decentralized identities in networking, applications, and the cloud create security gaps for identity-based access. A zero-trust solution must track and control the identity used in cloud access across networking, application, and cloud environments.
It is important to monitor identity to see if there are shared accounts or impersonated activities in cloud access. Where shared accounts are used, it is critical to track account activity and enable attribution to a specific user.
3.Data and context awareness: Access security is not complete without monitoring the context of access and the data being accessed. In an ideal solution data and access context must be part of the authorization that is defined in the policy. That is the only reliable method to stop malicious activity and data theft in run time.
The solution should be able to not only detect data, but also identify Personally Identifiable Information (PII). The need to prevent data loss is essential for data security and to ensure compliance. And several compliance mandates require active monitoring and blocking access to certain Personally Identifiable Information (PII).
4.Bridging Cloud and Traditional Worlds: Zero-Trust needs to be applied ‘holistically’ to be effective. A zero-trust solution needs to monitor identity across the cloud and the network. It must analyze permissions, resource usage, and integrate KMS as part of authentication.
It should align application permissions with network policy and automate policy creation when new resources are available. The solution should apply analytics to optimize user access control privileges based on runtime activity and cloud context. A zero-trust access solution must be the fabric that connects services to work with identity, permission, and networking.
How Appaegis Enables Zero Trust Security
Appaegis Access Fabric adopts a holistic and programmatic way to securely integrate cloud access security into a Zero-Trust strategy. Appaegis’ Access Fabric integrates and connects cloud IAM, KMS, and identity providers. Appaegis Access Fabric has a deep understanding of application context and user behavior.
This knowledge enables real-time monitoring of users’ access to critical applications, identifies potential security gaps, and reduces permission scope. Appaegis Access Fabric weaves security into every layer of cloud infrastructure and simplifies the journey to Zero Trust.
Traditional network-based access solutions, optimized for securing static IP based networks, are ineffective in a cloud environment. Appaegis is built for a cloud-centric world. Existing solutions don’t protect against data theft or permission abuse. Existing solutions also prevent organizations from leveraging the agility and dynamic nature of the cloud.
Appaegis is built to provide agility, flexibility and ease of use. It has also integrated data protection and prevention of permission abuse. Appaegis combines access control privileges, federates identity management, enforces least privilege access and secures cloud access. A holistic implementation of zero-trust cloud access.
Guest post originally published on Appaegis’s blog by Michael Shieh, Co-founder and CEO of Appaegis