Although Zero Trust is an often misunderstood and misused term, it is an approach that has real value in helping to reduce systematic cyber risk and improve resilience. Organizations of all sizes understand that they need a resilient cybersecurity strategy that can sustain and enable the business even during a crisis, but when it comes to Zero Trust, most organizations struggle to figure it out and find the right place to start. Moving to the cloud offers a new chance for Zero Trust architectures.
So what is Zero Trust and what is it not?
Some vendors will claim that Zero Trust is only about identity and access management. In other words, how the company allows authorized users to access resources. Although this is a building block of Zero Trust, it is only one element of what should be seen as a broader strategy that takes into account all the risk surfaces in which the business operates. across identity, infrastructure, product, process and supply chain.
Every security professional will tell you that trusting technology architectures and networks has always been a bad idea. A trusted network connected to your data center network can be compromised, a terminal hacked, a trusted user with the key to your kingdom turned to an insider, a trusted operating system process hacked by a Trojan , a trusted file being malicious, etc.
Therefore, Zero Trust provides a strategic approach to eliminate any implicit trust between technological entities. Simply put: it requires deploying not only bouncers at the entrance to your club, but also inside the club and in the garage and hiring bodyguards who escort your customers out of the club. Wait, is Zero Trust that simple? Is this just a call for more security? Let’s be honest, the key question for organizations has still not been whether they should adopt Zero Trust, but why would it work this time, and where should they start considering the high cost and low will of change ?
Zero Trust for Black Swans
In my experience, organizations that have successfully adopted Zero Trust have first focused their programs on risk management. Working for over a decade for a large financial services organization, I have come to know risk management very well. Especially the fact that sometimes small events can wreak havoc on an entire organization or even an industry. Such systematic events, aka black swans, have also recently become very common in our cybersecurity metaverse.
Ransomware and supply chain incidents are potentially the most visible symptoms of these risks that we see in the news every day. These risks are a good target for your Zero Trust program. As for the root cause of these technological systematic risks, they come in different varieties or, in the worst case, a combination of all:
Single point of failure. These include core infrastructure components that glue your technology stack together. An insecure or poorly architected Active Directory, WebSSO or DNS infrastructure can quickly turn into a nightmare.
Obsolete software monocultures. Operating systems, firmware, and software with high organizational adoption rates that are not patched regularly. A single vulnerability can lead to catastrophic ransomware or sabotage risk.
Flat network effect. An organization without segmentation or proper network controls in IT (think all your unmanaged devices), OT and IoT. Easy game for every intruder or virus/ransomware.
Palo Alto Networks
Zero trust pyramid
Traditional enterprises that inherit a combination of these systematic risks typically launch their Zero Trust program based on two building blocks: harmonizing their identity and access management stack and harmonizing their connectivity landscape. This creates a foundation for additional Zero Trust building blocks addressing other systematic risks, such as firmware monocultures, apps, etc.
The Role of a Platform in Zero Trust
If I had to explain cybersecurity resilience, I would go like this: To build a resilient organization, we need to make security a system, not a component goal. For example, don’t just focus on testing the effectiveness of your sandbox control. Instead, prioritize how your sandbox is integrated with other security controls in your organizations. Or don’t spend millions testing your most critical application if that application is connected in the same network to a million dollar IoT device and running additional exposed services on the server.
In a decentralized and fragmented world, where workloads and identities live somewhere on the Internet, such a systematic cybersecurity perspective becomes very difficult without harmonizing some critical capabilities required to make your security work:
A common identity and a stack of policies.
A common understanding of exploitable threats.
A common protocol/control for enforcing your policy and threat intelligence across your entire system.
Another way to explain this is to take the approach of Phil Venables in one of his recent blogs. He wrote, “One of the most effective techniques for enterprise security in many organizations is to create a universal baseline of controls that apply everywhere, and then economically augment that baseline by reducing the unit cost of controls (existing and new)”. In his blog, he points to the auto industry as an example, suggesting that the commoditization of safety features from race cars to everyone’s family car can be replicated in cybersecurity. In fact, network security and connectivity is a prime example.
The way network security worked in the past was that everything inside the organization was trusted and everything outside was untrusted. Security was only enforced at organizational boundaries. This model no longer works with remote workers, cloud, edge, and mobile device access requirements. All of these environments are now directly connected to the Internet. However, they all lack even the most basic controls such as segmentation or intrusion detection.
The reason for this is that testing or deploying individual controls and policies comes with high costs, making most cybersecurity controls unaffordable for organizations. This is why cybersecurity platforms are becoming the best strategy for deploying Zero Trust strategies and an economic differentiator for most cybersecurity programs over time.
Palo Alto Networks
The Cloud Opportunity for Zero Trust
Replacing legacy connectivity or security stack is a big deal and requires, if not triggered by your cloud and remote workforce programs, a sometimes severe (ransomware) push to get there. happen, but there’s a new chance for your Zero Trust program, which shouldn’t be overlooked and wasted! As organizations increasingly move workloads, applications, and users to the cloud and embrace DevOps, now is the time to design your security from the ground up, not an afterthought.
A systematic approach in this context requires you to consider, in addition to the security of your production environment, the security of your CI/CD pipeline and the integration of security controls as early in the pipeline as possible. Let’s put some questions in Zero Trust language that should be in your workbook if you’re serious about security in DevOps and cloud environments:
Are you sure your software engineer’s device isn’t compromised?
Are you sure your code repository is not compromised?
Do you trust the integrity of the code throughout the development and deployment process?
Do you trust your third-party infrastructure as a code model (IaC) or a Docker container? Remember that on average half of them are associated with bad vulnerabilities.
What about other software application dependencies used in your projects?
Do you believe that your identities are assigned the correct privilege rights?
Do you trust the security of your code or misconfigurations such as hard-coded credentials, privileged network settings, etc. ?
Are you sure your microservices orchestrator is not compromised etc. ?
There are many other issues to address, but the fact is that systematic risks increase in DevOps environments in both vertical and horizontal directions. Vertically, there are many more risks to consider compared to more traditional environments. Horizontally the impact of a single poisoned package can be massive as seen in many cases such as SolarWinds etc. Don’t miss your opportunity to build Zero Trust early in your DevOps and cloud journey.