As complexity increases in a Hybrid IT world, traditional approaches to security are no longer fit for purpose. The classic “Castle and Moat” architecture, which splits networks into trusted and untrusted network segments, leaves organisations open to attack from would-be cybercriminals who are growing in sophistication.
A different approach is needed. One such alternative is a Zero Trust security architecture, which was a concept first popularised by Forrester several years ago.
This represents a change in philosophy for cybersecurity. If this is a new concept to you, here are some of the defining principles provided by Forrester:
- The network is always assumed to be hostile
- Internal and external threats exist on the network at all times
- Network locality is not sufficient for deciding trust in a network
- Every device, user, and network flow should be authenticated and authorised
- Policies must be dynamic and calculated from as many sources of data as possible
Why Zero Trust is Relevant Now
The traditional model of security exists because applications were (for the most part) hosted on premise. Workers were likely to work on just one device from on site, and the email server was located within the four walls of the same building.
For security, network firewalls were deployed to separate traffic within the trusted environment from the untrusted public internet. These firewalls were assumed to be effective at keeping adversaries outside of the trusted network.
Those assumptions have changed dramatically as organisations migrate to Hybrid IT. Use of Software as a Service (SaaS) and Infrastructure as a Service (IaaS) means applications, storage, and compute are distributed between public, private and hybrid clouds, as well as on-premise.
Additionally, staff and third-parties frequently work outside of the corporate offices, and people use a range of devices which may or may not have been provided to them. Furthermore, the assumption that network firewalls effectively prevent attackers from compromising users has proven to be a dangerous one.
These items fundamentally challenge the assumptions that originally drove the creation of Network Perimeter architectures in the first place.
Picking Holes in the Perimeter Security Model
The risks of this model have been repeatedly demonstrated in successful security breaches.
In their methodology, attackers exploit easy lateral movement on trusted network segments as a repeatable step. Essentially, after breaching the moat unnoticed they are now free to roam around inside the castle as they choose. Once a user or device is compromised on the trusted segment, attackers move laterally across the trusted network segment and attempt to escalate their privileges by locating more valuable targets.
Similar risks exist for employees or trusted third parties that launch insider attacks. By using their position on trusted network segments, it is far easier to exploit the excessive levels of trust that they enjoy. It means sensitive data can often be accessed or compromised without detection.
Zero Trust architectures move away from establishing trust at the network layer. Instead, every network segment is assumed to be hostile and untrusted. In place of broad trust assigned at the network layer, Zero Trust demands continuous authentication and authorization at the application layer.
Emerging Zero Trust Security Architectures for Hybrid Environments
As organisations migrate compute from legacy hosting to the cloud, it means many are operating in a Hybrid IT state. A Zero Trust security architecture is ideally suited for managing the risks.
On top of this, replicating the “Castle and Moat” across both on-premise and cloud just isn’t feasible. Trying to replicate the old security stack across all services becomes extensive and complex. We’ve seen quite a few breaches where organisations don’t understand the implications of their security configurations as they migrate to the cloud.
If you want to consider the Zero Trust alternative, here are 5 points worth thinking about:
- As more applications are moved to the cloud, this is a natural time to reconsider your overall approach to security.
- Move applications and data for a shared-risk group into their own micro perimeter. This network segment is dedicated to applications and data, and it is shared with no users and permits no inbound access.
- Place a security connector within each micro perimeter to establish an outbound connection to an access proxy.
- All user access should be mediated at the application layer by the cloud-based access proxy, allowing for continual inspection and logging of user traffic.
- Don’t forget the other benefits of changing – such as better end-user performance, reduced complexity and moving away from slower inefficient VPNs.
If you’re distributing the access proxy across your cloud infrastructure, integration is a matter of updating DNS configurations. This points users who need access to an application to the access proxy in the cloud, and it is able to direct traffic for applications hosted on-premise, in the cloud, or a hybrid of both.
For organisations existing in a Hybrid IT environment, the design assumptions of these legacy security architectures simply don’t work for the modern day.
While this isn’t something which will happen overnight, embracing Zero Trust security architectures will mean the easiest and most secure route for success in the digital age.
In conclusion, Zero Trust architectures offer the opportunity to break the cycle of lateral movement so often seen in breaches. There are a number of evolving approaches to implementing Zero Trust architecture, but for organisations embarking on Hybrid IT cloud-based proxy approaches provide the best coverage for the diverse users and application hosting environments. Finally, cloud-based Zero Trust architectures provide opportunities for operational simplification and for improved end-user experience.
Discover more in Akamai’s infographic “Why Digital Transformation Demands a Zero Trust Security Model”.