Five key pillars of zero trust
A zero trust security approach across can be broken down into five distinct pillars: device trust, user trust, transport/session trust, application trust, and data trust. To efficiently coordinate the security of each pillar consider leveraging a cybersecurity platform that gives you visibility into your entire IT infrastructure, with the access to security automation tools, customizable APIs, and a broad set of third-party integrations.
1. Device trust
The number of devices or endpoints accessing internal resources has grown not only in quantity per user but also in variety. Additionally, new workforce trends add further levels of complexity with policies like bring your own device (BYOD) and remote work. It is critical to navigate, manage, and control all these devices and determine whether they can be trusted. For best device security posture practices, extended detection and response (XDR) capabilities enable the detection of malicious activity on an endpoint better, as it has increased visibility to correlate activity across the enterprise environment, improving the overall zero trust health.
2. User trust
With 57% of organizations suffering a security incident related to exposed secrets in DevOps, authenticating users’ credentials is critical to fending off malicious actors. History has proven that password-based user authentication is just not good enough, giving rise to more secure user authentication methods such as password-less authentication, multi-factor authentication (MFA), conditional access policies, and dynamic risk scoring.
A standard password-less authentication method leverages biometrics and digital certification. The user’s mobile device is leveraged to authenticate the user’s biometrics (fingerprint, facial recognition, etc.) and then authorize secure access based on proximity of the certified device, turning their mobile into their digital certificate.
MFA is a method of access control requiring more than just a username and password and is recommended as a simple best practice by AWS. It leverages a virtual MFA to provide an additional level of authentication, such as a code sent to a user’s phone, before giving access.
Conditional access follows a policy based on the logic of “if __, then___” rules that govern authentication decisions. For example, if the user is logging in from a high-risk geographical region, then block access.
Risk scoring is looking at the context of the login attempt and assigning risks values/levels to different variables. For example, an unmanaged device or one with high travel velocity (device logged in from 2 locations on different sides of the world within 1 hour of each other) will receive a higher risk score.
3. Transport/session trust
The concept of least privilege is key to effective zero trust security. Users, devices, and applications should only have access to the necessary systems to perform their specific job at hand, nothing more. There are three components to implementing least privilege in a zero trust approach: microsegmentation, transport encryption, and session protection.
Microsegmentation is the process of identifying, segmenting, and locking down communication pathways so that only authorized connections are permitted, limiting the scope of a successful breach.
Transport encryption is often completed with a transport layer security (TLS) protocol which cryptographically encrypts sensitive information as it moves between networks. This ensures that malicious actors cannot see what is being communicated, or, in the case that it is captured, it’s not publicly readable.
Session protection ensures that the application is secure during each unique session interaction and that browser traffic is not hijacked and used to expose the application to other unauthorized users on the network. A common method used for this is for the application to force communication to be done over encrypted HTTPS.
Your cybersecurity platform of choice should continuously scan your cloud infrastructure and service to ensure they’re properly configured to leverage HTTPS.
4. Application trust
The remote or hybrid workforce requires users to be able to access any application securely and seamlessly from any device or location. The great news is that modern applications are being designed to support zero trust practices with the integration of single sign-on (SSO) capabilities.
However, traditional applications require a security upgrade to isolate them from visibility by the public internet. This can be done by utilizing a cybersecurity platform that places a zero trust network access (ZTNA) broker between the application and the internet to act as an identity-based barrier. A platform can take isolation a step further (and streamline the process) by allowing security teams to classify different groups of cloud workloads and then auto-apply individual security policies across the segmented identities.
5. Data Trust
Ensuring the integrity of data is a fundamental goal of cybersecurity to prevent it from being breached, exposed, or altered. A commonly used protection method against breaches targeting the exfiltration and/or destruction of important, sensitive data is a data loss prevention (DLP). There are plenty of DLP solutions on the market but leveraging a DLP through a cybersecurity platform allows you to have consolidated protection across your environment. This maximizes data protection by extending visibility across the enterprise to better identify sensitive data and coordinate a response to prevent potential incidents.
When integrating zero trust security measures, attention should be placed on enhancing data trust practices such as data classification and integrity practices where possible as well. This would ensure the data is properly classified for its confidentiality and integrity level, and the necessary security measures are implemented.
DevOps and zero trust
Read More HERE