So goes the mantra: never trust, always verify; encrypt data; least privilege until more is justified; and surveil for abnormal behavior.
Cyberattacks similar to that of the infamous SolarWinds incident in 2020 have put renewed focus on introducing a Zero Trust-based approach to identity security, and have highlighted the need to move away from the implied trust method to the Zero Trust approach.
The concept of zero trust can be reduced to “never trust and always verify every user, device, and IP address accessing a resource”. It can also be described as an“end-to-end approach to data security that encompasses identity, credentials, access management, operations, endpoints, and the interconnecting infrastructure.”
With the recent accelerated rise of cloud applications and Work-From-Home arrangements, and data workloads migrating to the Cloud, data architects have had to rethink data security. Zero Trust security models are popular for applications, but architects must consider whether they are the right choice for protecting the data itself.
Under the zero trust model, on-premises or cloud assets have to remain untrusted until validated and approved, via the following measures:
- Network security measures: With network policies, organizations can specify which IP addresses can connect to cloud platforms. Trusted resources can come from only the defined IP addresses that organizations control. If required, data platforms should be enabled to use with cloud service providers’ private networking technologies as well.
- Identity management: Technology companies should support a variety of open standards. The technology should be integrated with an organization’s identity provider to ensure federated authentication via SAML2 and allow for multi-factor authentication, adding layers of trust to a user or resource authenticating to cloud platforms. Automating theSystem for Cross Domain Identity Management (SCIM) is a great way to manage the user lifecycle. This is particularly handy when automating user off-boarding.
- Authorization: Ensuring users act with least privilege and separation of duties, is enforced through flexible and granular role-based access controls. By default, users should have least privilege, receiving a more privileged role as business needs require. Conditional policies built on dynamic data masking tools become a powerful way to protect sensitive data further, so that only users with trusted roles can see data in clear text, while data is obfuscated for users with other roles.
- Encryption: All data should be encrypted at rest. SaaS vendors that offer a bring-your-own-key (BYOK) option provide a powerful capability to never trust not only users, but also the service itself. With customer-managed keys, IT teams control access to their data using a master encryption key maintained in the key management service for the cloud provider that hosts their data. For instance, the customer’s key can be combined with a key to create a composite master key. This composite master key is then used to encrypt all data in customers’ account. If organizations revoke the key, the data cannot be decrypted.
- Monitoring: Zero trust means that activity should be monitored on enterprise-owned networks and SaaS applications. An account usage schema is an excellent way to monitor and understand what constitutes normal activity, including user login behavior, authentication types, granting of administrative privileges, and IP addresses of resources connecting to cloud platforms. For example, the average number of seconds between failed login attempts can be fed into an organization’s SIEM for trend analysis to understand what the baseline normal is, guiding the issuance of alerts on abnormal behavior patterns.
Organizations running SaaS applications should evaluate the product security features to determine the feasibility of using a zero trust model. Achieving zero trust with a single technology is unlikely, especially on a network that is not owned by the enterprise.
In totality, such features provide a mechanism across security domains to, in fact, never trust and always verify. Organizations should identify solutions that are positioned to fit well into a zero trust model, providing a service that is secure and resilient — so that organizations can focus on analyzing their data, not protecting it.