PREMISE
Because of the pandemic, traditional perimeter-based network defence is no longer effective. Customers want enterprises to retain security controls similar to those found in a controlled/organizational environment when working from home, and becoming accustomed to a “Zero Trust” environment would be an ideal way to meet all legislative, compliance, and regulatory security obligations.
Introduction
The security perimeter has been redefined by cloud apps and the mobile workforce.
- The new perimeter is no longer defined by the organization’s physical location(s)—it instead extends to any access point that hosts, stores, or accesses corporate resources and services.
- Interactions with corporate resources and services are increasingly circumventing on-premises perimeter-based security paradigms based on network firewalls and VPNs.
- Organizations that rely primarily on on-premises firewalls and VPNs lack the visibility, solution integration, and agility required to provide timely end-to-end security coverage.
Takeaway – Today, enterprises require a new security paradigm that more effectively responds to the modern environment’s complexity, embraces the mobile workforce, and protects people, devices, apps, and data wherever they are located. This is the foundation of Zero Trust.
1.1 What is Zero trust
A zero trust “ZT” environment is a cybersecurity architecture based on zero trust principles that is intended to prevent data breaches and limit internal lateral movement. ZT is a set of guiding principles for workflow, system design, and operations that may be utilised to improve the security posture of any classification or sensitivity level information.
1.2 Traditional perimeter security controls
A conventional security architecture might include a firewall/UTM, a network intrusion detection and prevention system, centralised anti-virus and anti-spam, perimeter and host-based data loss prevention, a domain controller (Active Directory), SIEM, and patch management tools.
Figure 1 – Traditional network architecture
3. Approach REQUIRED FOR ZT implementation over cloud
To use ZT architecture and protect organisational assets and investments, a technology and product neutral strategy should be considered. For ZT implementation using cloud controls, a four-step strategy is advised. Assess, Audit, Apply, and Assure (A4) is discussed more below:
A comprehensive security assessment is required to identify endpoint, server, online, mobile, and other vulnerabilities.
3.2 Audit
A detailed strategic plan must be delivered during this phase to meet compliance, regulatory, and statutory requirements.
3.3 Apply
The ultimate solution requires detailed blueprints and architecture designs that integrate all technology and system components.
3.4 Assure
At this stage, monitoring identity management, endpoint, application, workload, and network access logs is required.
4. Cloud solutions that can meet ZT requirements
Even though we are considering Microsoft Azure options, identical solutions are available from all cloud service providers.
4.1 Authentication
Multifactor authentication (MFA, 2FA, or 3FA) is required to achieve Zero Trust. Microsoft Azure AD supports MFA and SSO.
4.2 Access control
Traditional Active Directory group policies implement perimeter network access limitations. Cloud-based mobile device management (MDM) solutions like Microsoft Intune can help.
4.2.1 CONDITIONAL ACCESS
Azure Active Directory offers conditional access restrictions based on user/group, IP, device, or application. It also detects risks in real-time.
4.3 Micro segmentation (Application and Network Firewalls)
Micro-perimeters operate as system borders, prohibiting unwanted lateral movement. The company can segment by user group, location, or logical application group. Azure’s ASG and NSG services enable micro segmentation.
4.4 Monitoring
Azure’s Security Center (Azure Defender) helps us locate and monitor suspicious activities. It also inspects, evaluates, and logs all traffic and data.
4.5 Policy enforcement
Organizations have varying compliance standards. Azure’s security benchmarks, blueprints, and policies help organisations quickly implement/enforce security rules and controls.
4.6 Key Management
Azure Key Vault is a Microsoft cloud service for securely storing and accessing secrets such as passwords and SSH/API keys.
4.7 End point protection
Mobile device management solutions, such as Intune, can be used to govern how devices, such as phones, tablets, and laptops, are utilised. Specific policies can also be configured to control programmes.
4.8 Security Operation Center
Cloud based SIEM systems, such as Sentinel, can assist security teams in collecting and analysing massive amounts of data at scale in order to detect new network threats.
Conclusion
Because the Zero Trust security model works best when it is implemented across the whole digital environment, most businesses will need to take a phased approach that focuses on specific areas for change based on their Zero Trust maturity, available resources, and objectives.
Each investment must be thoroughly considered and aligned with current business demands.
Do watch this space for more blogs on Zero Trust Environment.
