What is Zero Trust Security?
Zero Trust is a security model that mandates strict identity verification for all users and devices accessing network resources, both internally and externally, enhancing protection against unauthorized access and attacks.
Zero Trust architecture’s security approach is based on the principle of never trusting anyone entirely, and requires continuous verification of every individual connection point. It allows enhanced security by preventing lateral movement of bad actors on a network and minimizes the potential attack surface.
This approach places the burden of authentication on the device, rather than the entire network. Venafi Senior Solutions Architect Ivan Wallis breaks it down: “In a theoretical Zero Trust environment we make no assumptions, and we don’t compromise trust to make it easier for systems to authenticate. "This has become increasingly complex in environments, such as cloud computing and extended partner networks, which blur traditional notions of internal vs external trust—especially in terms of perimeter security. For all intents and purposes, the security perimeter has evaporated," Wallis said.as cloud computing and extended partner networks, which blur traditional notions of internal vs external trust—especially in terms of perimeter security. For all intents and purposes, the security perimeter has evaporated.”
How Does Zero Trust Work?
Imagine you have an exclusive club, and you only want your friends to enter. Implementing Zero Trust is like hiring a bouncer to stand at every entrance to the club, and check the IDs of every single person who tries to enter, whether they've been there before or not. The traditional network security concept of "once you're in, you're trusted" automatically assumes trust within a network and only considers external threats. Zero Trust, your strict club bouncer, requires every single person, device, and application running on a network to undergo rigorous and continuous multi-factor authentication. They have "Zero Trust" for anybody, even if you're already in the club. The policies of Zero Trust are also dynamic, adapting to any changes in normal user behavior, location, or time of access. So if a previously trusted user accesses the network from an unusual location, or attempts to access files they've never touched before, Zero Trust will throw up additional roadblocks. This will ensure that if there was a breach, the damage is contained. This principle of constant verification is a great way to mitigate risks from both internal and external threats.
Multi-factor authentication vs. Two-factor authentication
If Zero Trust security is based on constantly verifying the identity and authentication of users and devices within a network, how is that authentication done? The most common security measures are multi-factor authentication (MFA) and two-factor authentication (2FA), and both are effective methods to enhance the security of your organization.
Two-factor authentication (2FA), as the name implies, will require a user or device to provide two different factors to verify its identity. The factors of identity could be a password, a pin, biometric data (fingerprint or facial ID recognition), the answer to a security question. When 2FA is enabled, the user will provide one of the factors listed above, and then verify the receipt of a unique code sent to a device.
Multi-factor authentication (MFA) works very similarly, the only difference being that it requires more than two factors to verify identity. Incorporating additional levels of verification makes the level of security provided by MFA much higher than 2FA, as it’s far more resilient against phishing attacks, credential theft, and other cybersecurity threats.
The actual term “Zero Trust Security” was coined in 2009 by John Kindervag, and he was the first to challenge his cybersecurity colleagues to abandon the idea of perimeter-based trust, which automatically assumes all users and devices within a network are authenticated, and consider the idea of “never trust, always verify”.
John Kindervag actually sat with Venafi to further discuss the creation of the Zero Trust Model, how you can pitch this model to your organization, and how Zero Trust and machine identity management work together, and what the future of Zero Trust Security will look like.
What are the 5 Pillars of Zero Trust?
The 5 pillars of Zero Trust are Identity, Device, Environment, Application Workload, and Data. Let’s take a deeper look at what this means, and how the Venafi Control Plane can help you achieve each one.
Pillar 1: Identity
Venafi manages the machine identities that allow machines to authenticate and communicate with one another. That includes managing the cryptography for access devices, such as Personal Identity Verification (PIV) cards and VPN tokens.
The Venafi Control Plane provides:
- Global visibility over your on-premise, hybrid cloud and cloud native environments
- A unified control plane that centralizes visibility and intelligence across your hybrid IT environment
- Complete lifecycle orchestration of machine identity modalities, including key and certificate management as well as tokenization
- The ability to automate end-to-end machine identity management, including thousands of proven integrations with load balancers, HSMs, DevOps tooling and a host of ecosystem partners
- Automated security controls to help you harden code signing security to protect you against malicious macros or attacks targeting software build pipelines
Pillar 2: Device
Venafi automates machine identities and secures declared infrastructure in the CI/CD pipeline, acting as a unifying tool that bridges traditional and modern device management.
The Venafi Control Plane provides:
- Continual monitoring and validation of the machine identity security postures of your devices
- Visibility into the types of machine identities your devices are using, such as certificates, keys and tokens
- Intelligence into the location, ownership and lifespans of your device machine identities
- Native support for integrations with other security solutions
Pillar 3: Environment
Venafi helps you secure and automate machine-to-machine connections throughout your environment by managing TLS/mTLS, SSH, code signing and other machine identities. The Venafi Control Plane protects your network by:
- Encrypting all machine-to-machine communication traffic to internal and external locations
- Automating alerts and triggers for expiring machine identities so that they may be replaced before they expire and cause an outage
- Automating discovery of machine identities across networks, devices, and services
Pillar 4: Application Workload
Venafi secures software development pipelines to help ensure all code is legitimate and hasn’t been infiltrated with malware.
The Venafi Control Plane provides:
- Access to centralized code signing authentication, authorization and monitoring
- Defined and enforceable enterprise-wide code signing security policies, including those for application code, workflow enforcement and lifecycle orchestration
- Controls that restrict who has access to sign code, who can approve their use and when that approval expires
- Support for distributed, centralized and redundant HSM architectures
- An irrefutable log of all code signing activities for remediation and auditing purposes
- Crypto agility capabilities that help you quickly respond to Certificate Authority (CA) compromise or other cryptographic failures
- Rapid-fire certificate issuance for cloud environments where machine identities must be issued in seconds
Pillar 5: Data
Venafi helps manage your cloud native machine identity inventory and secure your data in the cloud.
The Venafi Control Plane provides:
- Automated enforcement of strict machine identity access controls for machines holding valuable data
- Automated enforcement of machine-to-machine security controls for protecting your data as dictated by corporate policy and industry and government regulations
What are the Guiding Principles of Zero Trust?
Zero Trust Principal 1: Default Deny
Zero Trust changes what in the past has been a “trust but verify” security model to a model whereby default connections are denied. Every time a connection is needed, the identity (person or machine) needs to be authenticated.
While the number of people accessing networks is fairly static, the number of machines making connections on networks is exploding. As new technologies have been adopted, the definition of machines has expanded—from physical machines, such as servers and PCs, to mobile devices, applications, cloud instances, containers, microservices, clusters, APIs, and smart algorithms. Each of these machines needs a machine identity to establish identity and authenticity.
The number of machine identities used by a small enterprise is typically in the thousands. Global 5000 organizations tend to use millions of machine identities. Effectively managing these thousands or millions of machine identities so they can ensure trusted communications absolutely requires a machine identity management strategy and program.
Zero Trust Principal 2: Context is Everything
Context is extremely important in a Zero Trust world. As an employee of Venafi, I should be trusted to log in to the Venafi network from my home in Houston. But I probably shouldn’t be trusted if I’m logging in from somewhere in Europe or Asia. Context is equally important when machines are connecting to networks or each other. What's granted for one particular machine identity should not necessarily be granted for all machine identities.
Let’s take Secure Shell (SSH) as an example. SSH is used by IT administrators to create secure connections between machines on unsecured networks. It’s a powerful protocol used widely in corporate networks to provide secure access for users and automated processes, facilitate interactive and automated file transfers, issue remote commands, and manage network infrastructure and other mission-critical system components.
The context of where SSH keys are used for machine identities should matter very much for how SSH machine identities are managed. In connections that have a high-risk context, say connections between build machines or the CI/CD pipeline, we might configure SSH to establish limits on things like port forwarding, source control (only accept SSH connections that come from a named source), passwords and automated keys.
Zero Trust Principal 3: Granularity
If an application is trying to access data in a database, in a Zero Trust environment that application needs to be validated using certificates and public key infrastructure (PKI) to determine that it is an approved app accessing an approved database. As application architectures get more granular, so does the need to ensure trust between all the components. That has a big impact on machine identity management.
An application architecture from a few years ago might have required just a few TLS certificates to encrypt communications. Maybe one certificate on a load balancer, another one on a web server and two more for the backend application and database servers. Those TLS certificates would have had two- or three-year lifecycles so you wouldn’t have had to think about renewing them that often.
Fast forward to today, where applications are developed with microservices in mesh architectures and are much more compartmentalized. In Zero Trust, these more granular connections all need to be trusted, so the four TLS certificates I needed a few years ago will need to be multiplied to accommodate all the new components. Add on the fact that as of September 2020, TLS certificates have a lifespan of just over one year, meaning a machine identity management strategy and program is critical for dealing with the increased number of TLS certificates that need to be renewed more frequently.
Zero Trust Principal 4: Dynamic
Zero Trust relies on the principle of continuous verification of every device, user, and application trustworthiness throughout an enterprise. Since these devices, users and applications can be highly dynamic, the approach to ensuring their trustworthiness needs to be dynamic as well.
For machines, it means their machine identities need to be created and spun up rapidly, disabled and revoked rapidly, and then reconnected and redesigned. None of these actions can easily be done manually which is yet another reason why machine identity management is critical for Zero Trust.
How to Implement Zero Trust
Talha Tariq, Chief Security Officer at HashiCorp, joins Kevin Bocek to discuss the importance of establishing a clear Zero Trust architecture and sharing those protocols across your organization. Talha gives insight into how exactly HashiCorp does this, and how you can use the same template for success. He also highlights the importance of risk management for your organization's top-priority assets and most critical systems. Finally, Kevin gets Talha to divulge how he manages to create security principals that Developer and Operations teams not only follow, but LOVE!
Use Cases for Zero Trust Architecture
Now that you understand what Zero Trust is, how it works, and the guiding principles of implementing Zero Trust, let’s take a look at some use cases of how a Zero Trust Architecture can function within your organization:
- Remote employees: Perimeter-based security was already defunct back in 2009 when Zero Trust Security was first developed, but now, in a post-COVID remote-first world, it’s completely outdated. Remote employees are known to use company machines all around the world, sometimes on less-than-secure public networks. Zero Trust will ensure that your remote employee accessing sensitive corporate materials from a coffee shop they’ve never been to won’t be mixed up with bad actors trying to breach your network. This concept also applies to employees using their personal devices for work. Zero Trust will treat these devices as untrusted and require authentication of their identity every step of the way.
- Audit Compliance: By continuously verifying the identities of all users and devices within a network for every single access attempt, a Zero Trust security model demonstrates a strong integrity of data security and access controls. This model is a comprehensive security framework that is aligned with most regulatory frameworks, which makes it a reliable way to demonstrate your organization is adhering to regulatory policies.
- Ecosystem Integrations: Zero Trust also makes collaborations with external partners and vendors more secure by extending this “never trust, always verify” concept to apply to external parties trying to access internal resources. This is particularly valuable for Venafi customers that take advantage of one of the hundreds of possible integrations made possible within the Venafi Ecosystem.
- Cloud Adoption: Migration to the cloud is becoming more prevalent, particularly because of the significant competitive and security advantages that come with it. But with this adoption, a traditional perimeter-based security strategy will not be effective. Much of your organization’s data will be accessible via cloud-based networks, and it will be more important than ever to ensure that only authorized users and devices are granted access to critical data and applications.
Why You Need Machine Identity Management to Achieve Zero Trust
"Digital trust in humans and machines is the ultimate goal of any corporate leader to ensure the business and its services are trusted," according to David Mahdi, a former Gartner machine identity analyst and Fast Company Executive Board member, who is speaking the Venafi Summit. "While much of the market has been enamored with zero trust, leaders must recognize that it's just a first step. The focus must be on building strong trust foundations with identity-first security for all humans and machines in the environment," Mahdi said.
Machine identity management programs provide organizations with the visibility, intelligence, and automation they need for the thousands or even millions of machine identities used in their organization. The bottom line: Zero Trust programs won’t succeed if they don’t synchronize with an organization’s machine identity management program.