Cybercrimes are increasing over time and organizations are more and more concerned about their data and network security. To effectively secure them, the Zero Trust security model can be employed. It prevents unauthorized access because it is based on the concept of establishing no prior or default trust for any user, application, device, or network.
Zero Trust philosophy dictates that an organization must reliably authenticate any person or entity asking to connect to its technology systems, before allowing them access to their data.
In this article, we explore two vital concepts – Data Encryption and Access Management and how both are critical to a successful Zero Trust strategy.
Why Data Encryption is Mandatory in Zero Trust
Zero trust mandates end-to-end encryption of data because it moderates the probability of data breaches, but implementing this solution alone does not provide ultimate security. Additional cybersecurity defense and protection mechanisms, such as Firewalls, SIEM, Anti-malware solutions, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), etc., are also recommended.
The absence of these security mechanisms can result in the compromise of data at rest, data in transit, and data in use. The incorporation of cryptographic mechanisms such as encryption can safeguard the organization’s confidential information even if it is compromised as the attackers can’t decrypt it.
The core aim of the Zero Trust model is the protection of confidential organizational data from unauthorized access along with compliance with existing laws and regulations. Organizational data is stored, processed, and transmitted in numerous practices, but all the workflows require data encryption at all times.
Encryption has proved the backbone of modern-day cybersecurity and is vital for the implementation of a zero-trust architecture. Cryptographic algorithms permit data to be encrypted to achieve confidentiality and digital signing for integrity verification. End-to-end encryption (E2EE) is the concept of securing the data while at rest, in transit, or in use. Zero Trust data encryption not only makes your data secure from unauthorized use but also complies with regulatory compliance standards and guidelines such as General Data Protection Regulation (GDPR) that legally bind organizations to classify and secure data accordingly.
Data Security and Protection Policies
You can only defend what you are clear about. Data in a system is stored, processed and transmitted by various system components and extreme care is taken in system design to address the security requirements at each node. Protecting data at a broad level in a security system should proceed in the following steps:
- Categorizing and classifying data based on criticality and sensitivity
- Classifying users, groups, services, applications, and devices that can access, store and process specific data
- Identifying places in networks and systems where data can reside
- Implementing data encryption and protection mechanisms
- Adding access privileges for confidential data
- Establishing and auditing the existing data practices
Zero Trust for Data at Rest
Since the inception of the cloud, more organizations have shifted their systems from typical on-premises hardware solutions to cloud-based solutions. More data is now being stored in the cloud than on private enterprise servers or consumer devices. It has eased the business and lowered the cost, but there are still concerns about security and the ongoing requirement for encryption at rest. Similar is the case with cloud-based databases. Since the organization stores, processes, and transmits Personally Identifiable Information (PII) and Personal/Protected Health Information (PHI), it is highly recommended to organizations to only use the CSPs and databases for data at rest which support and implement encryption mechanisms.
Another important discipline of data encryption is the protection of cryptographic keys. In cloud-based environments and databases, administrator accounts have access to the encryption keys and are prone to insider attacks. A possible solution is to encrypt before storing data in the cloud or in databases which provisions organizations to manage keys themselves preventing third-party cloud provider access.
Zero Trust for Data in Transit
Security of data in transit is equally important to data at rest. Perimeter security strategies aren’t providing enough confidentiality in the cloud age due to the visibility of network boundaries. For example, if a user logins to the office network remotely from his home, the network traffic passes through multiple servers before it reaches the destination. The compromise of a single node or the presence of a malicious application on any node can potentially expose your company's confidential information to threats. Regardless of these security risks, the cloud is still an efficient mechanism. Zero Trust secures the data in transit through data encryption, Transport Layer Security (TLS) and IPSec are two options to build, Virtual Private Networks (VPNs).
Zero Trust for Data in Use
There has been sufficient progress in securing the data at rest and data in transit. The aspect which is currently not much explored is data in use. Encrypted data has to be decrypted for further processing but a malicious application or compromised host may get access to unencrypted, confidential data. The following strategies and technologies need to be incorporated for the protection of data in use.
Trusted Execution Environment (TEE)
TEE is a secure section within your computer’s main processor and is separated from the system's main OS and guarantees data and code to protect its confidentiality and integrity. Trusted sections of the code are used to run the application inside a protected TEE and all other access to the TEE is denied irrespective of the privileges of the entities requesting it.
Homomorphic Encryption (HE)
HE provisions the use of encrypted data without the decryption mechanism to be carried out. It is based on the concept that mathematical constructs can make it possible to perform certain types of data processing without first having to decrypt the data - you basically perform operations directly on encrypted data. This concept can go a long way toward shoring up zero-trust initiatives.
Confidential VMs is a novice technology just like virtualization and sandboxing provisioning applications to run inside a “secure enclave” making them unreachable by other applications, even the OS. The incorporation of such a strategy can noticeably improve the security of data in use.
Access Management in Zero Trust
A Zero Trust access management architecture ensures that each access attempt by default is untrusted, from an untrusted user, from an untrusted device, from an untrusted network, and must require thorough validation. The verification process includes the trust demonstration in accordance with the organizational security policies. They ensure that only legitimate, authorized and authenticated users can access system resources. Zero Trust eliminates persistent trust and administers continuous authentication, least privilege, and adaptive access control mechanisms.
Principles for Implementing Access Management in Zero Trust
The effective implementation of proper access management is a big challenge for organizations and involves the following considerations:
Segmentation and Micro-Segmentation
The incorporation of network segmentation in the organizational infrastructure augments in splitting to further diverse zones or sub-networks which can limit the movement to other networks or zones once unauthorized access is gained. Users authorized to access an explicit zone can move freely within that zone but mandate identity re-verification to switch between zones. The approach equally applies to applications, users, and devices resulting in an ‘access control’ barrier preventing their zonal sensitive information. A common example of this approach is to store the confidential data such PII in a separate zone, database or network which is different from the one that is accessible to third parties and public-facing servers.
Extra Protection of Privileged Accounts
The analysis of past data and information breaches (insider threats and external attacks) concludes that most of the incidents included the compromise or abuse of privileged accounts for some systems. This compromise also appeared as the main root cause of various other attacks.
As a countermeasure for Zero Trust implementation, organizations should categorize and make an inventory regarding all the privileged accounts and their corresponding secrets, passwords, and credentials. Based on this intelligence, organizations can further implement access control mechanisms for the safeguarding of privileged accounts.
Proxy-based Access Management
The implementation of access management in zero trust also mandates the incorporation of a control or proxy layer to evaluate the access policy for each application and application page. The proxy layer safeguards the overall system resources based on centralized policies along with contextual information to authorize or reject access to a specific resource. The proxy-based access management also acts as a gateway that can be utilized to shield users, devices, applications, and APIs with a dynamic set of policies that are centrally defined and managed. Furthermore, proxies manage access to control planes (cloud, virtual, DevOps) and critical applications by enforcing network segmentation.
Adaptive Access Controls
From the previous breaches, it has been clear to cybersecurity professionals that the legacy and classical access control mechanisms (allowing inherited trust and absence of continuous validation) can’t defend organizations from modern-day attacks. The zero trust model loop backs the contextual information also referred to as “intelligence” into the security mechanism through the control plane which leads to adaptive security controls. These intelligence-based access control systems manage user access to applications, files, and network features based on multiple real-time factors. This strategy appears to be more strong and more scalable than a legacy "moat" approach. Zero Trust enforces adaptive access controls which manage the access requests based on a context-based Just-in-time (JIT) approach to pause and dismiss sessions based on user behavior, inappropriate activity, or changes in context and risk.
Least Privilege Principle
It is a very commonly used and highly recommended cybersecurity best practice and a vital footstep towards the protection of privileged access to critical assets and information. The principle of least privilege requires that an entity (user, application, account, machine, employee, etc.) is given the minimum level of permission and access to accomplish its designated functions as per the security policy. Zero trust mandates that organizations should strongly impose the least privilege principle through enterprise-level policy across all networks and systems in the organization with attribute-based access controls. The least privilege principle also works closely with the separation of duties and segregation of duties to limit the permissions associated with specific processes and users.
Monitoring and Logging
Zero trust also highlights the logging and monitoring mechanisms to be in place for the protection of the systems. The monitoring of the privileged access foils external attackers and malicious insiders from succeeding in their attacks. It is highly recommended to implement strong controls and create isolation layers between users, systems, applications, and endpoints along with nonstop monitoring of access requests and approvals. The monitoring and logging systems must monitor, manage, and audit each session. These systems also incorporate filtering, logging and monitoring mechanisms to safeguard organizational systems against unauthorized and hidden commands and changes. They integrate monitoring and logging systems with the Security Information and Event Management (SIEM) solution of the Zero Trust system to give a clear, real-time, and in-depth picture of the overall system by triggering alerts based on anomalous behavior such as inappropriate commands, unusual access locations, etc.
Proper Implementation of Access Management and End-to-end Encryption of data is vital for the effectiveness of a Zero Trust strategy since the former safeguards the resources against unauthorized access and the latter deals with the confidentiality of data against authorized and unintended users.
We are aware that business areas within an organization have their own unique challenges. A Zero Trust architecture can be modified to meet the individual demands and requirements of an organization’s specific needs, which at times can be complex and hybrid environments. Proper implementation of Access Management and Data Encryption is vital for a successful Zero Trust strategy.
For more information on Zero Trust security, see our series of articles.