Jun 23, 2020 I in the Sky: Identity has to Anchor Cloud Security
Trust No One
At least, not implicitly. And when we say “no one” we mean “nothing and no one” — entities in your meshwork of IT services are more often software or hardware entities than they are humans, after all.
Extending no implicit trust to an entity interacting with your environment is the central insight of the Zero Trust model. In Zero Trust, it doesn’t matter if a machine is being used from a supposedly secure location, for example, such as from within a data center: if it tries to talk to a system it is not specifically authorized to talk to, it will not be allowed to.
Mistrust is the Mother of Certainty
Once you have committed to reimagining security as a series of atomic relationships among entities rather than as a set of large, overlapping trust domains, you can get a clearer and deeper understanding of your enterprise’s true security posture. As we discussed in a recent webinar, Who Are You? Cloud Security Must Center on Identity , building the granular trust map that underlies such an architecture is the biggest challenge most organizations face when they try to roll it out. But mapping out both the types of entities and the entities themselves that are a part of the IT environment brings enormous benefits not just in cybersecurity but in IT operations generally. You can neither secure your data, systems, and users, nor operate your systems, if you don’t have a clear picture of who all the players are. Knowing more, and applying that knowledge to more precisely detail the communications you specifically want to allow, helps bring certainty.
Trust but Verify
But of course, as we emphasize in the webinar (and elsewhere, and with clients) it’s not enough to know that entity A is allowed to converse with entity B using HTTPS because that permission can’t be a blanket pass, good for all time once granted. If entity A is the CFO’s laptop, and that laptop gets compromised and becomes part of a botnet, permission has to be revoked. That dynamic aspect of the trust relationship – that it is contingent on continued good behavior – is the crucial complement to the principal of zero implicit trust. Trusting something permanently is just another form of implicit trust, after all. Trusting something because you did in the past is just as suspect and ultimately insecure as trusting something because it is in the right place. So, the natural partner of zero trust is behavioral threat analytics (BTA), which applies analytics to streams of platform and network logging data to look for major behavioral anomalies, since when something starts behaving differently and dangerously, it usually means that thing has been compromised.
Ultimately, it is acknowledging that self knowledge has limits, that trust can’t be irrevocable, and that the trust map for your enterprise has to be dynamic, that make zero trust practical and possible. As enterprises spread further and further across cloud environments and physical space (thanks to WFH) those maps will have to be especially flexible.