What is Zero Trust Security?
Zero-trust security is not a specific technology or product, but a security model based on the concept that “All entities are untrusted”. Forrester defines zero trust as “Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices.”
Zero trust security encompasses four principles:
Least Privilege
Assuming that any user, device, or application is not trusted, all requests are treated as potential threats and validated and authorized.
Multiple Authentication and Authorization
Multi-factor authentication is used to authenticate the identity of users, devices and programs for fine-grained authorization so that they can only access required resources and data.
Real-time Monitoring and Audit
Real-time monitoring and auditing of all user, device and program behaviors as well as the resources and data they access.
Dynamic Security Policy
The security policy is dynamically updated with the changes of users, devices, data and external risks.
Characteristics of Cloud-native Environment
Cloud native environment is a modern infrastructure, oriented to cloud computing infrastructure and applications, advocating container-centered lightweight application development and delivery mode. It has the following characteristics:
Containerization
Cloud-native environment takes container technology as the core, and packages applications and dependencies into containers to realize cross-platform operation and rapid deployment;
Automation
Cloud-native environment advocates automation, including automatic deployment, automatic expansion and contraction, automatic monitoring, etc. to improve efficiency and reduce costs;
Elasticity
The cloud-native environment has elastic scalability, which can increase or decrease resources in real-time according to load and demand to cope with different business scenarios;
Microservice Architecture
The cloud-native environment is based on the microservice architecture, which splits programs into independent microservices and communicates through a lightweight communication mechanism to improve flexibility, scalability and maintainability.
Why Zero Trust Is Needed in a Cloud-Native Environment
Due to the dynamic, containerized and microservice characteristics of cloud-native environments, traditional boundary security protection policies cannot be fully adapted. Security protection policies in cloud-native environments face the following challenges:
Blurring Network Security Boundary
The network security boundary in the traditional network architecture is usually implemented by hardware devices such as firewalls and gateways. With the development of public cloud, private cloud and hybrid cloud technologies, cloud-native programs may be deployed anywhere, even across multiple cloud service providers and regions, and traditional security boundaries are disappearing.
Increase in Untrustworthy Factors
In the cloud-native environment, the number and location of containers are constantly changing, and their running status will be abnormal due to external attacks, software defects and other reasons, which will adversely affect the security of the cloud-native environment. In addition, cloud-native applications rely on a variety of open-source tools for automated deployment and management. More tools mean more untrustworthy factors in them.
Complex Unified Authorization Mechanism
Cloud-native applications are usually composed of microservices running in different containers, which means that each microservice needs to configure different identity authentication, authorization mechanisms and ensure the interaction between them is secure. In addition, multiple technology stacks are often used to build and deploy applications in cloud-native environments, requiring different authentication and authorization mechanisms for each technology stack.
Complexity of Infrastructure Sharing
The deployment and operation of cloud-native applications may depend on the same set of computing resources, storage resources, network resources, etc. To improve the efficiency of resource utilization, these resources are managed and shared at multiple levels. In the process of management and sharing, problems such as ultra vires and resource run are easy to occur, which affects the normal operation of other services.
Data Security and Compliance Requirements
The deployment and operation of cloud-native applications may span different security domains, with higher standards for data security and compliance.
To sum up, a more flexible, refined and scalable security model-zero trust is needed in the cloud-native environment. The essence of the zero-trust security model is identity-centered access control. It guides the security architecture from network-centric to identity-centric, establishes a more efficient, comprehensive and flexible security defense system, reduces the attack surface, lowers security risks, increases fine granularity of access control, and avoids information and data leakage.
Zero Trust Practices in Cloud-Native Environment
Zero-trust security practices in cloud-native environments can be carried out from the following aspects:
Cloud Native Asset Inventory
Asset inventory can discover unknown or unauthorized assets in time, determine which assets should be authorized or prohibited from accessing, and improve the security and controllability of cloud-native environments.
Principle of Least Privilege
Restrict the access of users and cloud-native services to ensure that they can only access required resources and data so as to reduce the attack surface and potential attack risks.
Fine access control and authorization mechanism
Mandatory and sophisticated authentication and authorization mechanisms, such as multi-factor authentication (MFA) and single sign-on (SSO), can reduce unauthorized access.
Data Encryption
Cloud-native applications usually need to process sensitive data, and encryption and decryption technologies are required during data storage, transmission and processing to ensure data security. In addition, it is also necessary to adopt a secure key management and distribution strategy to ensure the security of keys.
Risk Surface and Threat Management
Cloud-native environments rely on other open-source components and frameworks that are more or less vulnerable to vulnerabilities and security risks. By implementing risk surface management in the cloud-native environment, security risks caused by open-source components and frameworks can be reduced.
Continuous Security Monitoring and Audit
Continuous security monitoring and auditing can ensure the legality of users’ and services’ access to sensitive data and applications, monitor potential threats in real time, and reduce the risk of unauthorized access.
Automatic Rotation of Credentials
Automatic credential rotation can reduce human errors and omissions, and reduce the security risks caused by credential leakage and theft. This is especially important at a time when ransomware incidents are frequent.
Dynamic Security Policy
Security risks are increasing day by day, and dynamically updateable security protection policies are required to cope with endless security threats.
Security Awareness Training
Regular security awareness training for employees on risks and preventive measures can effectively improve the overall security level of the enterprise
Conclusion
Due to the dynamic and non-fixed security boundary, traditional security policies cannot effectively solve many security problems in a cloud-native environment. The core principle of the zero-trust security model is authentication and authorization. Only authenticated and authorized devices and users can access specific resources. Identity-centered zero-trust security model can solve some problems that cannot be solved by traditional security policies more dynamically, finely and effectively. However, the zero-trust security model cannot completely replace traditional security policies. The two should be combined to build a security system with “defense in depth” capability to protect the security of services, data, networks and systems from multiple perspectives and in an all-round way.