Previous blogs have introduced the basic concepts and related applications of the zero trust security framework. This issue will introduce the origin, current status and future prospects of zero trust from the perspective of the industry.
1. Pre-Zero Trust Era
In the past decade, the information security industry has experienced three major trends: mobility, cloud migration, and software as a service (SaaS). These three trends are redefining the way we work, do business and consume information. According to Gartner's forecast, by 2022, global end-user spending on public cloud services will exceed US$480 billion, a year-on-year increase of 21.7%. The nine-to-five on-site office model has been gradually replaced by telecommuting, and employees can connect to the corporate network at home or on the road. The outbreak of the new crown epidemic has forced people to stay at home, further accelerating the popularity of telecommuting. Overnight, all but the most core workers in the tech industry have gone fully remote.
At the same time, more and more enterprises adopt a hybrid IT environment, which poses new and complex requirements for enterprise network security. In the past, enterprises used data centers to run core applications and store sensitive data. Now many large enterprises have begun to purchase cloud services and migrate resources from local hardware to public clouds in order to reduce costs and improve resource scalability. In order to obtain a faster return on investment and further reduce the total cost of ownership (TCO), many enterprises choose SaaS applications instead of traditional self-hosted enterprise applications or self-built solutions.
However, the above three trends have brought huge challenges to enterprises' network security and user experience:
Traditional network security infrastructure is a moat, with corporate resources protected by corporate network perimeters with network security appliances, including antivirus, firewalls, URL filtering, data loss prevention, denial of service attack protection, and sandboxes. In order to adapt to the trend of remote office and mobile office, enterprises have added a virtual private network (VPN) to the original architecture to form a secure channel between the enterprise network and remote employees. However, VPNs can over-grant users access to corporate networks and resources, and users often experience slow connections when the number of users reaches a certain level.
The traditional approach to securing remote access to SaaS applications has been a "Band-Aid" approach, routing all traffic to a central data center where resources can be accessed from a centralized location. However, due to low traffic routing efficiency, limited scalability, various hidden costs, and poor security, traditional methods are difficult to implement smoothly.
Cloud migration offers lower initial setup costs, less maintenance requirements, and workload scalability and flexibility compared to traditional approaches. However, many resources are isolated by enterprise data centers and public cloud vendors. In addition, cloud-native security features are required for dynamic, short-lived, and interdependent cloud-native workloads.
2. Entering the era of zero trust
In the past, the definition of enterprise network security focused on the use of network defense methods to support network connectivity, monitoring and detection. Today, the traditional location-based network perimeter approach is obsolete. Identity is starting to play a central role in a new modern security framework called Zero Trust. The concept of Zero Trust is based on the principle: "Never trust, always verify". The model replaces implicit trust inferred from static location information with explicit trust based on dynamic contextual data. Sources of contextual data include user identities, applications and attributes, endpoint status, network health, and enterprise security policies.
Zero Trust Network Access (ZTNA) is used to secure private networks with conditional access only with authenticated requests. A Zero Trust proxy continuously validates a request's identity, context, and policy before granting or denying access. ZTNA ensures that applications are no longer visible to everyone, drastically reducing the attack surface. Due to the availability and scalability advantages of ZTNA, it quickly gained industry attention as a VPN alternative. In addition, the micro-segmentation (micro-segmentation) based on identity and context provided by ZTNA also supports fine-grained security control. Compared with traditional network-based segmentation methods, micro-segmentation (micro-segmentation) can more effectively prevent horizontal Mobile attack.
It is precisely because the traditional network perimeter model can no longer meet the security needs and performance requirements of modern enterprises that more and more companies are interested in zero trust strategies. In 2019, Gartner combined networking and network security concepts to create the Secure Access Service Edge (SASE) model. Under this model, enterprises can replace the original hub-and-spoke network infrastructure with identity-centric network access cloud services and Secure Web Gateway (SWG) and Cloud Access Security Broker (CASB) to improve efficiency and security. Another option is to reduce or replace existing multiprotocol label switching (MPLS) with software-defined wide area networking (SD-WAN), identity and access management (IAM), SWG, and CASB.
3. Looking to the future of Zero Trust
1) The progress of zero trust in the data plane and control plane
The best way to visualize Zero Trust development and adoption is to explore the ideal Zero Trust architecture. To this end, the implementation of a zero trust framework can be abstracted as a combination of data plane and control plane. The data plane provides access to resources, while the control plane makes continuous real-time decisions on access rights to resources.
An ideal zero trust framework should have the most efficient data plane and the most effective control plane.
The data plane of the zero-trust framework is based on an overall secure private network. Through the data plane, personnel, applications, workloads, and data connections can be processed in a unified manner, which is more secure and efficient than separate processing.
In this case, a zero-trust secure private mesh network can use any type of network infrastructure to connect traffic from any resource, device, and user, overlaying the underlying physical network infrastructure, such as broadband, fiber optics, 4G/5G, or WiFi , abstracts the enterprise IT and security panorama from the physical topology, and also uses identities, contexts, and policies to establish logical relationships among people, applications, and resources based on enterprise IT security requirements.
The control plane of a zero trust framework refers to the orchestration of zero trust, including observing, monitoring, inspecting, analyzing and taking action. The interaction between zero trust orchestration and secure mesh networks controls feedback loops.
Essentially, the three key characteristics of Zero Trust Orchestration are integration, bidirectionality and continuity:
-
Integration: Zero Trust Orchestration integrates various security signals and turns them into contextual data. These signals may come from a variety of identity types such as users, devices, applications, workloads, and data; from state data lists such as network traffic, endpoint devices, workloads, applications, and emails; from user behavior and threat intelligence. Additionally, Zero Trust Orchestration incorporates access policies into decisions about authentication authorization, session management, or resource revocation.
-
Bi-directional: Zero trust orchestration exchanges information with security components such as identity providers, networks, endpoints, and applications in both directions: data is collected by listening to event streams or correlating historical inputs from security signals, and then integrated using machine learning and rule-based approaches information, and finally send instructions back to the security component to take action.
-
持续性:零信任编排支持持续安全管理,即在整个网络连接的生命周期内实现近乎实时的安全执行,而不只是在连接点或访问点采取安全控制。例如,当零信任编排检测到恶意活动或禁用的用户账号时,可以立即请求身份提供程序撤销令牌刷新或会话刷新,建议网络与资源断开连接,必要时要求应用重新验证用户身份。
2)零信任和身份系统如何协同工作
身份是零信任框架的基石。我们需要身份来描述和管控几乎所有内容,包括员工、客户、承包商、本地应用、SasS 应用、API、服务器、虚拟机、容器、无服务器、物联网(IoT)、机器人、数据集、甚至是非同质化代币(NFT)。而在身份之间建立联系就需要 IAM、特权访问管理(PAM)、身份治理和管理(IGA)以及身份验证等方法。零信任安全就是利用身份优化用户体验,增强安全态势的最佳示例之一。
3)呼吁安全行业内部合作
从行业内部研发和并购的角度来看,零信任作为保障企业网络安全的现代化方式可以推动行业整合。目前安全行业的大量投资都涌入了零信任板块,数十家公司也都于近期推出了零信任产品。然而,任何安全行业厂商,甚至是大厂,都无法独立提供一整套零信任产品。这是因为在网络安全中,足够安全是远远不够的,在构建安全基础架构时将所有鸡蛋放在一个篮子里是非常危险的。而更好的方法就是与多家安全厂商建立深度战略合作关系,采用最佳产品组合以抵御潜在的网络攻击。此外,在应用之外添加单独的安全程序也能提供额外防护。
当下的安全行业受到了内部割裂的负面影响,当务之急是考虑增进协作,协作可以推动技术进步,让每个用户和企业都可以随时随地安全使用任何技术。在零信任时代,协作变得更加重要。在安全信号共享领域已有初步探索,OpenID 基金会的共享信号和事件工作组就是很好的例子。未来,希望整个安全行业都能齐心协力,合作共赢。