Zero Trust Policy is not achieved by just installing fancy tools or complex auth systems when your infra is wide open to the wide.
You must follow a "Never Trust, Always Verify" principle in every layer of infrastructure.
When it comes to zero trust policy a lot is talked about how to enable it on application, authentication etc. However, it is not the only place to enable it or to begin with it. You need to start from the roots. Today’s digitally transformed world faces various challenges, the trickiest being safety of intellectual property that is exposed online.
Especially before the cloud bloom happened it was easier as infra would be hosted on one’s own premises. But with the always online generation, most organisations will constantly have to balance the tightrope between publicly available, at the same time protecting themselves from the threats available online.
That is why, “Zero Trust Policy” or as I would like to call it “Verified Trust Policy” must begin from ground zero that is your base infrastructure. For securing connectivity, networks must be segregated with respect to incoming and outgoing traffic access.
To understand it better, let me share some real life experiences from my past projects with completely unrelated businesses, happening at a years gap from one other. This is about two, completely unrelated businesses but had exactly same requirement:
Protection of Intellectual Property
One of them was a leading business consulting company, the other was one of the world's largest manufacturers of consumer and professional electronics products. The former had a multi-tenant data model and the latter had a competitive retail product market.
For one providing client data privacy was the highest priority, for the other making their pre-launch product data was kept protected from other competitors.
Although both had very different business requirements, the demand was pretty much the same and so had to be the infrastructure design factors.
Both needed a safe host for their applications so that their customers can safely access these solutions without compromising their intellectual property online, the impact of which can be as severe a shutdown of business for days or even months together.
Protection Of Online Business:
There was another incident which was quite interesting and still reminds me why Zero Trust Policies are so important especially for public facing intellectual properties.
What had happened was that the company's official public facing website was running an older version of php. It had a certain vulnerability that was used by the attackers to launch a back door to the actual web server and inject a very sophisticated javascript injection, which led the website to be blocked by browsers giving that "this is an unsafe website.." alert.
Once this was realised, the website was immediately upgraded and redeployed, but what came next was very unexpected. It was again compromised by the attacker, and then we started moving the server itself to another datacenter itself however the attacks continued.
What was missing in all these incidents was they lacked Zero Trust Policy.
In such case I always like to refer to my house building example, when we design a house, we need to decide on various sections based on our privacy level.
For instance, the living room must be accessible to all incoming people, the bedroom is private to you, and the kitchen is visible to your guests however operated by you. Likewise different layers in the network must be segregated as per their access policies.
Summarising Zero Trust Policy:
Here are some questions you must ask to confirm:
➡️ Does it allow ingress traffic from outside
➡️ Is it private and has no incoming and outgoing internet access ?
➡️ Is it protected by allowing selected inbound and outbound access ?
Once decided on the above, segregate the network based on the incoming and outgoing access required and apply Zero Trust Policy as below:
👉 Deny all access by default and then whitelist based on trusted sources and destination.
👉 Network privacy can be achieved via VPCs and subnets if you are hosted on cloud or through VLAN and DMZs if you are on an on-premise setup with legacy systems.
👉 You should have VPCs over classic or dynamic networks(application only for cloud).
👉 Configurations must be logically segregated or tiered with respect to usage (e.g. per product, per customer, per department etc).
👉 Firewall rules must be adapted per tier/subnet.
👉 If necessary segregate virtual machines and appliances to dedicated hardware.
👉 Always keep separate networks for production and non-production.
I hope this blog will help you take the right decision while choosing a service architecture next time you are on cloud.
If you like this article, I am sure you will find the 10-Factor Infrastructure even more useful. It compiles all these tried and tested methodologies, design patterns & best practices into a complete framework for building secure, scalable and resilient modern infrastructure.
Don’t let your best-selling product suffer due to an unscalable, vulnerable & inconsistent infrastructure.
Thanks & Regards
Kamalika Majumder
Comments