Why Cloud Native Systems Demand a Zero Trust Approach

6 Dec 2021 7:00am, by and

As more organizations migrate to the cloud and remake their stack and processes to take full advantage of it, security is on everyone’s minds — and, increasingly, the term “Zero Trust” is on their tongues.

But what does Zero Trust really mean? And why does it make sense for an organization that’s in the cloud — whether that’s a public cloud, multiple clouds, or a hybrid mix of cloud and on-premises data centers?

For starters: the cloud makes old ways of securing systems and their data obsolete.

Traditionally, enterprises protected themselves with a castle-and-moat architecture that worked to keep the data and secrets safe inside the castle perimeter and the bad actors outside the moat.

In a modern, cloud-based distributed system, however, there is no “perimeter,” no defined space where the data and other valuable assets “live.” So the system cannot be defended in traditional ways. Just as cloud native makes organizations rethink software development, delivery and deployment, new thinking about how to protect the entire system is also required.

“Now companies have to rely on networks outside of their own,” Chris Kent, senior director of product marketing at HashiCorp, told The New Stack. “In a world that consists of multiple clouds, on-premises, and hybrid infrastructure, it’s better to take the posture that someone’s already on the network.”

The need for fresh thinking about security is growing. Seventy-six percent of enterprises are already multicloud, according to the HashiCorp State of Cloud Strategy survey, released in August. (The report tallied responses from more than 3,000 tech practitioners and decision-makers, all contacts from HashiCorp’s database.)

In two years, according to the survey, 86% of enterprises will have gone multicloud. But 47% of respondents said that security concerns inhibit their cloud initiatives. Only cost (51%) was more often cited as an obstacle by survey participants.

Zero Trust Enters the Mainstream

But even as many of the teams who must implement it, and their bosses, are still grappling with what Zero Trust means, the collection of practices and policies derived from it are entering the mainstream:

  • The federal government and cloud service providers are now required to adopt Zero Trust security policies and adhere to Zero Trust principles and frameworks, according to an executive order signed by President Joe Biden in May.
  • Ninety-six percent of security decision-makers say that a Zero Trust security approach is critical to their organization’s success, and 76% say that have at least started the process of implementing it, according to a survey of 1,200 “security decision-makers” that Microsoft released in July.
  • The increasing use of multicloud and hybrid cloud adds complexity and underscores the need for Zero Trust — the more distributed and heterogeneous a system is, the clearer it becomes that a defensible “perimeter” no longer exists.
  • The ongoing rise in cyberattacks has helped create a sense of urgency for all kinds of security, including Zero Trust approaches.

What Is Zero Trust?

To explain how Zero Trust differs from traditional thinking about security, let’s revisit that notion of a “perimeter.”

In the past, when organizations relied on their own private, often on-premises, data centers — and workers usually came to a physical office to do their jobs — security experts considered data and workloads to have a definable “perimeter” that needed to be defended.

Bad actors, human or machine, were denied access to the network the way invaders were repelled from a castle: by building a (virtual) moat around it. Hence the use of authentication and authorization via individual logins and passwords. The architects who designed these systems assumed entities inside an organization could be trusted, and that users’ identities were not compromised.

But that castle-and-moat approach is widely considered to be unreliable today. Not only is there no single “castle” to defend — but chances are, there’s already someone or something in your castle that shouldn’t be there.

A Zero Trust approach makes the assumption that, as the horror movie tagline goes, the call is coming from inside the house. It assumes that someone or something that shouldn’t be there may already be on your network.

Zero Trust assumes that, since there’s no single “castle” to defend, there can be no moat, or clearly defined network perimeter around it. Instead, the better approach is to ensure that everything is authenticated and authorized to do the action or request it’s trying to do, regardless of whether this is a system, application or human user.

In other words, the approach is not to protect the overall house, but the individual rooms — and furthermore, if anyone does get into the house, to ensure they can’t access other rooms or valuable assets.

A Zero Trust approach makes the assumption that, as the horror movie tagline goes, the call is coming from inside the house. It assumes that someone or something that shouldn’t be there may already be on your network.

A key element of a Zero Trust approach is to never expose personal credentials to the network. Instead, authentication and authorization — deciding who has access, where they can go, and what they can do — is handled on a per request basis, so that every action is either authorized or restricted. This ensures that even in the likelihood that credentials were leaked or intercepted, after their initial use they’re no longer valid.

A Zero Trust approach also eliminates manual interaction; it automates the rotation of temporary credentials and how those credentials are issued.

Manual processes not only slow down productivity but can present vulnerabilities all their own. “Traditionally, creating and managing load balancer and firewall rules becomes incredibly complex and brittle, especially in today’s ephemeral landscape,” said Kent. “Keeping up with IP rules, routing, purging old IP addresses, just to permit access to and from infrastructure is hard to scale for the largest teams and organizations, so automating access and authorization becomes paramount.”

When an organization relies on manual interaction, people get access to things they shouldn’t, because granting access (or removing it, when someone leaves the company or changes roles) is too much of an ongoing headache. “We’ve seen common patterns among companies small and large where groups store all their credentials in a spreadsheet, and then they share that spreadsheet,” Kent said.

Automating credential rotation and issuance helps remove the human error factor. Also, In a system designed for Zero Trust, automatically generated machine-to-machine credentials expire quickly; this system creates targets that appear only when in use, and then disappear,  making cyber attacks more challenging for the would-be attackers — and thus less likely to occur.

Automation Reduces the Damage of Data Breaches

Recent studies show that automation brings a number of critical benefits in terms of security. In addition to helping prevent breaches, it can also reduce the dollar cost of a data breach.

In fact, according to a data breach cost report released in July by IBM and the Ponemon Institute, security automation made the single biggest difference in the total cost of a data breach. Automation allowed organizations to spot a breach and contain it faster, the report said.

Companies that did not automate access and security spent an average of $6.7 million to recover from a breach, according to the report. That figure is more than twice as much as for companies that had fully deployed automation, which spent just $2.9 million. A Zero Trust approach to security is a posture that means that if a breach were to occur, the effects and impact could be lessened and detected sooner.

Creating a Zero Trust Architecture

If a Zero Trust approach is better suited to distributed systems than the old castle-and-moat model for maintaining security, these five steps can help your organization start creating the architecture needed to support it:

1. Secure Everything Based on Identity.

The transition from traditional on-premises data centers and environments to dynamic, cloud infrastructure is complex and introduces new challenges for enterprise security. There are more systems to manage, more endpoints to monitor, more networks to connect, and more people who need access. The potential for a breach increases significantly, and it is only a matter of time without the right security posture.

2. Authenticate and Authorize Everything.

Ensuring that all systems, users, and applications are permitted to access or execute a given action is critical and the basis for a Zero Trust approach.

3. Centrally Automate Credentials and Rotation.

Every application, system, and user needs credentials to access other systems, networks, and so on. By centralizing the automation of these secrets, organizations can ensure that credentials are long-lived, out in the world, and that everything is rotated or issued just-in-time, reducing the risk of breach associated with credential leakage or theft. This is particularly important with the increase of ransomware attacks.

4. Encrypt Everything.

Companies are used to encrypting full volumes of data, such as an entire disk. But oftentimes, in the event of a breach or a system being compromised, the perpetrator is someone with access. Encrypting data in transit and at rest helps; in the scenario where a system is compromised, the encoded data remains safe.

5. Create a Zero Trust Policy.

The policy should determine which resources should have access to which resources, when they should have that access, what the access should consist of, where the access can be granted, and how it should be granted.

A particularly difficult hurdle to implementing a Zero Trust approach is the all-in commitment required — a piecemeal approach to locking down your protect surface could leave valuable parts of it vulnerable to attack.

“If you even have a single part that’s not Zero Trust, then it’s not Zero Trust,” noted Jonathan Parnell, senior consultant for cloud and data center transformation at Insight, a technology consulting firm based in Tempe, Arizona.

The Role Vault and Boundary Play in Zero Trust

HashiCorp offers two tools — Vault and Boundary — specifically designed to support a Zero Trust approach to security, and has self-managed (on-premises) and cloud versions for each of them.

What HashiCorp Vault Does

HashiCorp Vault is HashiCorp’s secrets management tool. It was created to help solve the problem of “secrets sprawl,” as described by HashiCorp’s co-founder and chief technology officer, Armon Dadgar, in a video explaining the tool.

User names, database credentials, API tokens, and the like, he said, often wind up tucked away in plain text within source code, configuration management or in a version-control system like GitHub or GitLab.

“The challenge is, we don’t know who has access to all these things,” Dadgar said in the video — let alone, he added, whether they’ve found those secrets and what, if anything, they’ve done with them.

Vault centralizes the “sprawl.” It secures, stores, and tightly controls access to the means of protecting secrets and sensitive data (tokens, passwords, certificates, encryption keys) using APIs. The secrets are encrypted, both at rest within Vault and when in transit between Vault and the clients that want to use those secrets.

In Vault, the management of those secrets is based on trusted sources of application and user identity, a key element of the Zero Trust approach. It also compiles an audit trail, to improve observability of who has been given access to which applications, and when.

Credentials are issued dynamically; they are short-lived and fine-grained, specific to a particular request for a specific application at a specific time. Vault’s flexible REST API enables integration with other applications and its standardization makes it useful in all regions and cloud platforms.

What HashiCorp Boundary Does

HashiCorp Boundary is designed to solve the problem of gaining access to an organization’s network when working remotely — an issue facing more and more organizations as their workforces as well as their networks become distributed.

In a traditional workflow to gain access to an organization’s network from a remote location, a user is given credentials to gain access to a VPN, then connects to a specific VPN, perhaps must overcome a firewall (the “moat” in a static system), and then gains access to specific apps with credentials.

The problems with this, according to a presentation by Tio Bagio, a senior solutions engineer at HashiCorp, speaking at the company’s HashiConf Global 2021 conference in October, include an onerous onboarding process, the necessity of knowing the internal network addresses, and the fact that credentials are easily exposed to the network.

“The user needs to keep these credentials, needs to remember them,” Bagio said. “So naturally they put them in a most convenient place — a notepad, files, emails. And those are not necessarily the most secure. This could cause the accidental exposure of credentials and a risk to organizations.”

By contrast, Boundary requires users to simply log in with a single, trusted form of identity. They then select an item — a host or service — from an automated, dynamic catalog. The catalog allows users to view the entire landscape of what they need to secure, and each item has an easy-to-remember name.

Boundary then grants authorization based on a user’s role, and credentials are checked out of Vault’s credential store; then the user connects to the desired application automatically.

Credentials are never exposed to the network. “We call it credential injection — injecting the credentials on your behalf so you never have to do it,” said Kent.

What’s Next for Zero Trust?

In October, HashiCorp announced a new collaboration with Microsoft, integrating Boundary with Microsoft Azure Active Directory (known as Azure AD). The partnership, Kent suggested, is part of a greater initiative by HashiCorp to bring the same Zero Trust approach to how developers and engineers can connect applications across a variety of cloud platforms.

“This is very relevant with the current state, with the pandemic and remote work,” he said. “It’s this idea of secure remote access. How do you securely access things remotely through this very automated, easy-to-use kind of workflow?”

Zero Trust, Kent said, “is how we always thought we should secure things” at HashiCorp. “Credential location and secrets management are the fundamental building blocks of Zero Trust, and it’s fundamentally who we are. And now we’re seeing a consensus starting to form around this approach being the right approach.”

Featured image by Marcos Mayer via Unsplash. 

This post is part of a larger story we're telling about Security.

Get the full story in the ebook

Get the full story in the ebook