Changes

no edit summary
Line 47: Line 47:  
   </div>
 
   </div>
   −
   <br><p><b></b></p>
+
   <br><p>A<b> Zero Trust Network</b> is a holistic approach to network security that assumes that no one is trusted by default. This added layer of security requires strict identity verification regardless of whether a person or a device is inside or outside the network perimeter before they try to gain access to vulnerable resources. The purpose of this IT security model is to prevent exfiltration of sensitive data and improve any business’ ability to defend against modern cyber threats.</p>
    
   <div class="mw-collapsible-toggle btn" style="float: left; display: block;">
 
   <div class="mw-collapsible-toggle btn" style="float: left; display: block;">
Line 82: Line 82:     
   <ul>
 
   <ul>
     <li>Identity and Access Management (IAM). Adequate identity management is obviously crucial to ensuring that all access to resources is authenticated/authorized. Such resources may be data, but also computing services, devices, etc. Information systems are already designed around the notion of identity for human users, but IAM for ZTN requires that all possible users of a resource also be identified and authorized. This implies IAM for processes, for example one piece of software making use of another, or Internet-of-Things (IoT) devices feeding into a data lake. Such use cases will enormously increase the number of identities being managed – well into the billions when IoT is included. Traditionally, such non-human identification (and sometimes human identification) has been done on the basis of identity proxies such as IP address – something that is clearly vulnerable to attack as they can be spoofed. Modern IAM uses certificates, signatures, and multifactor authentication for robustness; only recently has computing power become cheap enough to support these on a large scale. These techniques are all in-place at SSC, though primarily for employees, and they potentially need upgrading over the coming years to mitigate threats from quantum computing.</li>
+
     <li><b>Identity and Access Management (IAM):</b> Adequate identity management is obviously crucial to ensuring that all access to resources is authenticated/authorized. Such resources may be data, but also computing services, devices, etc. Information systems are already designed around the notion of identity for human users, but IAM for ZTN requires that all possible users of a resource also be identified and authorized. This implies IAM for processes, for example one piece of software making use of another, or Internet-of-Things (IoT) devices feeding into a data lake. Such use cases will enormously increase the number of identities being managed – well into the billions when IoT is included. Traditionally, such non-human identification (and sometimes human identification) has been done on the basis of identity proxies such as IP address – something that is clearly vulnerable to attack as they can be spoofed. Modern IAM uses certificates, signatures, and multifactor authentication for robustness; only recently has computing power become cheap enough to support these on a large scale. These techniques are all in-place at SSC, though primarily for employees, and they potentially need upgrading over the coming years to mitigate threats from quantum computing.</li>
     <li>Micro-segmentation of networks. Segmentation of networks is a well-known technique for separating sub-networks – originally for performance reasons and then for security reasons. When security became a motivation, the separation between two network segments was effectively done with a firewall that inspects network traffic between segments, logging problematic traffic, and perhaps allowing only traffic from certain IP addresses, or conforming to specific protocols. With ZTN, the need arises to do this at fine granularity – essentially each machine (or at most a small number of like-functionality machines) is in its own micro-segment. Furthermore, the inter-segment firewall must restrict traffic to the minimal set of protocols (traffic types) required. If the machine providing a service does not provide authentication, then this internal firewall also does the required IAM. In no case is an IP address sufficient for authentication. These internal firewalls require a significant ability to log and report more centrally (see below). Predictably, placing each machine in a micro-segment will lead to a proliferation of internal firewalls, though computing power has reached the point that they can be implemented in software as opposed to rack-mounted hardware in a data-center. In the case of virtualized or cloud based infrastructure, the firewalling and micro-segmenting are part of the Software Defined Network (SDN), further lowering the cost of implementation. SDN-type implementations have one significant caveat: they require highly secure virtualization hypervisors. A breach of an insecure hypervisor would cripple ZTN and give access to all data and traffic on at least that specific physical machine.</li>
+
     <li><b>Micro-segmentation of networks:</b> Segmentation of networks is a well-known technique for separating sub-networks – originally for performance reasons and then for security reasons. When security became a motivation, the separation between two network segments was effectively done with a firewall that inspects network traffic between segments, logging problematic traffic, and perhaps allowing only traffic from certain IP addresses, or conforming to specific protocols. With ZTN, the need arises to do this at fine granularity – essentially each machine (or at most a small number of like-functionality machines) is in its own micro-segment. Furthermore, the inter-segment firewall must restrict traffic to the minimal set of protocols (traffic types) required. If the machine providing a service does not provide authentication, then this internal firewall also does the required IAM. In no case is an IP address sufficient for authentication. These internal firewalls require a significant ability to log and report more centrally (see below). Predictably, placing each machine in a micro-segment will lead to a proliferation of internal firewalls, though computing power has reached the point that they can be implemented in software as opposed to rack-mounted hardware in a data-center. In the case of virtualized or cloud based infrastructure, the firewalling and micro-segmenting are part of the Software Defined Network (SDN), further lowering the cost of implementation. SDN-type implementations have one significant caveat: they require highly secure virtualization hypervisors. A breach of an insecure hypervisor would cripple ZTN and give access to all data and traffic on at least that specific physical machine.</li>
     <li>Ubiquitous encryption. Since threat actors are effectively inside the “perimeter” of the organization and may snoop on network traffic, all interactions across the network should be encrypted. Additionally, data-at-rest should be encrypted to mitigate break-ins to a particular database or file server. Modern algorithms, CPUs and accelerators have made such large-scale encryption trivially fast.</li>
+
     <li><b>Ubiquitous encryption:</b> Since threat actors are effectively inside the “perimeter” of the organization and may snoop on network traffic, all interactions across the network should be encrypted. Additionally, data-at-rest should be encrypted to mitigate break-ins to a particular database or file server. Modern algorithms, CPUs and accelerators have made such large-scale encryption trivially fast.</li>
     <li>Dynamic and conditional policies. The principle of least privilege is a cornerstone of ZTN. Over the employment of a particular person or the active period of a process, their required privileges/access will vary depending on task, and such privileges should be kept at the most restricted level that still enables the work . Current practice at most organizations is to raise privilege level as needed (perhaps even setting it “high” initially) and almost never lower it. ZTN changes that to being much more dynamic, and lowering it again once a specific task has been completed. When applied to processes or devices (not humans), this can be implemented via micro-service architectures/APIs – the fact they support only a single service means they can execute with least privileges.</li>
+
     <li><b>Dynamic and conditional policies:</b> The principle of least privilege is a cornerstone of ZTN. Over the employment of a particular person or the active period of a process, their required privileges/access will vary depending on task, and such privileges should be kept at the most restricted level that still enables the work . Current practice at most organizations is to raise privilege level as needed (perhaps even setting it “high” initially) and almost never lower it. ZTN changes that to being much more dynamic, and lowering it again once a specific task has been completed. When applied to processes or devices (not humans), this can be implemented via micro-service architectures/APIs – the fact they support only a single service means they can execute with least privileges.</li>
     <li>Logging, inspection and analytics. Awareness of threat actors is still needed, even in ZTN. This is best enabled by extensive traffic inspection (using the micro-segments) and logging. Rather than inspecting logs manually, they are typically processed by data-science/analytics (for security) and machine learning algorithms to show anomalies that indicate attack attempts. The resulting analytics are used to generate reports and visualizations as required for governance of ZTN.</li>
+
     <li><b>Logging, inspection and analytics:</b> Awareness of threat actors is still needed, even in ZTN. This is best enabled by extensive traffic inspection (using the micro-segments) and logging. Rather than inspecting logs manually, they are typically processed by data-science/analytics (for security) and machine learning algorithms to show anomalies that indicate attack attempts. The resulting analytics are used to generate reports and visualizations as required for governance of ZTN.</li>
 
   </ul>
 
   </ul>
   Line 137: Line 137:  
   <p>Lastly, consideration must be given to extending the current identity management infrastructure (ICM and ECM) so that devices and processes become identified actors in the broad sense within SSC, and their permissions, access and activities are appropriately managed and logged.</p>
 
   <p>Lastly, consideration must be given to extending the current identity management infrastructure (ICM and ECM) so that devices and processes become identified actors in the broad sense within SSC, and their permissions, access and activities are appropriately managed and logged.</p>
   −
   <p class="expand mw-collapsible-content">Hidden</p>
+
   <p class="expand mw-collapsible-content"></p>
 +
 
 +
  <h2>References</h2>
 +
 
 +
  <ol>
 +
    <li>Balaouras, S., Shey, H., Laura, K., Cser, A., Madeline, C., & Dostie, P. (2019, June 4).<i> [https://reprints.forrester.com/#/assets/2/716/RES61555/reports Defend Your Digital Business From Advanced Cyberattacks Using Forrester's Zero Trust Model].</i> Retrieved from reprints.forrester.com</li>
 +
    <li>Barth, D., & Gilman, E. (June 19, 2017).<i> Zero Trust Networks</i> (1 edition ed.). O'Reilly Media.</li>
 +
    <li>MacDonald, N. (2018, December 10).<i>[https://www.gartner.com/document/3895267?ref=TypeAheadSearch&qid=f1793ea982e57ac9aadaab897 Zero Trust Is an Initial Step on the Roadmap to CARTA].</i> Retrieved from gartner.com</li>
 +
    <li>Pratt, M. K. (2018, January 16).<i>[https://www.csoonline.com/article/3247848/what-is-zero-trust-a-model-for-more-effective-security.html What is Zero Trust? A model for more effective security].</i> Retrieved from csoonline.com</li>
 +
  </ol>
    
</div>
 
</div>
  −
<!--
  −
<h2>References</h2>
  −
<ol>
  −
  <li>Diedrich, H. (2016). <i>Ethereum: Blockchains, Digital Assets, Smart Contracts, Decentralized Autonomous Organizations.</i> Scotts Valley: CreateSpace Independent Publishing Platform.</li>
  −
  <li>Furlonger, D., & Kandaswamy, R. (25 July 2018). <i>[https://www.gartner.com/document/3883991 Hype Cycle for Blockchain Technologies].</i> Retrieved on 23 May 2019</li>
  −
  <li>Gilder, G. (2018). Life After Google: <i>The Fall of Big Data and the Rise of the Blockchain Economy.</i> New Jersey: Gateway Editions.</li>
  −
  <li>Gupta, V. (28 February 2017). <i>[https://hbr.org/2017/02/a-brief-history-of-blockchain A Brief History of Blockchain].</i> Retrieved on 23 May 2019</li>
  −
  <li>Orcutt, M. (19 February 2019). <i>[https://www.technologyreview.com/s/612974/once-hailed-as-unhackable-blockchains-are-now-getting-hacked/ Once hailed as unhackable, blockchains are now getting hacked].</i> Retrieved on 23 May 2019</li>
  −
  <li>Secretariat, T. B. (29 March 2019). <i>[https://www.canada.ca/en/government/system/digital-government/digital-operations-strategic-plan-2018-2022.html Digital Operations Strategic Plan: 2018-2022].</i> Retrieved on 23 May 2019</li>
  −
  <li>Vallée, J.-C. L. (April 2018). <i>[https://www.conferenceboard.ca/temp/7dc77c07-7e5a-4be6-ad6d-7d1070f9ac20/9591_Cautious%20Optimism_BR.pdf Adopting Blockchain to Improve Canadian Government Digital Services].</i> Retrieved on 23 May 2019</li>
  −
</ol>
  −
-->
      
{{#css:
 
{{#css:
Line 173: Line 169:  
   .breadcrumb-table{  margin: auto; }
 
   .breadcrumb-table{  margin: auto; }
   −
   .expand{  background-color: rgba(242, 109, 33, 0.2); }
+
   .highlighted{  background-color: rgba(242, 109, 33, 0.2); }
 
   .mw-collapsible-text{ text-align:left;  }
 
   .mw-collapsible-text{ text-align:left;  }
 
   .inline{  display: inline; }
 
   .inline{  display: inline; }