This post is about a design approach for loosely disconnected components of a system or a group of networked devices. Those components are normally different processes serving WebAPI, Database, or consuming applications. Or if wet think from networking aspect those are different devices inside a network. Mainly those are inside a perimeter network of an enterprise.
More than programming, this is about enterprise architecture and no code snippets. Please continue if interested.
What's before Zero Trust Security Model
Before Zero security model, there were models where only the external endpoints are protected. Whatever happens inside a trusted network area is considered secure. Some examples below
- An AD server simply responds to the requests that come from a web server inside the trusted network.
- If the webserver only exposing 443 for external traffic and uses 80 for internal services, it simply responds to requests in 80 without authenticating. This is on the assumption that the request can only originate from within that server.
This is applicable when the network is fully managed and has a clearly defined boundary
Zero Trust model
When systems became more cloud-friendly or hybrid, they started spanning across multiple networks. For example, it is not feasible to store big data within the enterprise network. Often they are offloaded to cloud services. That is the place where that data can be analyzed using modern big data tools such as Spark.
Sometimes due to regulatory requirements data needs to be stored on-premise but compute can be in the cloud. They may need to run big Spark clusters on the cloud but needs to access the data from on-premise storage.
Often those networks are not controlled by the enterprise. The concept of inherent trust is no more applicable in this new world.
This is the reason for the Zero Trust model to get importance. This term is coined by John Kindervag in the year 2010 but there seem traces of this term from 1994 according to the internet. From my perspective more than who invented it, I focus on what is it.
The main pillars of the Zero Trust model are the centralized identity of users, devices, and applications, verification of those identities before serving, authorization based on lease privileged access, assume there can be a breach but make sure the firewalls, API gateways, and monitoring are in place, a segmented network so that the surface area is very less.
The Zero Trust model implementation guidelines are available for the major clouds such as Azure, AWS, and GCP. Also available for the Kubernetes clusters where people host microservices.
References
- https://en.wikipedia.org/wiki/Zero_trust_security_model
- https://www.gartner.com/smarterwithgartner/new-to-zero-trust-security-start-here/
- https://www.thoughtworks.com/radar/techniques/zero-trust-architecture
- https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture
- https://www.microsoft.com/security/blog/2020/06/15/zero-trust-part-1-networking/
- https://docs.projectcalico.org/security/adopt-zero-trust
- https://azure.microsoft.com/en-us/blog/automating-cybersecurity-guardrails-with-new-zero-trust-blueprint-and-azure-integrations/
- https://www.stackrox.com/post/2019/08/istio-security-basics-running-microservices-on-zero-trust-networks/
Case studies
This is a buzzword like what Microservice, Serverless was one time. Knowingly or unknowingly we will reach this model as the cloud is inevitable for enterprises. Please note this was there in Thoughtworks technology radar in 2020 but later removed.
No comments:
Post a Comment