Achieve Compliance, Zero Trust with Istio Ambient Mesh

READ THE WHITE PAPER

6 Questions of a Zero Trust Policy

and 5 Policies You Must Adopt

Series: Zero Trust

What is a zero trust policy?

Zero trust is a new security paradigm that can protect modern IT environments, prevent cyberattacks, and limit losses in the event of a breach. The zero trust approach protects user access on the frontend, as well as workloads on the backend, ensuring that no connections are allowed without authentication and verification.

Zero trust policies define how granular access controls, user identities, and device security postures interact. They consistently apply the principle of least privilege always, regardless of the user’s location, the device used, or the service’s location. Successful authentication establishes end-to-end encryption and restricts access for every network resource to explicitly authorized users and devices.

A zero trust security policy examines network requests and attempts to answer these six questions: 

  1. Who is attempting to gain access?
  2. What is attempting to access it?
  3. When is the request made?
  4. Where are the resources and users?
  5. Why are they accessing the data?
  6. How are they accessing the data?

The 6 questions of a zero trust policy in detail

The Kipling method can help you define an allowlist that specifies who should have access and to which resources. This method encourages asking the following questions:

  • Who is trying to gain access—who needs access to resources?
  • What is trying to access it—what applications are being used to access resources on the protect surface?
  • When the request is made—when are users accessing resources, and is the timing normal or anomalous?
  • Where the resources and users are—what is the packet’s source and destination?
  • Why they are accessing the data—what is the business context of this user account accessing this particular resource? Does it make sense?
  • How they access the data—how do packets access a protected surface in a given application? 

This level of granular enforcement ensures that only known permitted traffic and legitimate application communication are allowed.

How zero trust policies work

The goal of zero trust policies

Zero trust policies ensure that security configurations and health are authenticated, approved, and continuously verified before any user receives access to applications and data. This applies whether the user is already connected to the network or not.

For instance, when new employees join the organization, systems and applications are denied to them by default, until an administrator approves specific access levels and permissions.

How policies help implement the principles of zero trust

Zero trust is designed to enable any organization to continuously monitor and verify the attributes and permissions of all devices and users. It contrasts with the traditional approach that automatically trusts all endpoints and users within the organization’s boundaries. The default trust assumption exposes organizations to major risk – they can indirectly grant unauthorized access to compromised accounts that perform malicious and unauthorized activities.

Zero trust, combined with the least privilege principle, only allows a device or user to connect to a service or network if certain conditions are fully met. A user or device can join a network or use a service with minimum privileges, and is granted only the required access privileges, set to the minimum level that allows them to perform their roles or functions, but no more.

Improving visibility over user access and suspicious activity

The concept of zero trusts allows organizations to maintain visibility over the services used and how many privileged accounts are linked to them. Organizations can control which users and devices can connect to specific accounts and how they connect. The connection from a device to the network is usually controlled by a Network Access Control (NAC) system – unknown devices or those below a certain level of security hygiene (e.g. without basic patches applied or no antivirus software) are not able to connect.

All zero trust policies focus on real-time visibility over user attributes and credentials, as well as external and internal threat monitoring. The zero trust model leverages several preventative technologies, including authentication, behavioral analytics, endpoint security, privilege control, and microsegmentation. This allows you to detect potential bad actors and restrict their access to prevent a data breach.

Top 5 zero trust policies to adopt

Creating a zero trust framework requires implementing controls and technologies across IT assets, including networks, endpoints, and more. Many organizations achieve this by adopting a Secure Access Service Edge (SASE) architecture. Others focus on segmenting key elements such as applications and corporate networks. Most of these zero trust policies have the end goal of enabling remote work.

As remote work becomes more prevalent, organizations must consider new ways to enforce security controls. They must ensure that their existing employees and contractors understand and comply with their information security obligations. 

Most well-prepared security teams recognize the importance of defining roles and access controls as an effective zero trust strategy. By manipulating roles and combining them with policies, organizations can provide more protection and zero trust.

Here are five security policies that can help organizations adopt a zero trust framework:

  • Least privilege—limiting employee access to only the data they need to do their job, considering applications, networks, and account access. This also includes physical access, including computers, mobile devices, and peripherals.
  • Dual operator policy—in many jobs, responsibilities can be shared between two people. If there is a policy that encourages dual work, allowing employees to authorize each other’s work, it becomes easier to detect fraud or fraudulent access.
  • Distributing roles—users should not be given sufficient privileges to exploit key system capabilities on their own. For example, a person responsible for calculating payments owed to others in the organization should not also be able to authorize those payments – otherwise this opens the door to security policy violation, while allowing a malicious insider to hide their tracks.
  • Managing absence of key employees—certain employees play a central role in authorization of other employees or critical operations. This creates a risk when those employees are absent. The organization should have a special policy for absence of key employees.
  • Mandatory vacations—by forcing employees to take at least one consecutive week off, organizations can audit their employees’ work and detect fraud and embezzlement. This is especially important as hybrid operations become the norm and oversight becomes more complex.

Zero trust security and networking with Solo

Solo enables zero trust policy using a defense-in-depth approach, which can be applied to either API management at the edge, or within a microservices application environment using service mesh. 

Solo Gloo Platform, inclusive of Gloo Gateway (API-Gateway) and Gloo Mesh (Istio Service Mesh) both use Envoy proxy for the data plane, which means that consistent zero rust policies can be created and deployed across internal and/or external security boundaries and control points. This simplifies zero trust security and compliance across APIs and Kubernetes environments.  

Learn more about Solo zero trust security.

Sections