Tapping into Zero Trust for added security controls
By Geoff Soon, Managing Director, South Asia, Snowflake
Zero trust is not a new concept in cybersecurity. As a model for securing resources on networks within and beyond the enterprise’s control, the term zero trust carries a lot of marketing power.
First coined by John Kindervag at Forrester, the concept of zero trust can be reduced to “never trust and always verify” every user, device, and IP address accessing a resource. It can be described as an “end-to-end approach to data security that encompasses identity, credentials, access management, operations, endpoints, and the interconnecting infrastructure.”
Traditional data platforms have long defended data through a layered approach. Many on-premises solutions were deep within organisations’ networks and have benefited from security defences built around them in layers over a long time. With data workloads migrating to the cloud, data architects have had to rethink data security. Zero trust security models are popular for applications, but architects must consider whether they are the right choice to protect the data itself.
With data workloads migrating to the cloud, data architects have had to rethink data security.
Traditional data platform defence is at the perimeter, controlling traffic flowing in and out of a well-defined, enterprise-owned network. The rise of cloud applications and employees working from home means the perimeter is harder to define and, therefore, defend.
Some organisations are in the early stages of learning and exploring zero trust security, while others have implemented some capabilities in an ad-hoc manner or are funding zero trust as a strategic priority. Cyber attacks similar to SolarWinds have put renewed focus on introducing a Zero Trust based approach to identity security and highlighted the need to move away from the implied trust method to the Zero Trust approach.
Some organisations are in the early stages of learning and exploring zero trust security, while others have implemented some capabilities in an ad-hoc manner or are funding zero trust as a strategic priority.
The following features are key for on-premises or cloud assets to remain untrusted until validated and approved:
Network Security Measures: With network policies, organisations can specify which IP addresses can connect to cloud platforms. Trusted resources can come from only the defined IP addresses that organisations control. If required, data platforms should be enabled to use with cloud service providers’ private networking technologies as well.
Identity Management: Technology companies should support a variety of open standards. The technology should be integrated with an organisation’s identity provider to ensure federated authentication via SAML2 and allow for multi-factor authentication, adding layers of trust to a user or resource authenticating to cloud platforms. Automating the System for Cross Domain Identity Management (SCIM) is a great way to manage the user life cycle. This is particularly handy when automating user off-boarding.
Authorisation: Ensuring users act with least privilege and separation of duties is enforced through for instance flexible and granular role-based access controls. By default, users should have least privilege, receiving a more privileged role as business needs require. Conditional policies built on dynamic data masking tools become a powerful tool to protect sensitive data further, so only users with trusted roles can see data in clear text, while data is obfuscated for users with other roles.
Encryption: All data should be encrypted at rest. SaaS vendors that offer a bring-your-own-key (BYOK) option provide a powerful capability to never trust not only users, but the service itself. With customer-managed keys, IT teams control access to their data using a master encryption key maintained in the key management service for the cloud provider that hosts their data. For instance, Snowflake combines the customer’s key with a key to create a composite master key. This composite master key is then used to encrypt all data in customers’ account. If organisations revoke the key, the data cannot be decrypted.
Monitoring: Zero trust means that activity should be monitored on enterprise-owned networks and SaaS applications. An account usage schema is an excellent way to monitor and understand what constitutes as normal activity, including user login behaviour, authentication types, granting of administrative privileges, and IP addresses of resources connecting to cloud platforms. For example, the average number of seconds between failed login attempts can be fed into an organisation’s SIEM for trend analysis to understand what baseline normal is, enabling alerts on abnormal behaviours.
Achieving zero trust with a single technology is unlikely, especially on a network that is not owned by the enterprise.
Organisations should evaluate SaaS application product security features to determine the feasibility of using a zero trust model to allow access to an application. Achieving zero trust with a single technology is unlikely, especially on a network that is not owned by the enterprise.
In totality, such features provide a mechanism across security domains to, in fact, never trust and always verify. Organisations should identify solutions which are positioned well to fit into a zero trust model, providing a service that is secure and resilient so organisations can focus on analysing their data, not protecting it.
In totality, such features provide a mechanism across security domains to, in fact, never trust and always verify