Home / Industry

Moving from the Castle-and-Moat to the Zero-Trust Model

The traditional notion of the security perimeter is growing increasingly problematic in the wake of highly publicized attacks. The perimeter is becoming nonexistent, as cloud-based infrastructures replace legacy systems. Additionally, the cyber kill chain is likewise turning into a misnomer, as threats evolve faster than security systems could catch them.

It sounds like doomsday has arrived. All jest aside, however, there are lessons to be had from the volatile threat landscape and the paradigm shifts in the industry. At present, many corporations are in the process of cloud modernization or building their security architecture.

This post takes a look at the cloud security model and what enterprises can learn from its zero-trust network DNA along with its use of cyber security data solutions.

Castle-and-Moat Approach Deficiencies

Because it's intrusion-centric, the castle-and-moat model's weakness lies in its misplaced intense focus on external threats. As high-profile attacks have taught us in recent years, external threats are usually the least of everyone's problem. Insider threats are frequently overlooked, even if they render all secure attack surfaces irrelevant.

Other disadvantages of the castle-and-moat framework include:

  • Ambiguous permissions or overuse of privileges
  • Lack of visibility into data management and reporting
  • Data leakage due to bring-your-own-device (BYOD) usage
  • Overdependence on passwords for user authentication

Why the Zero-Trust Model Is Risk-Averse

Cloud infrastructure providers were the first to implement the zero-trust model, bearing in mind the cloud's nature of providing universal access to remote users.

For this reason, the cloud architecture works around the concept that "nothing should be trusted." The zero-trust model applies the following core concepts, among others:

  1. Microsegmentation: This process involves splitting multiple data centers and cloud deployments into secure "demilitarized" zones. Each zone further breaks down workloads into smaller segments governed by their respective security policies.
  2. Multifactor authentication (MFA): This security framework validates the authenticity of user access based on location, business permissions, device, and IP address. An MFA solution is implemented across apps for convenience. Examples include two-factor authentication (2FA) and cloud-integrated authentication apps.
  3. Identity and access management (IAM): Similar to MFA, IAM emphasizes the administration of contextual user access from onboarding up to de-provisioning. Cloud platforms utilize this security discipline to provide problem-free conditional network access to users.
  4. Log and packet analytics: Cloud logging services are deployed to monitor traffic and application logs as well as packet flows. This information is captured, decoded, and analyzed based on firewall rules, thus restricting traffic between virtual machines (VMs). The data is also compared with intrusion prevention system (IPS) signatures.
  5. Data encryption: Built-in or third-party encryption tools encrypt data at rest and in transit before they're moved to cloud storage devices. Decryption keys are required from users if they want to unlock and access sensitive data.

The zero-trust model employs Virtual Network Function (VNF); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR) among its layers of defense. Data loss prevention (DLP) systems and APIs are also added as core features of cloud platforms.

Threat intelligence research tools and APIs serve as the nucleus for most SOAR and UEBA programs, for instance. As in traditional networking, these tools enable cloud security engineers to manage the security of their cloud environments. By integrating such tools to security solutions, engineers can pinpoint where threats are likely to come from and block these based on identified indicators of compromise (IoCs).

Domain research and monitoring tools, meanwhile, help security staff analyze connected IP addresses, hosts, and domains to uncover currently identified threat sources. As a result, they can strengthen administrative rules for user access and update zone policies. Threat data can also be used to establish trust between networks and devices.

Challenges and Recommendations

Despite tighter controls in cloud security, the zero-trust model is not without challenges. Partial implementation of the framework can result in data center breaches. This practice explains why cloud platform users are encouraged to apply the zero-trust model to all security components.

Companies should also focus on fortifying their DevOps environment. Continually enhancing all products, processes, and engaging key people, such as engineers and software developers, are critical to making old and new models work together.

Finally, enterprises must fully subscribe to the shared responsibility model. While providers are responsible for the core cloud infrastructure, enterprises are the primary custodian of their systems and, thus, should ensure its complete security.

* * *

Collaboration between security providers, cloud vendors, and enterprises is the cornerstone of a threat-free IT ecosystem. It is especially important as the move to the cloud is no longer an option but a necessity. With the concept of perimeter-defense becoming a thing of the past, enterprise leaders should rethink how they can adapt their security architecture in keeping with the times. They must use all available threat intelligence — which may include these sources and APIs — at their disposal to identify all potential attack vectors.

WhoisXML API

About WhoisXML API – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform