If you’ve been following trends in the security industry, you’ve undoubtedly come across the term “Zero Trust”. It’s just over a decade old, but is currently experiencing a resurgence.
The term can be understood to apply fairly broadly (e.g. check employee badges each time they enter a building), but it is currently popping up in reference to networking. Following the principle of Zero Trust in networking means that we should not trust input based on where it is coming from. The reasoning is simple: without properly authenticating input, a network intruder is afforded many more avenues of expansion. A breach allowing access to an unprivileged user can quickly escalate if that user can gain access to network services based on source IP address.
In the old days of offices and server closets and workstations under desks, internal resources oftentimes lived on a local network. If you were on the network, you had access. For instance, an internal corporate wiki might grant some level of access to anyone, but only be available on the internal network. A breach of a workstation, or even a physical network jack, granted access to those internal resources.
Nowadays, several things have changed. First, most internal resources must, at the very least, be available remotely over a VPN. Requiring onsite access is no longer practical. Second, the principle of Zero Trust suggests that, independent of the source of the request, VPN or otherwise, the user needs to be authenticated. The way this manifests is that you can now log in to your corporate wiki from home with your laptop, but you will have to sign in.
If this sounds like a change that happened a while ago, you’re right. So why is it trending again today? With the current popularity of microservice architectures, we find ourselves once again trusting inputs based on where they are coming from. Your backend microservices may not be directly accessible from the internet, but if they implicitly trust your internal production network, they increase the amount of damage an attacker can do following an initial breach. Without internal security controls, a compromise of a single service now gives access to all of them.
Following the principle of Zero Trust means assigning an identity to all of your principals, and authenticating every request. Some clustering technologies such as kubernetes offer operators the tools to do this, but they are often difficult to configure in a true least-privilege fashion. Homegrown microservice architectures are on their own building this into their infrastructure.
Gold Fig Checkup can help you find those services you’ve forgotten about, try it for free!
