ArchiveOODA Original

The New Enterprise Architecture Is Zero Trust

Enterprise technologists use the term “Zero Trust” to describe an evolving set of cybersecurity approaches that move defenses from static attempts to block adversaries to more comprehensive measures that improve enterprise performance while improving security. When the approaches of Zero Trust are applied to an enterprise infrastructure and workflows, the cost of security can be better managed and the delivery of functionality to end users increased. Security resources are matched to risk. Functionality, security and productivity all go up.

The approaches of Zero Trust have been applied for decades in organizations that require high levels of functionality and security, and a great body of knowledge exists on best practices for applying these design principles. Organizations like the Cloud Security Alliance (CSA) and the US National Institute of Standards and Technology (NIST) have helped bring the community together to capture lessons learned and best practices on this approach.

But the necessity of the approach is actually due to another source, our adversaries. The continuous and persistent cyber criminals that seek to gain unauthorized access to enterprise technology for financial gain compel us to act. They are relentless in their action and we have to be relentless in our application of smart design to our enterprise IT.

If we had no adversaries in cyberspace a zero trust architecture would just be a smart design that improves functionality. But since we do face foes that want to steal our data and hold our systems for ransom, a zero trust approach is absolutely a necessity.

A zero trust model is focused on protecting enterprise assets by considering all data and services in an enterprise as resources and ensuring that requests to access those resources are from valid users. This resource authorization is dynamic and controlled by enterprise policy. All data at rest, and all communications, internal and external, are encrypted. Automated monitoring is in place to detect anomalous activity and enable smart response to incidents.

This may sound like a lockdown of computers. And from an adversary perspective it is. But from an enterprise user perspective it is an opening up. Users will need to spend a few seconds at the beginning of each login into the enterprise with a multi factor authentication. But from there they will see systems that work faster and deliver the computing power and data they need with less friction than ever before.

From an enterprise risk perspective the most important part of ZTA is the Architecture component. Every enterprise is a unique collection of intellectual property, products and services but also people from executives to partners. Subsequently Zero Trust Architecture is not a product to buy as the Architecture must reflect the operational model of the enterprise.

Transitioning from current practices in enterprise design to a zero trust architecture takes planning. In our experience the first step is always to understand the business objectives of the organization, the threats to the business, and the state of the current architecture.

  • Understanding business objectives keeps new enterprise designs rightly focused on what matters most.
  • Understanding threats helps prioritize the controls to be put in place
  • Understanding the state of the current architecture will show where elements of zero trust are already being applied.

This understanding of business objectives, threats and the state of the current architecture enable a smart and prioritized application of zero trust design.

But what is zero trust design? We articulate our approach in the form of principles. The ten principles of our approach to zero trust design are:

  1. Threat Modeling: Threat modeling prioritizes controls and informs continuous design improvement.
  2. Role Identification: Determining the different roles across employees, contractors and partners is critical to partitioning and resource authorization.
  3. Resource Identification: All data and computing services are treated as resources requiring authorization for use.
  4. Session Based: Access to individual resources are granted on a per-session basis as a countermeasure to replay attacks.
  5. Access Control: Access to resources for people as well as software processes is determined by policy, including observable state of the entity making the request.
  6. Encryption: All communication is secured, including internal communications. Data at rest is encrypted.
  7. Patching: An enterprise vulnerability management and automated patch management policy continuously mitigates known vulnerabilities.
  8. Data Driven: The enterprise prepares to respond to surprise and manage incidents and proactively evaluates status of defenses from an adversary perspective to inform design decisions.
  9. Backup: Backups of critical data provide means to return to a known good state and reduce potential impact of ransomware or disaster.
  10. Real time monitoring: Continuous real time monitoring of all systems is critical to a Zero Trust Architecture.

A Zero Trust Architecture helps enterprises mitigate existing and emerging threats with a common set of tools. Credential theft is handled by network partitioning and MFA making decades old phishing attacks harder but they also work against new lateral moving malware. Looking at emerging quantum computing attacks, ZTA helps reduce the risk of data exfiltration so that the quantum computer doesn’t even get it.

When properly done, a Zero Trust Architecture makes enterprises secure by design. Moreover they are not reliant on a single product or service as security controls interlock with each other. Flat networks are replaced with partitioned workspaces with a risk-based approach to security policies. Thus supply chain partners may be given only access to a cloud-based portal to ensure their credentials cannot be utilized to access financial systems.

OODA’s partners have had a long history in developing Zero Trust concepts over the past 30 years. The partners helped design and deploy the first need-to-know networks for the US Intelligence Community and Armed Forces from the first Gulf War. Later they led the creation of Software Defined Perimeter, which was incorporated by NIST into the ZTA 800 – 207 standard.

OODA can help enterprises rationalize their security budgets by identifying which areas they should focus on and which to outsource. Fortune 500 and regulated enterprises benefit from the vast technical and practical experience of OODA in risk assessment and using Zero Trust Architecture as a framework.

For more context on this topic see:

The Cyber Moscow Rules: Trust no one. Trust no device.

Advanced Technology Sensemaking

 

Junaid Islam on Zero Trust Architecture

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes OODALoop.com and CTOvision.com. Bob is the author of the book The Cyber Threat. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.