In today’s digital landscape, the zero-trust model has emerged as a cornerstone strategy for bolstering security. Operating on the foundational principle of trusting no one, this approach mandates that every individual, device, and service attempting to access networked resources be verified and authenticated, regardless of their location — whether inside or outside the organisation’s traditional perimeter. By rigorously vetting each entry point, this strategy significantly diminishes the risk of widespread breaches, containing potential damage through effective segmentation and isolation of compromised systems.
The zero-trust model is particularly relevant in the Asia-Pacific (APAC) region, where the rapid adoption of cloud services and the increasing prevalence of remote work demand a security paradigm that can keep pace with the complex, dynamic nature of today’s digital environments. Zero trust provides a robust and flexible framework that allows organisations to protect their data and assets amidst an evolving threat landscape.
Organisations embarking on the zero-trust journey often confront challenges such as insufficient visibility into their overall infrastructure and services. Cloud computing and software-as-a-service (SaaS) areas, in particular, are frequently overlooked or misunderstood. The complexity of modern IT infrastructures — featuring a mix of on-premises systems, cloud platforms, and third-party services — compounds the difficulty in achieving a unified security overview.
While many organisations focus on authentication within their zero-trust programmes, understanding both entitlements and environmental context is comparably critical. The shift away from traditional authentication methods necessitates a more comprehensive approach.
Merely implementing two-factor authentication barely scratches the surface of zero trust. For example, imagine a scenario where a DevOps engineer authenticates via two-factor authentication on an unknown device within an untrusted environment, yet retains overly broad privileges across multiple applications and platforms.
Over-entitlement is a common problem, especially in cloud environments, stemming from challenges in granting engineers appropriate access levels and continuously validating their permissions within a dynamic setting. The principle of “never trust, always verify” extends beyond users to the assets they employ and the access they retain post-authentication.
Properly implemented and operationalised, multi-factor authentication and other zero-trust authentication measures should enhance security without undermining user experience. The verification process needs to be streamlined, seamlessly guiding users through the available services.
From an asset management perspective, organisations must identify both leading and trailing indicators of attacks, such as the security status of systems and signs of compromise. Regular assessments of an asset’s exposure are crucial to the verification process.
Indeed, no single solution fully addresses the complexities of zero trust in the expansive and evolving cybersecurity landscape. However, specific techniques can mitigate the challenges of adopting a zero-trust approach.
Seamless synergy between data lakes and APIs
In the realm of cloud computing, numerous tools help manage complexities. Data lake solutions simplify consolidating disparate data sources into a unified view. Below the surface of data lakes, the critical backbone of data collection is the API. These APIs are invaluable, empowering platform architects to gather crucial insights effortlessly and integrate them seamlessly into the data lake for automated analysis.
Data lakes serve as central hubs that optimise the analysis of vast data sets, including logs, alerts, and other security-related information. This optimisation allows for the application of machine learning algorithms that rapidly detect and respond to potential threats. Concurrently, APIs enable real-time data exchange among security platforms, thus enhancing the speed and accuracy of threat detection and response mechanisms. The prudent use of both technologies is crucial, requiring strict adherence to data governance and security protocols.
Cutting off attack paths
Implementing zero trust significantly reduces the likelihood of a domain-wide breach if an asset or user is compromised, thanks to its segmented approach and the capacity to isolate affected systems. Zero trust effectively blocks lateral movement and privilege escalation, common tactics in ransomware attacks. Furthermore, proper and continuous validation ensures that the loss of privileged credentials or developer keys in the cloud does not lead to significant security concerns or data loss.
To effectively counter attackers, security teams should focus on disrupting the attack paths favoured by threat actors. This strategy involves addressing the vulnerabilities in assets and the segmentation and verification integral to zero-trust implementations. For example, a browser vulnerability or local privilege escalation on a client system should only affect that specific asset, not lead to broader issues. Proactively addressing attackers’ favoured tactics, while automating the detection and isolation of affected systems in case of an unknown tactic, should make the attacker’s efforts more challenging and costly.
KPIs
Selecting the right metrics can stimulate adoption and enable the operationalisation of the fundamental controls associated with zero trust. Metrics serve as the cornerstone of any robust security programme, ensuring adequate coverage and controls while pinpointing gaps. For example, if you’re using a cloud infrastructure entitlement management solution in the cloud, what percentage of cloud accounts undergo recognised and assessed compliance against defined policies? The turnaround time for addressing a compliance failure is also of concern.
Metrics usually relate to specific controls, so it’s advisable to leverage established best practices for metrics from organisations like the Center for Internet Security. When evaluating the effectiveness of the security programme with metrics, it is crucial that the metrics adhere to the SMART framework (specific, measurable, achievable, relevant, and timely) and are aimed at ideal outcomes. Furthermore, it’s more effective to have a few metrics with widespread team support than numerous and burdensome metrics that everyone dislikes.
Zero-trust architecture is a pivotal enabler in the realm of cloud cybersecurity, yet implementing it encompasses significant challenges. Strategically integrating data lakes and APIs, along with automating attack detection and isolation of compromised systems, constitutes key tactics for strengthening security in the cloud. Ultimately, applying precise metrics helps security teams manage challenges associated with zero-trust adoption and unleash its full potential.