The Need for Zero Trust Workload Protection
Last week we discussed the Four Tenets of Zero Trust Workload Protection. This week we’re taking a closer look at the renewed buzz around the concept of Zero Trust security.
Guidelines from the NSA, NIST, and even Google, are all touting the benefits of Zero Trust. According to the NSA: “The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information.” [1]
This sounds like good advice, but in practice, Zero Trust has been difficult to achieve and doesn’t go deep enough to stop today’s advanced attacks. There’s also a common misconception that Zero Trust is all about access controls for users, devices, and networks. While it does include these, they are table stakes. The battleground for advanced attacks has moved into application workloads and is being fought in runtime.
So, let’s examine what’s good about Zero Trust, and how we can extend it to workloads, and make it automated, practical, and achievable.
The battleground for advanced attacks has moved into application workloads and is being fought in runtime.
Zero Trust Must Go Deep
Unfortunately, many people have a limited view of where Zero Trust applies. In the past it has been viewed largely as enforcing rules around access control – such as: “Bob can access accounting systems from his laptop, but not his iPhone, while Mary can view reports from her mobile device, but only during business hours…”
While these are valid examples, they only skim the surface, and miss much of today’s risk. Attacks like SolarWinds have demonstrated that the security battleground has moved into applications and is being fought in runtime – when code is executing. And if you can’t trust updates from a trusted software vendor, who or what can you trust?
Advanced attackers can often bypass humans, and derail legitimate code as it executes, at the memory level. Many exploits now leverage remote code execution (RCE) to hijack control during runtime, and open persistent backdoors into critical systems.
Zero Trust can and should be applied to protect critical workloads during…