Architecting an AWS Zero Trust Framework

Architecting an AWS Zero Trust Framework

In this article, you will be provided with guidance toward architecting a Zero Trust Framework within your Amazon Web Services (AWS) infrastructure. This will include areas of focus for identity, networking, devices, applications, and data for a defense in depth security design. This article will close with a case study example of how to evaluate and consult for a Zero Trust Framework within your company or customer.

What is Zero Trust?

At its core, Zero Trust is an integrated approach to securing access with adaptive controls and continuous verification across your entire digital estate.

Everything from the user’s identity to the application’s hosting environment is used to verify the request and prevent breach. And to limit the impact of potential breaches, we apply segmentation policies, employ the principle of least privilege access, and use analytics to help detect and respond quickly.

Zero Trust is a security strategy. It is not a product or a service, but an approach in designing, adopting, and implementing defined, verified security principles.

Simplified, Zero Trust can be boiled down to three basic tenets:

Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes every request is a potential breach. As such, every request must be verified as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access. Micro segmentation and least privileged access principles are applied to minimize lateral movement. Rich intelligence and analytics are used to detect and respond to anomalies in real time.

Why Zero Trust?

One of the obvious benefits of designing and implementing a Zero Trust strategy is developing a more secure, more compliant environment. But there’s even more opportunities for expanding the Zero Trust methodology within your company.

According to a Forrester total economic impact study from December 2021, costs, flexibility, and risks are all positively impacted by a Zero Trust approach.

The old way of security does not provide business agility, user experiences, and protections needed for a rapidly evolving digital estate. Many organizations are implementing Zero Trust to alleviate these challenges and enable the new normal of working anywhere, with anyone, at any time. The expanded ecosystem of remote users with multiple devices creates more attack surfaces to be exploited. This

leads to the potential for an attacker to gain information on a user or device to gain access. Zero Trust methods assist in the mitigation of these threats before they become active attacks.

Zero Trust is a key survival skill for digital transformation and can help unlock a 92% return on investment.

Let’s take a deeper look at how to implement zero trust with the pillars of coverage. Approaching each of these areas with a focus on zero trust will provide a strong defense in depth strategy to protecting sensitive information and mitigating a potential breach within your environment.

Pillars of the Zero Trust Framework

Zero Trust has six coverage areas that are like a defense in depth strategy. Addressing each of these pillars will provide an approach that will protect personal information and data from a potential breach. These areas of coverage include the following:

Identity

Identity is a key pillar in zero trust. User and device access through the identity providers requires the use of rules-based access, such as IAM policies and Conditional access policies that determine the potential risk of a user or login request.

Properly planning for roles and permissions are key to successfully implementing zero trust for identity. Authorization to resources should be based on principles of least privilege and administrative access should be time-based with proper approvals and auditing. When users need access to sensitive information, they should be evaluated for the level of risk that user or that sign-in creates for the company based on the conditions of the user location, devices, and user integrity. The level of risk will then determine the additional verification that may be needed, and whether to allow or deny access to the application or data.

Infrastructure

Infrastructure protection within the cloud and on-premises through providing limited access and permission through management ports of virtual machines and containers.

Administrative access to infrastructure resources should be time-bound and auditable. No users or resources should have privileged access 24x7. Administrators do not need this full-time access. All full-time administrator authorization does is increase the ability for a successful attack to gain access and laterally move through the infrastructure. Therefore, when a user requires access to perform administrative tasks, they should request access, have it approved and logged, and have that access for a limited time. Once that time expires, the authorization will need to be requested and approved again.

Network Access

Network access through zero trust includes the isolation and segmentation between public and private networks. Providing proper permissions to the private networks will allow for availability to resources that users require while blocking potential attacks.

Creating this separation within an on-premises network can be done through physical isolation of networks or virtual isolation with VLANs. The VLAN principle can be applied within the cloud with virtual networks (VNETs) in AWS or virtual private clouds (VPCs) in AWS. This virtual segmentation can be used to avoid public access to networks to leak into the private networks.

Network access to through the infrastructure can be controlled with network access control lists, network security groups, and access policies.

Applications

Applications and how they are accessed through web and Internet entry points become particularly challenging within the cloud. Protecting the access to public facing applications and private access to backend databases through zero trust access is important.

Enforcing zero trust for applications are challenging since applications are going to be the public facing aspect of the company. A company should understand the information that they want accessed publicly and protect the private information from leaking.

In addition, the company should utilize a cloud access security broker (CASB) to govern and manage access to cloud applications and avoid shadow IT being utilized by users.

Endpoints

Endpoints and devices are the manner that users access devices, networks, and data. Decreasing the attack surface on these devices utilizing security controls and tools to avoid access to sensitive information.

Whether an endpoint is a virtual server, windows device, or smartphone, the company should have a level of endpoint protection and governance over those devices to enforce zero trust.

For company owned devices, mobile device management (MDM) can manage the windows, android, and apple operating systems to enforce configuration and compliance policies for protecting and decreasing the attack surface. Policies can be put in place to deny access to applications and data on devices that are not managed with MDM.

For personal devices, the same management can be provided with mobile application management (MAM) without taking over full control of the device. MAM creates virtual separation from personal and business applications and data to protect against data being over shared.

Data

Data is the center of the zero trust approach. Utilizing proper encryption and key management to avoid data to be readable in plain text will assist in enforcing zero trust. This also maintains the confidentiality and integrity of the data.

The protection of personal identifiable information (PII), personal health information (PHI), sensitive data, and confidential data is the focus of many of the zero trust pillars.

The key to protecting your data is to understand what data you have and where it is located. Once you have identified where the sensitive and confidential data is located, you can then put policies in place and zero trust security and governance controls to protect against data loss.

Let’s look at how to apply these pillars within Amazon Web Services (AWS).

Applying Zero Trust to Amazon Web Services (AWS)

Each of the pillars can be addressed within AWS by using their cloud native security and compliance tools. Let’s take a look using an example.

Case study Company ABC has concerns across their AWS, on-premises, and SaaS applications architecture. They have come to you for assistance in addressing their security concerns. They want you to provide suggestions on how they can use the security capabilities within AWS to enforce Zero-trust methodologies across the company’s technology infrastructure.

The areas of concern and requirements include:

Address Requirements with for Zero Trust Framework with AWS solutions

The customer requirements can be address using a zero trust framework with the following tools:

Summary

Implementing a zero trust framework to your cloud security architecture takes time and planning. Cloud providers have tools that can assist you in this journey. Understanding how the pillars of zero trust will operate and interact across the environment will be a key to your success.

Resources

Zero Trust on AWS

Zero Trust on AWS workshop studio

How to build a successful Zero Trust model for IAM