Zero-Trust - Tom Madsen
Zero-Trust - Tom Madsen
Zero-Trust - Tom Madsen
© 2024 River Publishers. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval systems, or transmitted in any form or by any
means, mechanical, photocopying, recording or otherwise, without prior written
permission of the publishers.
Tom Madsen
Security Architect KMD
River Publishers
Contents
Introduction xi
1 Why Zero-trust 1
1.1 What is Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 The History of Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Why Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Operational Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.5 The Benefits of Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.6 Outro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
v
Contents
3.5 SD-WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.6 TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.7 RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.8 MFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.9 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.10 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.11 Outro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6 5G and Zero-trust 73
6.1 What is new in 5G? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.2 Why 5G Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6.3 5G and Critical Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.4 Security of Cisco’s Private 5G Architecture . . . . . . . . . . . . . . . . . . . . . 77
6.5 5G and Zero Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
7 Zero-trust Governance/Compliance 83
7.1 COBIT 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
vi
Contents
8 OT Zero-trust Security 99
8.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
8.2 IT/OT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
8.3 OT Security Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
8.4 OT Zero-Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
8.5 OT Security Training/Certification . . . . . . . . . . . . . . . . . . . . . . . . . 111
Index 121
vii
About the Author
ix
Introduction
The aim of this book is to provide you with an introduction to the Zero Trust
concept and provide you with information that you can use in your cybersecurity
work, daily. Zero Trust as a concept in the cybersecurity industry is a new thing
and it is poorly defined currently.
In this book, I will not try to nail down and define a firm definition of Zero
Trust, as the concept is so new that there are as many opinions on Zero Trust, as
there are people with an opinion on Zero Trust. One thing I am going to define
though, is that Zerto Trust is not a product!!
xi
Introduction
xii
CHAPTER
Why Zero-trust
Until a few years ago, fencing systems with adequate firewalls and user ID
and passwords was considered enough. But those systems were still being
misused and hacked by cybercriminals using stolen credentials like user IDs
and passwords to act on behalf of the exposed user. This enabled the bad actors
to steal or manipulate information or even encrypt whole systems to obtain a
ransom to release the encryption keys used.
Working from home, working from own devices and increased use of cloud
services has added to the fact that the corporate network can no longer
be regarded as the primary security perimeter. The identities that use the
corporate systems are the primary perimeter, which must be secured and
protected.
The answer to these developments has been to introduce zero trust (ZT)
to the security architectures. ZT does not mean that nobody gets access; that
would be harmful to any business. But access must be given after thorough
verification and all communication must be encrypted. In essence, you must
approach security according to the saying “Trust is fine, but control is better”.
Zero trust is difficult to pin down as a specific concept. There are as many
opinions on what zero trust is as there are people with an opinion on zero trust,
hence this book, which to try and build a collective understanding of zero trust.
1
Why Zero-trust
One benefit is that this enables every employee to work from untrusted
networks without the use of a VPN.
Zero trust has become the new black in the cybersecurity industry and
rightly so, since zero trust, if used correctly, can bring significant security
benefits to any infrastructure, weather it is an IT or an OT infrastructure.
That zero trust is defined differently by different people can be seen from the
definitions below. The first one is from NIST 800-207:
“Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that
move defences from static, network-based perimeters to focus on users, assets, and
resources”
“The zero-trust security model (also, zero trust architecture, zero trust network
architecture, ZTA, ZTNA), sometimes known as perimeter less security, describes an
approach to the design and implementation of IT systems”
Two separate ways of defining zero trust that are, although overlapping in
some ways, still approaching the world of zero trust in diverse ways. No wonder
there are many opinions and definitions of zero trust.
Zero trust was coined as a term back in 1994 in a Ph.D. dissertation by Stephen
Marsh, on an idea that “trust” can be defined mathematically. In 2003 an
international group called the Jericho Forum began to study the problem, and
they defined it as “de-perimiterisation” and began eliminating the idea that the
internal network was a safe and protected place. Something that should have
happened when the first VPN connections from outside of the network were
implemented.
It took some time for the real world to catch up with the theory, but in
2009 Google created the BeyondCorp security model, which is now considered
an early approach to zero trust. NIST was the first of the governmental
organizations that created standards around the concept of zero trust. In 2018
they created SP 800-207 Zero Trust Architecture, updated in 2020.
2
Why Zero-trust
Figure 1.1: Zero-trust should be seen as a full stack architecture framework covering the full
spectrum of IT and applications.
With the number of breaches and the significant threat of malicious attacks
on our systems, we need to approach our security measures in a way that can
protect our organizations, and zero trust as a way of thinking while designing
and implementing these measures will bring significant benefits to this effort.
Why has zero trust become the new black now, if the concept was coined
back in 1994? Part of that answer is undoubtedly the recent pandemic we all
3
Why Zero-trust
The increased risks to the enterprises this brought forward, along with the
needs of the end users to access everything from everywhere in the cloud and
on-premises, quickly showed zero trust as a way of mitigating the risks of using
unknown devices to access everything from everywhere.
So, the pandemic contributed to the sudden success of zero trust, but it is
not the only factor. The massive increase in cyber-attacks has also increased
the political focus on the consequences to civilian life, especially the privacy
of citizens. This has meant a massive increase in the amount of regulation
that organizations must show compliance with. In the EU we have the GDPR,
which touches on any organization that does business within the EU. Similar
legislation is being created, or has already been created, in other parts of
the world. Organizations in medical or life sciences areas have the US HIPAA
legislation to comply with. Organizations dealing with credit card data must
comply with PCIDSS.
When we add all these together, we end up with a complex set of threats and
risks that an organization must consider when managing their IT infrastructure.
This makes zero trust a way of increasing the overall security of these systems;
this is what has brought zero trust forward as the new black.
4
Why Zero-trust
OT systems are not just a target for nation states. The Colonial Oil Pipeline
was attacked by ransomware in May 2021, shutting down the transportation of
oil from the Gulf of Mexico to the eastern states of USA. This resulted in a
fuel shortage for the airlines for instance, as well as panic buying by citizens
in several states from fear of running out. This just shows that attacks against
OT infrastructures can have an immediate impact on society, depending on the
criticality of the OT infrastructure.
The complexities laid out above all contribute to the rapidly increasing
complexity in our infrastructures. Going the zero-trust way does not invalidate
all the existing security measures we have implemented in our infrastructures,
but if we approach zero-trust in a well-considered way, we can utilize the existing
security tooling to implement zero trust.
Figure 1.2: The benefits that zero-trust will bring covers many areas where cybersecurity must
be seen as important.
5
Why Zero-trust
By going the zero-trust way in our infrastructure decisions, we gain all the
benefits from Figure 1.2, and at the same time we will gain increased insights
into our infrastructures. How? By continually verifying the accesses by our users
and applications, we will also continually log these accesses and thereby gain a
much deeper insight into the AAA usage in the infrastructure.
Getting the end users aboard zero-trust projects will require a great deal
of communication to make them understand the benefits, not just for the
organization, but for them as well. For instance, the possibilities for them being
hacked decreases with a zero-trust architecture.
1.6 Outro
Lastly, the technologies we are using for the examples in this book are from
Microsoft and Cisco. This does not constitute a recommendation, or an attempt
to convey that these vendors are the only ones that do zero trust. These are the
technologies that we are familiar with and are using in our daily work. If you
are using networking technology from the likes of HPE, Juniper or Palo Alto
Networks, the same recommendations and design advice apply to these vendors,
and these vendors can deliver the same level of zero trust in their technologies
as Cisco.
6
Why Zero-trust
If your main software vendor is not Microsoft, but Oracle or SAP, your
main cloud provider Oracle or Salesforce, then yes, they can deliver the same
level of assurance for zero trust as Microsoft can. The steps will be different
of course, but there will be no difference in the level of zero trust, if done
right.
7
CHAPTER
In this chapter, I will give you some pointers on how to begin a zero-trust project,
but first let’s begin with a figure that shows the size and complexity of any
zero-trust project. Look at Figure 2.1.
Figure 2.1: Zero-trust requires that the user in the upper left corner gets validated through the
entire flow, before getting access to the application in the lower right.
We have a user in the top left, trying to access a resource on the lower right.
The flow demonstrates the possible checks a user must go through to access
the resource. Fortunately, many of these checks and systems are automated in
9
How to Zero Trust
nature, with no direct effect on the user experience, but it does demonstrate
the complexity of a zero-trust project.
Before beginning a zero-trust project, there are some political issues to consider.
For instance, when you announce a zero-trust project, there will be some
users that push back against it, not necessarily because they are opposed to
the effort, but because they see the project as a signal, they are untrusted.
It might sound like this: I have been here for 10 years, why am I suddenly
untrusted? A fair response all thing considered; I am bringing this up to make
you aware that zero-trust can be seen as aggressive by the user community in an
organization.
You might ask, is that really a thing, push back from the users because of
the name? Yes, I have clients that have experienced this exact response! So,
bringing the users on board with a zero-trust project is important from the very
beginning, as well as communication that they are still trusted, even when we
are implementing a zero-trust architecture in the infrastructure.
This probable push back is also a reason for anchoring the zero-trust
project at the most senior level of the leadership in the organization. IT
cannot implement a zero-trust project without the support of the senior
leadership.
While zero trust originated in the field of cybersecurity, it has also gained
attention in the realm of politics and governance, particularly in discussions
surrounding national security, privacy, and data protection.
Before beginning a zero-trust journey we must assess where the organization is,
maturity wise, regarding the overall cybersecurity. First, let us look at the three
pillars of zero-trust in Figure 2.2.
10
How to Zero Trust
Figure 2.2: Most of the advice in this figure has been important for years, but with zero-trust it
gets incorporated into a framework.
Identities are the center of the basic pillars. These are not limited to persons
(employees, contractors, customers, etc.) but also technical identities like IOT
devices, robots, and applications.
Figure 2.3: NIST provides good advice in their 800-207 document, the three points above are
especially important to a good zero-trust implementation.
11
How to Zero Trust
These definitions are from the NIST 800-207 standard, issued by the
National Institute of Standard and Technology under the US Department of
Commerce in 2020 as a reference architecture for zero-trust architectures.
The NIST 800-207 standard describes three variations in how zero trust can
be implemented. The variations, which supplement one another, are zero-trust
architecture using:
• Enhanced identity governance
• Micro-segmentation
• Network infrastructure and software defined perimeters.
Beginning a zero-trust project can seem overwhelming, but it is important to
start with a clear plan and a well-defined scope. Here are some steps to consider
when beginning a zero-trust project:
1. Define your project scope: Clearly define the scope of your project, including what resources
and services will be included and what level of security you are aiming for.
2. Identify critical assets: Identify the most critical assets that need to be protected, such as sensitive
data or key infrastructure components. This will help you prioritize your security efforts and
allocate resources effectively.
3. Assess your current security posture: Conduct a thorough assessment of your current security
posture to identify potential vulnerabilities and areas for improvement.
12
How to Zero Trust
2.2.1 Assessment
Before beginning a zero-trust project, you should perform an inventory and risk
assessment. The assessment is independent of what tool is used and must always
be carried out as part of a successful IAM implementation.
All identities must be assessed. Employees are obvious, but how about
contractors, robots, and technical accounts? How do you register employees and
contractors? In many cases this data is derived from the HR system, but the
data quality needs to be assessed. There are examples of IAM projects that
have exceeded the expected timeframe by 50% due to bad data quality from
the HR system and as such an IAM/IGA program may in some cases require an
HR cleanup.
13
How to Zero Trust
Figure 2.4: Assessing the data used and created in an organization is critical to a successful
implementation of zero-trust.
2.2.2 Classify
Classifying what you have is important, both systems and data. This way, you will
know where to focus and what to protect the most. There are usually standard
sets of classification parameters that can be used, but your organization may
also choose its own set of classifications. Every classification must have a risk
weight assigned to it. When applications and access rights have been classified
with risk weights, you are able to conduct risk-based reviews on identities,
systems and applications with high-risk profiles because they have access to
high-risk systems. There are some crucial questions that should be answered
for the application and access rights. These are given in Figure 2.5.
14
How to Zero Trust
Figure 2.5: Like assessing the data from earlier in the chapter, assessing the access rights of
the users and the level of their rights is critical to zero-trust.
A frequent problem is that users have too many access rights, which leads to the
risk that a compromised user will allow for an intruder to gain access to major
parts of the organization’s data and applications.
Zero trust access rights refer to the principle of granting access privileges
based on the specific needs and context of individual users, devices and
applications, rather than relying on broad trust assumptions. In a zero-
trust model, access rights are carefully managed and continuously evaluated,
regardless of whether the user is inside or outside the network perimeter.
15
How to Zero Trust
• Granular access controls: Zero trust promotes fine-grained access controls, enabling
organizations to define specific permissions and restrictions for different resources,
applications, and data. Access can be based on factors such as user roles, location, time of
access, device type, and security posture.
• Multi-factor authentication (MFA): Implementing MFA is a critical component of zero-trust
access. By requiring users to provide multiple forms of authentication (such as passwords,
biometrics, or tokens), the risk of unauthorized access through stolen or compromised
credentials is reduced.
In a zero-trust architecture, dynamic access controls are invoked on the fly
based on criteria, which are current at the time of authentication:
16
How to Zero Trust
2.2.4 Challenges
At the beginning of this chapter, I said that a zero-trust project was an all or
nothing project., That is still the case but there are challenges, especially in
large organizations with large and often legacy infrastructures.
• Legacy infrastructure: Many organizations have existing network architectures and legacy
systems that may not easily align with the principles of zero trust. Retrofitting these systems
or transitioning to new infrastructure can be complex and require careful planning.
• Complexity and scalability: Zero-trust implementations can be complex due to the need for
granular access controls, continuous authentication, and network segmentation. Managing and
scaling these systems across a large organization can be challenging and require significant
effort and resources.
• User experience: Introducing strict authentication and authorization processes can potentially
impact the user experience. Balancing security with convenience is crucial to ensure that
employees and users do not face excessive friction when accessing resources.
• Visibility and monitoring: Zero-trust architectures require robust monitoring and visibility tools
to track user activity, identify potential threats, and respond to incidents effectively. Organizations
need to invest in appropriate monitoring solutions and processes to gain real-time insights into
network traffic and access patterns.
• Change management: Implementing zero trust often involves a significant shift in mindset
and cultural change within an organization. Users, administrators, and stakeholders need to
understand the new security paradigm and the reasons behind it. Adequate training and change
management efforts are essential to foster acceptance and cooperation.
• Third-Party Integration: Organizations often rely on external vendors, partners, and cloud
service providers. Integrating these entities into a zero-trust framework can be challenging, as
their security practices and capabilities may vary. Ensuring consistent security standards and
collaboration with third parties is crucial.
• Cost: Implementing a zero-trust architecture may require investments in new technologies,
infrastructure upgrades, and security solutions. Organizations must carefully assess the costs
involved and balance them against the potential benefits and risks.
We all know that we should keep our software and hardware up to date with
patches and hardware platforms, but the reality is that this is often not possible
in complex infrastructures, where legacy hardware is incapable of strong
encryption for instance. This is the unfortunate reality in many organizations,
both because of compliance issues, like in the life science sector, or public
transport sectors.
17
How to Zero Trust
For public transport using trains, in Denmark at least, there are laws
governing the installation and use of new hardware in the trains. Because trains
are used for decades, this means that some of the trains in Denmark are still
using WEP for the wireless security, something we left behind as insecure in
the late 1990s.
What I am trying to convey here is that a zero-trust project does not mean a
big capital investment from the get-go! Any reasonably up to date infrastructure
can be used as a basis for a zero-trust implementation. Some of the core benefits
of a zero-trust project at the networking infrastructure level are:
1. Improved security: A zero-trust hardened infrastructure provides a more robust and secure
environment by reducing the attack surface and implementing strong access controls and
authentication protocols.
2. Protection against advanced threats: By assuming that all traffic is potentially malicious, a zero-
trust infrastructure can protect against advanced threats such as malware, ransomware, and
zero-day attacks.
18
How to Zero Trust
3. Greater visibility: A zero-trust infrastructure provides greater visibility into network activity,
enabling administrators to quickly identify and respond to security incidents.
4. Better compliance: A zero-trust infrastructure can help organizations meet regulatory compliance
requirements by implementing strong access controls and data protection measures.
5. Simplified management: A zero-trust infrastructure can simplify network management by
implementing a unified policy across all resources and services, reducing the complexity of
security management.
6. Reduced risk of insider threats: Zero-trust security reduces the risk of insider threats by limiting
access to sensitive resources and requiring additional verification for privileged users.
7. Improved user experience: By implementing strong authentication and access controls, a zero-
trust infrastructure can improve the user experience by reducing the risk of unauthorized access
and data breaches.
What we are trying to achieve is the upper right corner of Figure 2.6, no easy
task but well worth the effort!
Figure 2.6: The sweet spot for any security implementation is in the upper right corner, just keep
in mind that data and applications can be critical enough that we might have to limit usability!
Zero
Trust
S
E
C
U
R
I
T
Y
EASE OF USE
2.4 A summary
19
How to Zero Trust
2. Define access policies: Determine access policies based on the principle of least privilege.
Define who should have access to specific resources, applications, and data, and under what
conditions.
3. Implement strong authentication: Deploy multi-factor authentication (MFA) mechanisms to
strengthen user authentication. Require users to provide multiple forms of verification, such
as passwords, biometrics, or tokens.
4. Enable continuous monitoring: Implement real-time monitoring and logging to track user
activity, network traffic, and access attempts. Use this data to detect anomalies, identify potential
threats, and respond promptly.
5. Segment the network: Implement network segmentation to create isolated zones or
compartments. Separate critical assets, applications, and data into different segments to restrict
lateral movement and limit the potential impact of a breach.
1. Embrace micro-segmentation: Apply micro-segmentation techniques to further segment the
network into smaller, granular segments. This allows for even more precise access controls
and containment of potential threats.
2. Adopt a zero-trust architecture: Transition from a perimeter-based security model to a zero-
trust architecture. This involves removing the implicit trust assumptions and implementing
continuous authentication and authorization mechanisms for every access request, both within
and outside the network perimeter.
3. Implement least privilege access: Grant access rights based on the principle of least privilege.
Users should only have access to the resources they need to perform their specific roles and
tasks.
4. Monitor and analyze behavior: Utilize behavior analytics and anomaly detection to identify
unusual user behavior or suspicious activities. Continuously monitor and analyze user behavior
to detect potential insider threats or compromised accounts.
5. Educate and train employees: Provide comprehensive training and awareness programs to
educate employees about the zero-trust model, the importance of security, and their roles and
responsibilities in maintaining a secure environment.
6. Regularly assess and update security controls: Continuously evaluate and update security
controls, access policies, and technologies to adapt to evolving threats and vulnerabilities.
Remember that implementing zero trust is a journey rather than a one-time
task. It requires ongoing commitment, collaboration, and adaptation to ensure
the security of your organization’s assets and data.
Lastly, none of the above steps can stand alone in a zero-trust project,
but they are all integral to the success of the overall implementation and
maintenance of a zero-trust project!
20
CHAPTER
This chapter we will focus strictly on the networking level. By that I mean
subjects like networking design, network access, micro segmentation, MFA and
more. The network is a vital component in any IT infrastructure. Even if your
company is in the cloud, the network is the component that makes it possible
for you to use the cloud. Unfortunately, many organizations are not using the
security options present in a well-maintained network.
In this chapter we will, again, use the figure from the beginning of Chapter 2
(Figure 3.1):
Figure 3.1: This figure is just as relevant for zero-trust at the networking level as it is for the
other layers in a zero-trust implementation.
21
Zero Trust – The Networking Level
You might think that the figure might suit a more overall approach to zero-
trust, and not a networking focused one, but you would be wrong. Remember,
the network is the foundation of all of the zero-trust architecture that is needed
for a zero-trust implementation. Remember, the user in the upper left corner
needs to use the network to access the application in the lower right.
The traditional approach to security was based on the concept of “trust but
verify.” The weakness of this approach is that once someone was authenticated,
they were considered trusted and could move laterally to access sensitive data
and systems that should have been off-limits.
Zero trust principles change this to “never trust, always verify.” A zero-
trust architecture doesn’t aim to make a system trusted or secure, but rather
to eliminate the concept of trust altogether. Zero trust security models assume
that an attacker is always present in the environment. Trust is never granted
unconditionally or permanently but must be continually evaluated.
But the perimeter changed, rapidly with the onset of Covid 19, as
employees, contractors, and business partners began working remotely –
accessing resources via cloud-based networks or with personally owned devices
that couldn’t always be verified as completely secured. In addition, the
deployment of Internet of Things (IoT) devices (to be touched upon more deeply
in Chapter 5), which often had automatic access to network resources, increased.
The good news for many companies is that they likely already possess
most of the zero-trust enabling technologies. In adopting a zero-trust approach,
22
Zero Trust – The Networking Level
companies will more likely need to adopt and enforce new policies, rather than
install new hardware.
Figure 3.2: The network is the foundation for implementing zero-trust up through the stack.
23
Zero Trust – The Networking Level
Figure 3.3: There are various ways of looking at zero-trust. This figure is relating Cisco, CISA
and NIST. One is not better than the other, use the one that first your needs!
This chapter is partly focused on the Cisco Zero Trust Framework with the
User and Device Security, Application and Data Security, and Network and
Cloud Security pillars (Figure 3.3).
3.2 Approach
Before you start deploying a zero-trust architecture, there are several basic rules
that must be followed across the company for the system to work.
• All data sources, computing services, and devices are considered resources. Even employee-
owned devices must be considered a resource if they can access enterprise-owned resources.
• All communication should be secured, regardless of the network location.
• Access to resources is granted on a per-session basis, and with the least privileges needed to
complete a task.
• Access to resources is determined through a dynamic policy that includes the state of a client’s
identity and application.
• An enterprise must monitor and measure the integrity and security posture of all owned and
associated assets.
• Authentication and authorization are strictly enforced before access is allowed and can be subject
to change.
• An organization needs to collect as much information as possible about the current state of their
assets, network infrastructure, communications, end users and devices in order to improve their
security posture.
24
Zero Trust – The Networking Level
Many of these systems feed data into a trust algorithm that helps make
the ultimate decision for the request to access network resources. The trust
algorithm considers data from the requestor as well as several other metrics
as part of its decision. Examples of questions include, but are not limited to:
• Who is this person? Is it a real person, a service account or a machine?
• Have they requested this before?
• What device are they using?
• Is the OS version updated and patched?
In Figure 3.4 I have designed a common situation for many companies,
especially those of an international nature. There is headquarters, possibly
more than one, with many sub-offices scattered around the country or world. In
cases where the company has been buying other companies, the infrastructure
will be a complex set of infrastructures from different vendors and different
design philosophies, making the overall infrastructure situation complex and
difficult to manage.
Every company is different, so the way they approach zero trust will vary.
Here are a few common scenarios:
25
Zero Trust – The Networking Level
Figure 3.4: Keep in mind that many organizations are distributed across a country and even the
world. Zero-trust in such a situation is a major effort.
• An enterprise with satellite offices (like above): Companies that have employees working
at remote locations, or remote workers, would likely need to have a PE/PA hosted as a cloud
service.
• Multi cloud, or cloud 2 cloud enterprises: Companies that use multiple cloud providers
(an ever-increasing number of enterprises!) might see a situation where an application is hosted
on a cloud service that is separate from the data source.
• Enterprises with non-employee or contractor access: For on-site visitors or contracted
service providers that need limited access, a zero-trust architecture would also likely deploy the
PE and PA as a hosted cloud service, or on the LAN, in non-cloud cases.
Segmentation has been a mantra for security at the networking level for
many years now and the importance of segmentation has only increased with
criticality of IT to the businesses and organizations. The original goal of
segmentation was to limit the occurrences of broadcast storms, but it has
migrated away from the core purpose to be aimed at controlling the kinds
26
Zero Trust – The Networking Level
The next use case for segmentation is controlling the kinds of traffic allowed
on each of the network segments. See Figure 3.5.
Figure 3.5: Segmentation is a core part of zero-trust at the networking level of an infrastructure.
In this figure the various workloads are divided into clusters, in a real
organization, there will be many more clusters than you see here, this is just
to provide a foundation. By creating the VLAN segmentation like in Figure 3.5,
we can control traffic between the clusters, and control what kind of traffic is
allowed on the VLAN’s in each cluster.
The ERP cluster will undoubtedly need to communicate with the database
cluster, but should the traffic coming from the ERP cluster be allowed non
27
Zero Trust – The Networking Level
database traffic? Maybe, but by segmenting the server workloads into discrete
clusters, we can control, and monitor, the traffic, and protocols that we allow
between the clusters. This provides us with an enormous amount of insight into
our traffic patterns, while at the same time we are limiting the attack surface
that a malicious attacker can utilize to compromise the business or organization.
Software defined networking and software defined access are concepts that
are still new to networking technologies and infrastructures, so let’s begin this
section by defining SDN and SDA, and their relations to zero-trust, before
moving on.
3.4.1 SDN
28
Zero Trust – The Networking Level
• Cost efficiency: SDN can help reduce costs by optimizing network resource utilization, enabling
better traffic engineering, and supporting the use of commodity hardware. It allows organizations
to leverage cost-effective solutions and avoid vendor lock-in.
• Enhanced network visibility: SDN provides granular visibility into network traffic and allows for
real-time monitoring and analysis. This visibility enables better troubleshooting, performance
optimization, and security threat detection.
SDN can also facilitate micro-segmentation of the network, which is a key
component of zero-trust architecture. By dividing the network into smaller
segments, administrators can apply more granular access controls and reduce
the attack surface of the network.
Software defined networking (SDN) and zero-trust are two separate but
related concepts in the field of computer networking and security.
Zero-trust, on the other hand, is a security model that assumes that all
network traffic (including traffic within a private network) is potentially
malicious and should be treated with suspicion. Under a zero-trust model, access
to network resources is granted on a need-to-know basis and is constantly re
evaluated based on contextual factors such as user identity, device security
posture, and network location.
The two concepts are related because SDN can be used to implement a zero-
trust security model. By using a software-defined controller to manage access
control policies, network administrators can more easily adapt to changing
security requirements and ensure that only authorized users and devices are
granted access to sensitive resources.
29
Zero Trust – The Networking Level
3.4.2 SDA
30
Zero Trust – The Networking Level
access. SD-Access automates user and device policy for any application across
the wireless and wired network via a single network fabric.
3.4.3 Tooling
I begin this section by defining and describing the toolset from Cisco I am using
later in this chapter for the actual implementation of zero-trust in the network.
The Cisco Identity Services Engine (ISE) is a network access control and
security policy management platform that can be used to implement a zero-trust
security model.
The ISE is designed to provide visibility and control over network access
by authenticating users and devices, enforcing access policies, and providing
endpoint compliance checks. ISE can integrate with various other Cisco security
technologies, such as Cisco Secure Firewall, to provide comprehensive network
security.
In a zero-trust security model, ISE can play a critical role in ensuring that
only authorized users and devices are granted access to network resources.
ISE can provide policy enforcement for dynamic network segmentation, micro-
segmentation, and context-based access control. This means that access to
31
Zero Trust – The Networking Level
network resources can be granted based on factors such as user identity, device
security posture, and network location, rather than simply allowing access
based on a user’s network credentials.
ISE can also provide identity and access management capabilities, such as
multi-factor authentication, single sign-on (SSO), and user provisioning. These
features can help to simplify access control and improve the user experience
while maintaining a strong security posture.
With the DNA Center, administrators can define policies for network
access based on a user’s identity, device type, location, and other contextual
factors. These policies can be enforced across the network using software-
defined networking (SDN) capabilities, such as network segmentation and
micro-segmentation. This approach allows administrators to create a zero-trust
environment, where all traffic is treated as potentially malicious and access to
network resources is granted on a need-to-know basis.
Some of the key capabilities of the DNA Center that enable a zero-trust
security model include:
• Software-defined access (SD-Access): This is an automated network segmentation technology
that allows administrators to define and enforce policies for user and device access. By using
SD-Access, administrators can segment the network based on user groups, device types, and
other contextual factors, and apply different policies to each segment.
• Identity services engine (ISE) integration: The DNA Center can be integrated with Cisco
ISE to provide network access control (NAC) and identity and access management (IAM)
capabilities. ISE can authenticate users and devices, enforce access policies, and provide
endpoint compliance checks.
• Analytics and assurance: The DNA Center provides real-time visibility into network traffic,
allowing administrators to detect anomalies and potential security threats. This feature can help
organizations quickly respond to security incidents and mitigate potential damage.
In summary, the Cisco DNA Center provides a comprehensive set of
capabilities that can be used to implement a zero-trust security model. By using
32
Zero Trust – The Networking Level
Using the software defined approach outlined above, we can create policies
at the networking level, controlling and managing the accesses that the users
are given on the network. From Cisco two tools are used for this:
• Cisco ISE
◦ Access control to both the network and the networking infrastructure
◦ BYOD
◦ Guest Access.
• Cisco DNA Center
◦ Automation
◦ Analytics
◦ Virtualization.
Using these two solutions, we can control who has access and what kinds of
access they are given on the network. Cisco ISE will be mentioned in the next
section as well, on multi-factor authentication.
Using the Cisco ISE and DNA Center, we can create the policies and rules
governing the accesses between the clusters in Figure 3.5. We can even control
what kinds of actions are allowed for the users on the networking devices,
depending on the level of access rights we give them, down to individual
commands on the devices.
3.4.3.3 VXLAN
VXLAN (Virtual Extensible LAN) and zero trust are two separate but
complementary technologies that can be used together to improve network
security.
33
Zero Trust – The Networking Level
the segmentation of the network into multiple virtual networks, each with its
own security policies and access controls. This segmentation can help to limit
the attack surface and reduce the impact of any potential security breaches.
Zero trust, on the other hand, is a security model that assumes no trust,
whether inside or outside the network. It is designed to prevent unauthorized
access to network resources and data, and to limit the potential damage of any
security breaches. Zero trust can help to ensure that all access attempts are
authenticated and authorized before granting access to the network.
The Cisco ACI (Application Centric Infrastructure) and zero trust are two
separate but complementary technologies that can be used together to improve
network security.
Zero trust, on the other hand, is a security model that assumes no trust,
whether inside or outside the network. It is designed to prevent unauthorized
access to network resources and data, and to limit the potential damage of any
security breaches. Zero-trust can help to ensure that all access attempts are
authenticated and authorized before granting access to the network.
34
Zero Trust – The Networking Level
are properly authenticated and authorized. This can help to prevent security
breaches and limit the impact of any potential breaches that do occur.
3.5 SD-WAN
SD-WAN can also provide granular access controls that are tied to user
identity and context. By integrating with identity and access management
systems, SD-WAN can provide dynamic access controls that adapt to user
behavior and network conditions, providing a more fine-grained approach to
access control.
35
Zero Trust – The Networking Level
3.6 TACACS+
36
Zero Trust – The Networking Level
3.7 RADIUS
RADIUS has many of the same features as TACACS+, but without the functions
for granular access to individual commands on Cisco equipment. Some of the
key features of RADIUS are:
• Authentication: RADIUS provides authentication services by verifying the identities of users
attempting to access network resources. It supports a range of authentication methods, including
password-based authentication, challenge-response protocols, token-based authentication, and
more.
37
Zero Trust – The Networking Level
• Authorization: RADIUS allows for centralized authorization management. It provides the ability
to define access policies, such as granting or denying access to specific resources or
services based on user attributes, network conditions, or other contextual factors. This enables
administrators to enforce access controls and implement the principle of least privilege.
• Accounting: RADIUS supports accounting functionality to track and log user activities on the
network. It captures information such as login/logout events, session duration, data transfer, and
other relevant details. Accounting data can be used for billing purposes, network management,
and auditing user behavior.
• Integration with directory services: RADIUS can integrate with various directory services, such
as LDAP (Lightweight Directory Access Protocol) or Active Directory, for user authentication and
authorization. This integration allows organizations to leverage their existing user databases and
centralize user management.
• Scalability: RADIUS is designed to handle large-scale deployments. It supports scalability
by enabling the use of distributed RADIUS servers, load balancing techniques, and failover
mechanisms. This ensures high availability and performance in environments with a significant
number of users or network devices.
• Security: RADIUS incorporates security measures to protect authentication information and
communication between clients and servers. It supports encryption protocols such as EAP
(Extensible Authentication Protocol) and supports the use of secure transport protocols like
SSL/TLS. These security measures help safeguard sensitive user credentials and prevent
unauthorized access.
• Interoperability: RADIUS is a widely adopted standard protocol that promotes interoperability
among networking equipment and software from different vendors. This enables organizations
to implement a unified AAA infrastructure across heterogeneous network environments.
3.8 MFA
Using MFA, before giving access to a user device, like a laptop, tablet or
mobile phone is equally important. How do we know that the device and the
users have rights to use the network, without authenticating them? Using MFA
as an extra layer of authentication before giving access to a core resource like
the network is a zero-trust way of thinking. MFA will be mentioned in the next
chapter as well, where we will be looking at the identity part of zero-trust.
38
Zero Trust – The Networking Level
3.9 VPN
VPN has been the go-to solution for remote access to the infrastructure for
decades now and with zero-trust becoming the new black, VPNs are becoming
the solution to the concept of zero-trust network access. But VPNs cannot be
seen as the only solution to remote access, we need to apply policies in the same
manner as we do for software defined networking and access.
Historically, when you connected to a company network via VPN, you got
access to the entirety of the inside, something that a zero-trust way of thinking
will find unacceptable. Take a look at Figure 3.6.
Figure 3.6: Zero-trust requires us to think about the level of access as well as how wide that
access is for our VPN users.
Should a VPN user have access to the entirety of the infrastructure? Maybe,
but in most cases the VPN user is logging on for a specific purpose, like access
39
Zero Trust – The Networking Level
to an ERP system. Why not, then, restrict access to only the ERP system. Using
policies to control the access for both VPN users and on-premises users is called
zero-trust network access. Beginning a zero-trust journey at the networking
layer creates a foundation for all of the additional steps needed to implement
a zero-trust architecture for the business or organization.
3.10 Challenges
Apart from some of the migration issues associated with moving from implicit
trust to zero trust, there are several other issues security leaders should
consider. First, the PE and PA components must be properly configured and
maintained. An enterprise administrator with configuration access to the PE’s
rules might be able to perform unapproved changes or make mistakes that
can disrupt operations. A compromised PA could allow access to resources
that would otherwise not be approved. These components must be properly
configured and monitored, and any changes must be logged and be subject to
audit.
Second, because the PA and PEP are making decisions for all access
requests to resources, these components are vulnerable to denial-of-service
or network disruption attacks. Any disruption to the decision process could
adversely affect a company’s operations. Policy enforcement can reside in a
properly secured cloud environment or replicated in different locations to help
lower this threat, but it does not eliminate the threat completely.
40
Zero Trust – The Networking Level
3.11 Outro
1. Network segmentation: By dividing the network into smaller, more secure segments,
organizations can reduce the attack surface and limit the impact of a potential security breach.
Network segmentation can be based on factors such as user groups, device types, and
application requirements.
2. Dynamic access control: Access to network resources should be granted based on contextual
factors such as user identity, device type, and location, rather than simply allowing access based
on a user’s network credentials. This approach can help organizations to prevent unauthorized
access to network resources.
3. Micro-segmentation: This is a technique where network segmentation is taken to the next level
by breaking down the network into smaller segments based on factors such as application
requirements and workload types. Each micro-segment can have its own access policies and
security controls, which can help to further reduce the attack surface of the network.
4. Multi-factor authentication: By requiring users to authenticate using multiple factors such as a
password and a token or biometric authentication, organizations can reduce the risk of credential
theft and improve overall security posture.
41
Zero Trust – The Networking Level
5. Continuous monitoring: Organizations should monitor their network for anomalous behavior
and potential security threats in real-time. This can help to detect and respond to security
incidents quickly, reducing the potential damage.
Implementing a zero-trust security model at the networking layer involves
creating a dynamic, policy-driven environment where access to network
resources is granted based on contextual factors. By using techniques such as
network segmentation, dynamic access control, and multi-factor authentication,
organizations can better defend against insider and external threats while
maintaining a strong security posture.
42
CHAPTER
In this chapter we will be using Microsoft Azure AD as the identity provider, for
our discussions. This should not be seen as if this option is the only one for a zero-
trust identity approach. This is just the vendor with which we are most familiar.
Oracle, IBM and SAP, for instance, have their own identity providers that can
be used for a zero-trust identity project as easy as Azure AD from Microsoft, or
they can choose to use Azure Ad as the identity provider for their own software.
Like before we will be using Figure 4.1 from Chapter 2 as the basis for the
identity examples in this chapter:
Figure 4.1: Validation an identity through the entire flow from the upper left to the lower right is
the essence of zero-trust.
43
Zero Trust Identity
Again, the focus is on getting the person in the upper left corner secure
access to the resource in the lower right one, with a focus on the identity part of
the process. Not all the steps will be relevant in this chapter, but the AAA, MFA
Remote Access and DLP are all relevant for the identity part of a zero-trust
project.
The flexibility on the part of Azure AD is a core reason for us choosing this
identity platform as the basis for this chapter. Azure AD can integrate with
thousands of different applications, as well as be integrated as the identity
platform for new application development.
Azure AD can be used as policy engine (PE), policy administrator (PA), and
policy enforcement point (PEP). This makes Azure AD the natural choice for all
the organizations out there that have based their infrastructure on technologies
from Microsoft.
4.1 Identity
Identity has become the core way that organizations can protect themselves
and apply policies to as part of their cybersecurity steps. Why? The new way
of working, something that was exacerbated with the global Covid pandemic;
we are no longer working strictly from within the corporate premises. We are
distributed across the world in some cases and working from home in others.
Because of this the traditional ways of securing the enterprise with firewalls
and antivirus tools are no longer enough. These tools are still in use of course,
but they cannot protect the organization when the users are using their own
equipment to access the company resources or the home network, devices and
resources that are not under the control of the organization. What to use then?
Identity is the only real way that we can control access to company resources
and systems. Identity has been used for this for decades, but the importance
of securing and controlling the identities used are of critical importance,
not just for zero-trust projects, but for the overall security of businesses and
organizations. Look at Figure 4.2 to see how identities are the core control in
various IT systems/areas
44
Zero Trust Identity
Figure 4.2: Identity validation from the left to the right, for the devices before they get access to
applications, the network and data ensures a zero-trust through the entire flow.
The “connect the users and applications” point deserves a little more
detail. We can, in many applications, like SQL Server, Oracle and Cisco
equipment, create local users on applications or devices. By making sure that
these applications and equipment are connected to the same core identity
management system, we avoid the additional overhead of administering
identities in multiple places, as well as avoiding the risk of errors on the part of
us humans.
Having just one place where we are creating and maintaining users and
access rights, and connect other systems/applications to this, decreases the
complexity of managing users and user rights. This centralized management
of the users provides us with easy management of credentials to applications
and systems and organization. See Figure 4.3 for an overview, especially that
Azure AD can be used with other cloud providers as well!
4.2 Azure AD
45
Zero Trust Identity
Azure AD can also provide granular access controls that are tied to user
identity and context. By integrating with other security solutions, such as
endpoint detection and response (EDR) and security information and event
management (SIEM), Azure AD can provide dynamic access controls that adapt
to user behavior and network conditions.
Figure 4.3: I have chosen Azure AD as the core identity store because of its flexibility, but you
can use AD if that is your core identity management systems as well.
46
Zero Trust Identity
Passwords have been the go-to authentication method for many decades, but
passwords are no longer a strong enough option for authentication. Why? If a
user falls for an authentic looking phishing mail and provides their username
and password to a website, then that is it, our infrastructure will now, most likely,
have unwanted users in the infrastructure.
The only real way of mitigating this risk is by asking the users, and especially
the privileged users like domain admins, for multi-factor authentication, MFA.
MFA can be realized in multiple different ways:
• FIDO2 Key
• Windows Hello
• Biometrics
• Hard Tokens, like an RSA Token
• Microsoft Authenticator.
Azure AD has its own MFA solution that can be integrated into applications
using Azure AD for authentication, or Azure AD can be integrated with
the above solutions for MFA. With the advent of multiple cloud solutions
in a modern hybrid infrastructure, the importance of strong authentication
mechanisms cannot be overstated. With our applications spread around cloud
solutions the only real object we have any kind of control over is the identity
and authentication mechanisms.
Making Azure AD the core authentication mechanism presents its own risks
of course, but the tooling that we have with Azure AD makes the reporting
and control over the rights of the end users a much more enticing prospective.
Microsoft provides additional tooling for securing and managing Azure AD that
can mitigate many risks associated with identities, albeit at an additional cost!
The next section looks at the tooling we have in Azure AD and the policy engine
for authentication policies.
Microsoft is actively developing the feature set of Azure AD, so, at the time
you are reading this, more features will undoubtedly be present. In addition to
47
Zero Trust Identity
Azure AD’s Conditional Access feature is a powerful tool that can help
organizations enforce a zero-trust security model. Conditional Access enables
organizations to define policies that restrict access to applications and data
based on a variety of factors, such as user location, device state, application
sensitivity, and risk level.
Conditional Access is the policy engine for authentication in Azure AD, not
the only one, but the most important of the options. Look at Figure 4.4.
Note the options above with the preview text in parentheses. These are some
of the features that Microsoft are working on at the time I am writing this section
of the book. Also note the section at the end, where we can monitor the results
and effects of the policies we create with conditional access.
48
Zero Trust Identity
Figure 4.4: Policies for the users in Azure AD creates the core of zero-trust in Azure AD.
As I am writing this book, the war in Ukraine is raging back and forth, and
cyber-attacks are a core part of the Russian war strategy. Conditional access can
be used to create policies where we restrict access to systems using Azure AD as
the authentication mechanism from countries in a list. This is where the option
called named locations in the Figure 4.4 comes into play. With named locations,
we can create policies for things like MFA, based on where the users are coming
from, or we can deny access altogether if they are trying to authenticate from a
country like Russia. See Figure 4.5 for the named location options.
49
Zero Trust Identity
Figure 4.5: Conditional access in Azure AD gives us the ability to limit access from a subset of
countries, or we can use these settings to require additional validation from certain countries
around the globe.
The countries options show a list of countries that we can use as a named
location. How does Azure AD know which country the users are coming from?
We can configure this setting when we create a named location, see Figure 4.6.
50
Zero Trust Identity
In all, Azure AD comes with a strong set of tools that can help us create
governance strictures surrounding our use of Azure AD as an identity source.
Having good governance in place in general is good business practice, but it
is especially important for good cybersecurity. Here I will focus on governance
surrounding identity. See Figure 4.7.
Figure 4.7: Regular review of the users in an application and the level of their rights, ensures
that we can continually rely on Azure AD as an updated and trusted identity store.
This figure is taken from the identity governance section for Azure AD.
There are different governance tools in place, depending on the area of identity
in question. Here I will focus on the first option, External user lifecycle and
the last option, auditing, and reporting. Establishing strong processes and
governance around granting access to internal systems, to external users, must
be a priority in any organization, not just for zero-trust, but for the overall
security of the organization in general.
Having a process in place that does basic hygiene for both Azure AD and
the on-prem AD, that removes or makes accounts inactive, is critical to the
51
Zero Trust Identity
security of the authentication system, not just for Azure AD or AD, but for any
authentication system.
Unfortunately, this basic hygiene is often not in place! There can be many
reasons for this, like service accounts not removed after an application has
been retired, or not having a process in place with HR when staff resign or are
replaced a different place in the organization, still retaining their user rights
from their previous responsibilities (Figure 4.8). Something I see with many
customers, unfortunately.
52
Zero Trust Identity
In this chapter we look at the options for controlling and managing the
authentication strength of Azure AD. At the time of writing, this functionality
is still in preview, but I see the option for us to control this part of Azure AD
as a huge benefit to the overall security of authentication, especially when we
integrate Azure AD as the authentication system in different application, not
necessarily from Microsoft, like SAP or Oracle.
These are some of the options in place as I write this book, more might be
added, or removed, when this functionality is out of the preview phase. Note the
number of different methods of authentication in the list. The ones you should
stay away from are the ones mentioning SMS. SMS has been broken as a second
53
Zero Trust Identity
Figure 4.9: At the point of writing these are the options for MFA with Azure AD, undoubtedly
there are more now. MFA is core to the conditional access policies and zero-trust.
factor for authentication for years and you should expect those to be removed
from the list before the preview phase is over.
54
Zero Trust Identity
Can they handle this kind of authentication? This makes choosing the right
authentication method a challenge for many organizations, since they might not
be fully aware of the limitations of the applications in their infrastructure. On
top of that, some of the applications might be too old to integrate with Azure AD.
Not that there is anything wrong with using AD, but a zero-trust project
should also use the opportunity to limit the number of authentication systems as
part of the project, if possible. Multiple authentication systems possibly mean
multiple places of user maintenance, increasing the options of human errors,
the ever-present source of mistakes.
PIM can help organizations reduce the risk of privileged access misuse or
abuse, by ensuring that users only have access to privileged roles when needed,
and that the access is strictly monitored and audited.
Here are a few examples of how PIM aligns with the zero-trust security
model:
1. Just-in-time access: PIM provides time-bound access to privileged roles, which means that
users only have access to those roles for a specific amount of time. This approach aligns with
the zero-trust security model, which requires continuous verification of all access attempts, and
can help prevent unauthorized access to sensitive resources.
2. Access reviews: PIM enables organizations to review and certify the access of users to privileged
roles, ensuring that only authorized users can access those roles. This aligns with the zero-trust
55
Zero Trust Identity
security model, which assumes that no user or device can be trusted until they are authenticated
and verified.
3. Approval workflows: PIM requires users to request access to privileged roles and provides
approval workflows to ensure that access requests are reviewed and approved by the appropriate
individuals. This approach aligns with the zero-trust security model, which requires continuous
monitoring and verification of all access attempts.
Overall, PIM can play a crucial role in implementing a zero-trust security
model by providing a controlled and audited approach to managing privileged
access. By leveraging PIM, organizations can reduce the risk of privileged access
misuse or abuse and ensure that only authorized users with verified identities
and devices can access sensitive resources.
A privileged account might not only be the ones built into Azure AD or AD,
but a privileged account can also be an application specific account on an ERP
system or database.
In Section 4.2.1 on MFA, I mentioned that using MFA for accounts with
a high level of sensitive privileges was a must. That is still true but having
strong monitoring and logging in place for these kinds of accounts are just as
important. Any hacker that compromises a user account will immediately try
to elevate that access to a more privileged account. This makes monitoring of
these accounts of the utmost importance. Look at Figure 4.10.
Figure 4.10: Formal approval of elevated rights for any length of time is critical for zero-trust.
56
Zero Trust Identity
Note the options My requests and Approve requests. These options make it
possible for a privileged role to be requested as well as for this request to be
sent to another role for approval. In this way, we can control who gets access
to a privileged role by having a flow in place for approval before the role gets
assigned to the requestor. Unfortunately, for now this functionality is limited,
so we will still need a formal IAM system for these requests to be expanded
beyond Azure AD roles.
The auditing in Azure AD for privileged roles is very good, see Figure 4.11.
Figure 4.11: The systems, or application, owners should approve any elevated access rights to
their systems or applications.
Azure AD provides logging and monitoring for both the roles assigned, as
well as the resources that the roles have been accessing while being issued
with the privileged role. The last option, called Azure Managed applications,
are related to resources that are integrated into Azure AD, thereby extending
the logging and monitoring to applications that are not necessarily Azure native
in nature.
4.7 IAM
One of the key benefits of IAM in the context of zero-trust networking is that
it provides strong authentication mechanisms that can adapt to changing risk
conditions. By implementing multi-factor authentication and conditional access
policies, IAM can ensure that users are who they claim to be, and that they are
57
Zero Trust Identity
only granted access to resources and applications that they are authorized to
access.
IAM can also provide granular access controls that are tied to user identity
and context. By integrating with other security solutions, such as endpoint
detection and response (EDR), and security information and event management
(SIEM), IAM can provide dynamic access controls that adapt to user behavior
and network conditions.
The Microsoft solution to IAM is not that strong currently, but there are
many vendors out there with solutions that can integrate with Azure AD, as
well as the identity solutions from the other cloud vendors, like AWS, Google or
Oracle cloud infrastructure.
4.8 Outro
58
Zero Trust Identity
3. Identity protection: Azure AD’s Identity Protection feature can help organizations detect and
respond to identity-based threats, such as suspicious sign-in activity, risky user behavior,
or compromised credentials. Identity protection can help organizations reduce the risk of
data breaches or security incidents, by providing real-time risk assessments and automated
remediation.
4. Azure AD privileged identity management (PIM): As I mentioned earlier, PIM can help
organizations manage and control access to privileged accounts and roles, by providing just-in
time access and approval workflows. PIM can help reduce the risk of privileged access misuse or
abuse and ensure that only authorized users with a verified need can access sensitive resources.
5. Security monitoring and reporting: Azure AD provides several monitoring and reporting
features, such as sign-in and audit logs, that can help organizations detect and respond to
security incidents and policy violations. Security monitoring can help organizations maintain a
continuous and controlled approach to access management and ensure that all access attempts
are audited and verified.
Azure AD provides a powerful set of tools and features we can use to
implement and maintain a zero-trust security model. By leveraging Azure AD’s
capabilities, organizations can ensure that all access attempts are continuously
verified and authenticated, and that sensitive resources are only accessible to
authorized users with verified identities and devices. This approach can help
organizations reduce the risk of data breaches, security incidents, and other
cyber threats.
59
CHAPTER
Cloud computing can also provide a more dynamic and flexible approach
to zero-trust networking, allowing administrators to easily scale resources
and services up or down as needed. This can help organizations respond
more quickly to changing threat conditions and adapt their security posture
accordingly.
61
Cloud and Zero-trust
Cloud computing has a relatively recent history that can be traced back to the
early 2000s. Here is an overview of the key milestones and developments in the
history of cloud computing:
62
Cloud and Zero-trust
There is a saying that predicting the future is flawed and often wrong; however,
I am still going to give it a shot here. Please keep in mind that these are my
predictions based on my own experiences and client requests over the past few
years.
• Hybrid and multi-cloud adoption: Many organizations will continue to adopt a hybrid cloud
approach, combining public and private clouds to leverage the benefits of both. Additionally,
multi-cloud strategies will become more prevalent, where businesses utilize multiple cloud
providers for different purposes, such as leveraging specific services or avoiding vendor lock-in.
• Edge computing and fog computing: The rise of Internet of Things (IoT) devices and the need
for low-latency processing will drive the growth of edge computing and fog computing. Cloud
services will extend their reach to the edge of the network, enabling real-time data processing
and analysis closer to the source of data generation.
• Serverless computing: Serverless computing, where cloud providers manage the infrastructure
and automatically scale resources, will continue to gain popularity. It offers improved resource
utilization, reduced operational overhead, and enables developers to focus more on code and
functionality rather than infrastructure management.
• Artificial intelligence and machine learning: Cloud platforms will increasingly offer AI and
machine learning services, allowing businesses to leverage advanced analytics, natural
language processing, computer vision, and predictive modeling capabilities without requiring
specialized expertise. These services will be integrated into various applications, making AI
more accessible to a wider range of organizations.
• Security and privacy enhancements: As cloud technology matures, there will be a heightened
focus on security and privacy. Cloud providers will invest in advanced security measures, such
as encryption, threat detection, and identity management, to protect data and ensure compliance
63
Cloud and Zero-trust
with regulations. Privacy concerns, especially related to data handling and user consent, will
continue to be addressed and regulated.
• Quantum computing in the cloud: While still in its early stages, quantum computing has the
potential to revolutionize various industries. In the future, cloud providers may offer quantum
computing resources and services, allowing organizations to access and experiment with
quantum algorithms and applications without needing to build their own infrastructure.
• Green cloud computing: Environmental sustainability will play a significant role in the future
of cloud technology. Cloud providers will focus on reducing energy consumption, adopting
renewable energy sources, and implementing more efficient data center designs. Additionally,
organizations will prioritize cloud providers with strong environmental credentials to align with
their sustainability goals.
• Enhanced collaboration and communication: Cloud-based collaboration and communication
tools will continue to evolve, offering improved integration, real-time collaboration features, and
seamless workflows across different devices and platforms. These tools will enable remote teams
to work together effectively and facilitate virtual meetings, file sharing, and project management.
• Cloud integrations. As the customers are beginning to utilize different cloud vendors for different
purposes, we will see an increase in integrations between the different cloud vendors. Microsoft
and Oracle have already begun integrating the various offerings in their respective clouds with
one another, I see this trend increasing in the coming years.
There are very few differences between the zero-trust steps needed in the cloud
and those needed in on-prem environments. Take a look at the points below:
• Identity and access management (IAM): Implementing robust IAM practices is crucial for zero
trust in the cloud. This involves establishing strong user authentication mechanisms, such as
multi-factor authentication (MFA), and implementing fine-grained access controls based on user
roles, permissions, and contextual factors.
• Micro segmentation: Cloud environments often consist of multiple interconnected components,
such as virtual machines, containers, and services. Micro segmentation involves dividing these
components into smaller, isolated segments and enforcing strict access controls between them.
This limits lateral movement within the network and reduces the impact of a potential security
breach.
• Least privilege: Following the principle of least privilege is fundamental in a zero-trust
environment. Users and systems should only have access to the resources and data they
explicitly require to perform their tasks. By minimizing unnecessary access rights, the attack
surface is reduced, and the potential damage of a compromised user or system is mitigated.
• Continuous monitoring and analytics: Zero trust requires continuous monitoring of user
behavior, network traffic, and system activity. Utilizing advanced analytics and machine learning
techniques, organizations can identify anomalous behavior and potential threats in real time.
64
Cloud and Zero-trust
This allows for proactive threat detection and response, helping to prevent or minimize security
incidents.
• Encryption and data protection: Protecting data at rest and in transit is a critical component of
zero trust in the cloud. Employing strong encryption mechanisms, both for data stored in the
cloud and data transferred between different cloud services, ensures that even if an attacker gains
access to the data, it remains unreadable and unusable.
• Security automation and orchestration: Cloud environments are highly dynamic, with resources
being provisioned, scaled, and decommissioned rapidly. To maintain zero-trust principles, it’s
important to automate security processes, such as access provisioning, threat detection, and
incident response. Security orchestration tools can help streamline these processes and ensure
consistent enforcement of security policies.
• Secure remote access: Zero-trust principles are particularly relevant in remote work scenarios,
were employees access cloud resources from various locations and devices. Implementing
secure remote access solutions, such as virtual private networks (VPNs) or secure access service
edge (SASE) architectures, ensures that user connections are authenticated and encrypted,
regardless of their location.
If you remember back to some of the earlier chapters, then you will
recognize many of the above steps from there. Are there differences between
zero trust in on-prem environments and the cloud? Yes, there are, for instance,
many cloud vendors that offer SaaS solutions to their customers. In Microsoft
Azure for instance there is the Azure SQL offering where customers can use a
database in Azure for their data storage needs.
In addition to Azure SQL there are serverless in the mix of SaaS services,
all of which need to be implemented in different environments and application
scenarios. So, although many of the steps are similar, there are technologies in
the cloud that need additional thought before they become zero-trust enabled.
Azure SQL, the cloud-based database service offered by Microsoft Azure, can
be integrated with zero-trust principles to enhance the security of data stored
in Azure SQL databases. Here are some key considerations for implementing
zero trust with Azure SQL:
• Identity and access management (IAM): Implement strong authentication mechanisms for
accessing Azure SQL databases, such as Azure Active Directory (Azure AD) authentication. Azure
AD integrates with zero trust principles by providing identity-based access controls and allowing
organizations to enforce multi-factor authentication (MFA) for user access.
65
Cloud and Zero-trust
• Role-based access control (RBAC): Utilize RBAC to assign granular permissions to users or
groups accessing Azure SQL. With RBAC, you can follow the principle of least privilege and
provide users with only the necessary permissions to perform their tasks within the database.
• Private endpoint: Azure private endpoint enables you to access Azure SQL databases over a
private network connection, eliminating the need to expose your database to the public internet.
By leveraging private endpoint, you can enforce zero trust principles by ensuring that access to
your Azure SQL database is only possible through a private and secure network connection.
• Network security: Implement network security controls, such as Azure Virtual Network (VNet)
service endpoints and Azure Firewall, to restrict inbound and outbound traffic to your Azure
SQL database. By configuring secure network connections and using firewall rules to allow only
authorized traffic, you can reduce the attack surface and enforce zero-trust principles.
• Auditing and monitoring: Enable auditing and monitoring features in Azure SQL to track and
log database activities. By leveraging Azure Monitor and Azure Sentinel, you can continuously
monitor database access, detect anomalous behavior, and respond to potential security incidents
in real time, aligning with zero trust’s continuous monitoring principle.
• Encryption: Protect data at rest and in transit by utilizing encryption features provided by Azure
SQL. Enable transparent data encryption (TDE) to encrypt data at rest within the database.
Additionally, enforce SSL/TLS encryption for data transmission between client applications and
Azure SQL to secure data in transit.
• Threat detection and advanced security: Utilize Azure SQL’s built-in threat detection capabilities,
such as Azure SQL Database advanced threat protection, which employs machine learning
algorithms to identify suspicious activities and potential security threats. These features align
with zero-trust principles by proactively detecting and responding to potential security risks.
• Data masking and row-level security: Implement data masking and row-level security in Azure
SQL to ensure that sensitive data is protected, and access is limited based on defined security
policies. Data masking can help obfuscate sensitive data from non-privileged users, while row-
level security can restrict data access based on specific conditions or user attributes.
Note that micro segmentation is not in the above list. Micro segmentation
needs to be done outside of the Azure SQL service, likewise for monitoring.
5.3.2 Serverless
Azure Serverless, which includes services like Azure Functions and Logic Apps,
can be integrated with zero-trust principles to enhance the security of serverless
applications and workflows. Here are some considerations for implementing
zero trust with Azure Serverless:
• Authentication and authorization: Implement strong authentication mechanisms for accessing
serverless functions and workflows. Azure Active Directory (Azure AD) authentication can be
used to enforce identity-based access controls and enable multi-factor authentication (MFA) for
user access to serverless resources.
66
Cloud and Zero-trust
• Role-based access control (RBAC): Utilize RBAC to assign granular permissions to users or
groups accessing Azure Serverless resources. By following the principle of least privilege,
you can provide users with only the necessary permissions to execute and manage serverless
functions or workflows.
• Secure inputs and outputs: Apply input validation and output encoding to protect against
potential security vulnerabilities, such as injection attacks or cross-site scripting (XSS).
Implementing proper validation and encoding techniques ensures that data inputs and outputs
in serverless applications are treated securely.
• Encryption and secure communication: Ensure that data at rest and in transit within serverless
applications is appropriately encrypted. Azure Key Vault can be used to store and manage
encryption keys, and SSL/TLS should be enforced for secure communication between serverless
components and external systems.
• Logging and monitoring: Enable logging and monitoring features in Azure Serverless services
to track and analyze application activities. Utilize Azure Monitor, Azure Application Insights,
or third-party logging solutions to gain visibility into the execution and behavior of serverless
functions and workflows. This helps in detecting any suspicious activities or potential security
incidents.
• Continuous deployment and security testing: Implement continuous integration and continuous
deployment (CI/CD) pipelines for serverless applications, including security testing as part
of the pipeline. Incorporate automated security scans and code analysis tools to identify
vulnerabilities or misconfigurations during the development and deployment stages.
• Secure storage and secrets management: Use Azure Storage services with appropriate access
controls and encryption for securely storing any sensitive data or configuration information
needed by serverless functions. Azure Key Vault can be used for secure management of secrets,
such as connection strings or API keys, required by serverless applications.
• Regular patching and updates: Keep serverless platforms and dependencies up to date with the
latest security patches and updates. Regularly review and apply security patches to ensure that
known vulnerabilities are addressed, reducing the risk of exploitation.
Typically, Azure functions, or Azure logic apps, are integrated into larger
applications, making the security of these individual components an integral
part of the security of the larger application. DevSecOps makes a lot of sense
in scenarios where a larger application is composed of smaller self-contained
components, like Azure functions or an application that is containerized.
While hybrid cloud environments offer numerous benefits, there are also some
risks and challenges associated with their implementation. Here are some
common risks of hybrid clouds:
67
Cloud and Zero-trust
• Data security: Hybrid cloud environments involve the sharing and movement of data between
on-premises infrastructure and public cloud services. This introduces the risk of data breaches,
unauthorized access, or data leakage during data transfers or while data is at rest in different
environments. It is crucial to ensure robust encryption, access controls, and security measures
to protect sensitive data.
• Compliance and regulatory challenges: Hybrid cloud deployments may span multiple
jurisdictions, each with its own set of regulations and compliance requirements. Managing
compliance across different environments can be complex and challenging. Organizations
need to ensure they understand and adhere to the relevant compliance frameworks, industry
standards, and data protection regulations applicable to their data and operations.
• Complexity and integration: Hybrid cloud environments often involve integrating various
technologies, platforms, and services from multiple vendors. This complexity can lead
to interoperability issues, configuration challenges, and increased management overhead.
Organizations must carefully plan and design their hybrid cloud architecture, considering
integration requirements, data flows, and compatibility between different components.
• Dependency on network connectivity: Hybrid cloud environments heavily rely on network
connectivity between on-premises infrastructure and cloud services. Any disruptions or latency
in the network can impact application performance, availability, and data transfers. Organizations
need to ensure reliable network connectivity and have contingency plans in place to handle
potential network failures or slowdowns.
• Vendor lock-in: Depending on the specific services and platforms used in a hybrid cloud
environment, organizations may face the risk of vendor lock-in. Vendor lock-in occurs when
proprietary technologies, APIs, or data formats make it difficult to switch cloud providers or
migrate applications and data to another environment. It is important to carefully evaluate the
compatibility and portability of services and data between different cloud platforms to mitigate
this risk.
• Increased complexity in governance and management: Managing and governing hybrid cloud
environments can be more complex compared to traditional IT infrastructure or a single
cloud environment. Organizations need to establish clear policies, controls, and monitoring
mechanisms to ensure consistent governance, security, compliance, and performance across
the hybrid environment. This may require additional resources, specialized skills, and robust
management tools.
• Cost management: Hybrid cloud environments can introduce challenges in managing and
optimizing costs. Organizations need to carefully monitor and control usage, performance,
and resource allocation across the hybrid environment to avoid unexpected cost escalations.
Cost visibility, budgeting, and optimization practices are essential to ensure that the economic
benefits of the hybrid cloud are realized.
Addressing these risks requires a comprehensive strategy that includes
robust security measures, adherence to compliance requirements, careful
planning and architecture design, effective governance, and continuous
monitoring and optimization. Organizations should conduct thorough risk
68
Cloud and Zero-trust
assessments and work closely with cloud providers and experienced consultants
to mitigate the risks associated with hybrid cloud environments.
You might ask yourself why companies and organizations are using multiple
clouds when these risks are present? Even if the various cloud vendors slowly
integrate their various offerings with each other, limiting some of the above
risks, should the companies not have thought of that beforehand?
Figure 5.1: Multiple cloud deployments are the reality in many organizations, creating a
challenge when trying to implement zero-trust in application distributed across multiple clouds.
Yourself
Platform
This is the reality in many organizations. Figure 5.2 provides a few more
details on the underlying technologies needed to secure a complex cloud setup
and integrate it with an on-prem infrastructure.
69
Cloud and Zero-trust
Figure 5.2: Hybrid cloud, lie multi cloud, is a challenge when we are trying to implement zero-
trust in applications distributed across local data centres and different cloud vendors.
OFFICE 365
DROPBOX
SERVER
TRAFFIC
ERP
FIREWALL GITLAB
VMWARE
STORAGE
• Identity and access management (IAM): Implement strong authentication mechanisms, such
as multi-factor authentication (MFA) and identity-based access controls, across both on-
premises and cloud environments. Leverage centralized identity management systems, such
as Azure Active Directory (Azure AD), to ensure consistent user authentication and authorization
regardless of the location or resource being accessed.
• Network segmentation and micro segmentation: Apply network segmentation principles to
separate different segments of the hybrid cloud environment. Use firewalls, virtual private
networks (VPNs), and software-defined networking (SDN) solutions to establish secure
connections and enforce access controls between segments. Micro segmentation allows for
finer-grained access control within each segment, limiting lateral movement and reducing the
potential impact of a security breach.
• Encryption and data protection: Employ encryption techniques to protect data at rest and in
transit within the hybrid cloud environment. Utilize technologies like transport layer security
(TLS) for secure communication between on-premises and cloud components. Implement
encryption mechanisms, such as Azure Storage Service Encryption and Azure Disk Encryption,
to safeguard data stored in cloud services.
• Zero-trust networking: Adopt zero-trust networking principles in the hybrid cloud environment
by implementing solutions such as software-defined perimeter (SDP) or Zero Trust Network
Access (ZTNA). These technologies enable granular access controls based on user identity,
70
Cloud and Zero-trust
device posture, and contextual factors, ensuring that every connection and access request is
explicitly verified and authorized.
• Continuous monitoring and analytics: Implement robust monitoring and analytics capabilities
to detect anomalies and potential security threats within the hybrid cloud environment. Utilize
tools like Azure Security Center, Azure Sentinel, or third-party security information and event
management (SIEM) solutions to collect and analyze logs, detect suspicious activities, and
enable real-time threat detection and response.
• Security automation and orchestration: Leverage automation and orchestration tools to enforce
security policies, manage access controls, and respond to security incidents in a timely
manner. Use tools like Azure Policy, Azure Automation, or infrastructure-as-code (IaC) practices
to automate the deployment and configuration of security controls across the hybrid cloud
environment.
• Regular security assessments and audits: Conduct regular security assessments and audits to
identify vulnerabilities, evaluate the effectiveness of security controls, and ensure compliance
with industry standards and regulations. Perform penetration testing, vulnerability scanning, and
code reviews to identify and remediate potential weaknesses in the hybrid cloud infrastructure.
Integrating zero-trust principles into the design and operation of hybrid
cloud environments, organizations can establish a robust security posture that
mitigates risks and enhances data protection across both on-premises and cloud
environments. It is important to consider the specific needs and characteristics
of hybrid cloud deployment and work closely with cloud service providers and
security experts to ensure a comprehensive and effective implementation of
zero trust.
71
CHAPTER
5G and Zero-trust
The first question that will enter your mind about a chapter on 5G and mobile
networks, is why? Am I right? Well, many vendors, like Cisco from Chapter 3,
will allow private organizations and companies to create their own 5G networks,
for their own purposes. Industrial infrastructure, like OT from Chapter 5 can
benefit from such a private 5G network infrastructure. In this chapter, I will
again use Cisco as the example vendor, and again, this is not the only vendor
out there that can help you establish a private 5G network infrastructure.
73
5G and Zero-trust
• Massive connectivity.
• High availability.
• Dense coverage.
• Low energy consumption.
There are security focused “expert teams” that are a part of many
organizations driving 5G architectures. 3GPP and NGMN are two such
organizations. This is empowering key 5G security topics into the broader
5G architecture evolution. These topics include authentication, encryption,
placement of security controls and sources of visibility. This is all driven by
a set of new use cases that drive the 5G architecture.
74
5G and Zero-trust
on mobile devices. The focus in 3G/4G was more on mobile broadband for
consumers and enterprises.
At the same time new sets of use cases are being introduced that are going to
throw up new sets of challenges, complexities and threats. The new 5G network
will help operators manage current needs as well as gear up for new needs
of the upcoming new use cases. 5G is not just going to be about high-speed
data connections for enhanced mobile broadband but will enable several new
capabilities that can cater to several new enterprise use cases. Securing the
“enterprise network slice” presents several new challenges required to securely
deliver the outcomes that enterprises that use 5G require, both operationally
and by regulatory control. 5G will not just be about serving consumer and
enterprise subscribers with high throughput connectivity.
75
5G and Zero-trust
• Building trust: 5G networks will only be adopted by consumers and businesses if they trust the
networks to be secure. Security is essential to building this trust and ensuring that 5G is widely
adopted.
• Meeting regulatory requirements: 5G networks will be subject to strict regulatory requirements,
such as those related to data privacy and cybersecurity. Security is important to ensure that these
requirements are met and that organizations are not subject to fines or other penalties.
5G security refers to the protection of networks, devices, and data from
unauthorized access, attack, or damage in the fifth generation (5G) cellular
network. Here is a summary of key points related to 5G security:
1. 5G networks use advanced technologies like virtualization, software-defined networking (SDN),
and network slicing to offer high-speed, low-latency connectivity. However, these technologies
also introduce new security risks that need to be addressed.
2. Some of the key security risks in 5G networks include attacks on the radio access network (RAN),
unauthorized access to network functions, and data breaches. These risks can be mitigated
through a combination of technical and procedural measures.
3. 5G networks also introduce new security challenges related to the use of IoT devices, which can
be more vulnerable to attack than traditional devices. To address these challenges, security must
be built into the design of IoT devices and networks from the outset.
4. The 5G security architecture includes a range of security functions such as encryption, access
control, authentication, and network segmentation. These functions work together to protect the
network, devices, and data from various security threats.
5. 5G security standards are being developed by various organizations, including the 3rd
Generation Partnership Project (3GPP), the International Telecommunication Union (ITU), and
the National Institute of Standards and Technology (NIST). Compliance with these standards can
help ensure that 5G networks are secure and reliable.
6. To ensure the security of 5G networks, it is important for stakeholders to collaborate and share
information about security threats and best practices. This includes network operators, device
manufacturers, government agencies, and security researchers.
Point 3 on IoT device security is especially poignant to zero trust, when
speaking of 5G security, because of the heterogeneity of the devices that can
connect to a 5G infrastructure. 5G touches almost every aspect of the way we
live our lives. It’s not just about faster, bigger or better, it’s about utilizing 5G
as an enabler to a series of services that we all will consume in every aspect of
our lives.
76
5G and Zero-trust
service providers to evolve towards new business models that may result in
future modes of operation that are very different from those of today. This
presents a problem from the viewpoint of securing such a network. The need
to be flexible increases the threat surface of the network.
Cisco has several security technologies that can be used to secure 5G networks.
Here are some examples:
77
5G and Zero-trust
• Cisco Ultra Services Platform: This is a cloud-native platform that provides a secure and scalable
architecture for deploying 5G services. It includes built-in security features such as encryption,
firewall, and identity and access management.
• Cisco Stealthwatch: This is a network security analytics and visibility solution that can help
detect and respond to security threats in real-time. It uses advanced machine learning algorithms
to analyze network traffic and identify anomalies.
• Cisco TrustSec: This is a policy-based access control solution that provides secure access
to network resources. It uses identity-based policies to ensure that only authorized users and
devices can access sensitive data and applications.
• Cisco AnyConnect: This is a secure mobility client that provides VPN access to corporate
resources. It can be used to securely connect remote workers and devices to the 5G network.
• Cisco SecureX: This is a cloud-native platform that provides integrated security capabilities
across Cisco’s security portfolio. It can be used to manage and orchestrate security policies
across multiple security products, including those used to secure 5G networks.
There are three main groupings of components in the solution that are
relevant to security architecture. These groupings include:
• Enterprise premises: Cisco edge node and radio components are housed on enterprise premises.
The edge node hosts packet core components, as well as agents that enable secure connectivity
to the cloud. Radio components include remote radio heads as well as centralized and distributed
units depending on the model of radio being deployed. Enterprise premises components are
responsible for the following capabilities:
◦ Data connectivity from device to the enterprise network
◦ Interface to the radio access network
◦ Interface to the enterprise access network
◦ Access management and session management functionality of the 5G core.
• Cisco Control Center: Housed on Cisco-provided cloud, this is responsible for subscriber
management, secure device lifecycle management, and management/operations user interfaces
and APIs. Specific capabilities include:
◦ Enterprise ID and policy registered during onboarding, unique Enterprise ID
generated to tag all enterprise-related info
◦ Multitenant environment, Enterprise ID used to identify tenancy
◦ Subscriber data – device and SIM info
◦ Authentication credentials
◦ Management access
◦ Key performance indicators (KPIs) and metrics
◦ Usage records
◦ Location information
◦ Deployment configuration data per enterprise.
78
5G and Zero-trust
• Edge orchestration: Offered through Cisco Control Center with functions hosted either on the
Cisco private cloud or on the public cloud to expand the geographic footprint of the Control
Center. Capabilities that are hosted on public cloud include:
◦ Multi-tenant environment, Enterprise ID used to identify tenancy.
◦ Management access
◦ KPIs and metrics
◦ Software images
◦ Deployment configuration
◦ Configuration backups.
79
5G and Zero-trust
data protection, organizations can create a secure and resilient 5G network that
can support their business objectives.
A few more details on the threats that a private 5G infrastructure will bring
to the table are in order:
1. Increased attack surface: 5G networks will connect more devices and generate more data than
previous networks, which will increase the attack surface for cybercriminals. Zero-trust security
can help address this challenge by assuming that all devices and users are untrustworthy by
default and verifying their identity and access privileges before allowing them to access network
resources.
2. Dynamic network architecture: 5G networks will be more dynamic than previous networks, with
the ability to dynamically allocate network resources based on demand. This means that security
policies and controls must also be dynamic, and zero-trust security can help ensure that security
policies and controls are continually updated to reflect changes in the network.
3. User-centric security: 5G networks will support a range of different devices and user types,
including mobile devices, IoT devices, and remote workers. Zero-trust security can help ensure
that security policies and controls are user-centric and consider the identity and context of each
user and device that accesses the network.
4. Micro-segmentation: 5G networks will support network slicing, which allows multiple virtual
networks to be created on a single physical network infrastructure. Zero-trust security can help
ensure that each network slice is segmented and isolated from other network slices, and that
access controls are enforced between network slices based on policy.
5. Threat detection and response: 5G networks will generate a large volume of data, which can
be analyzed using machine learning and other advanced analytics techniques to detect security
threats in real-time. Zero-trust security can help ensure that security incidents are detected and
responded to in a timely manner, by continuously monitoring the network for security threats
and using analytics to identify anomalous behavior.
If you remember back to the chapter on zero-trust at the networking layer of
our infrastructures, you will recognize many of the steps from there are repeated
here. The technology is different from what we are used to at the networking
layer, but the steps to protect are the exact same as for wireless and cabled
networking!
80
5G and Zero-trust
networks, but the use of 5G networks will connect them to a larger ecosystem of devices and
networks, creating new vulnerabilities that must be addressed.
3. Compliance and regulations: Many industries that use OT systems are subject to strict
compliance requirements and regulations, such as NERC CIP for the electric industry and NIST
SP 800-82 for critical infrastructure protection. Failure to secure 5G networks that connect OT
systems can result in non-compliance with these regulations, which can result in significant
financial penalties and reputational damage.
4. High reliability and availability: OT systems require high reliability and availability to ensure the
continuous operation of critical infrastructure. Any security incidents that affect these systems
can result in downtime, loss of service, or even physical harm to people or the environment.
5G security must be designed to ensure that security incidents do not affect the availability and
reliability of OT systems.
Remember, 5G is a wireless technology and wireless signals propagate,
unlike the traditional cabled networking infrastructures. This makes the 5G
signals vulnerable to interference from outside parties and malicious attack.
81
CHAPTER
Zero-trust Governance/Compliance
83
Zero-trust Governance/Compliance
5. Application and endpoint security: Zero-trust governance requires that all applications and
endpoints, including mobile devices and cloud-based systems, are secured to prevent
unauthorized access and data breaches. This includes implementing security solutions such
as endpoint protection platforms (EPP) and mobile device management (MDM) solutions.
6. Continuous compliance: Zero-trust governance requires continuous compliance with security
and regulatory requirements to ensure that the network remains secure. This involves regularly
auditing network security and compliance, as well as updating security policies and procedures
to reflect changes in the security landscape.
7. Risk assessment and management: Zero-trust governance requires regular risk assessment
and management to identify and address potential security threats. This involves
conducting regular security assessments to identify potential vulnerabilities, as well as
implementing risk management processes to prioritize and address the most critical security
risks.
Like in most of the other chapters, for core guidance on the various steps in
governance and compliance for zero-trust is Figure 7.1.
84
Zero-trust Governance/Compliance
1. Security information and event management (SIEM) systems: SIEM systems aggregate and
analyze log data from multiple sources, including firewalls, intrusion detection systems,
and servers, to provide real-time visibility into network activity and detect potential security
threats.
2. Intrusion detection and prevention systems (IDPS): IDPS systems monitor network traffic in
real-time and alert administrators to potential security threats, such as malware infections or
unauthorized access attempts.
3. Endpoint detection and response (EDR) systems: EDR systems monitor the activity on individual
endpoints, such as laptops and mobile devices, to detect and respond to potential security
threats, such as malware infections or unauthorized access attempts.
4. Network access control (NAC) systems: NAC systems monitor the activity of devices attempting
to connect to the network, and restrict access based on the device’s identity, security posture,
and network location.
5. User and entity behavior analytics (UEBA) systems: UEBA systems use machine learning
algorithms to analyze the activity of users and entities within the network, and detect and respond
to potential security threats, such as insider threats or account compromises.
85
Zero-trust Governance/Compliance
Ef Sec
fec ur
tiv ity
en
es
s
ent
s
Busines
Measuring
Enablem
Zero Trust
rity
e cu city
S pli
Sim
86
Zero-trust Governance/Compliance
87
Zero-trust Governance/Compliance
3. Risk management: ISO/IEC 27001 provides guidance on the management of information security
risks, including the identification and assessment of risks, the development of risk mitigation
plans, and the implementation of risk management processes.
4. Cryptographic controls: ISO/IEC 27001 provides guidance on the use of cryptographic controls
to protect sensitive information, including the use of encryption algorithms and the management
of encryption keys.
7.3 SABSA
1. Identity and access management: SABSA provides guidance on the implementation of identity
and access management controls, including the use of authentication mechanisms and the
implementation of access control systems.
2. Network security: SABSA provides guidance on the implementation of network security controls,
including the use of firewalls, intrusion detection systems, and virtual private networks (VPNs).
3. Data security: SABSA provides guidance on the implementation of data security controls,
including the use of encryption algorithms, data backup and recovery systems, and data loss
prevention systems.
88
Zero-trust Governance/Compliance
7.4 TOGAF
89
Zero-trust Governance/Compliance
Like the ones above, the zero-trust security model can be integrated with
the TOGAF framework to provide a comprehensive approach to information
security. This includes software development efforts, in which TOGAF is a
strong framework!
7.5 NIST
NIST has published several guidelines and standards that can be used to
implement a zero-trust security model, including NIST SP 800-53, NIST SP 800
63, and NIST SP 800-171.
The zero-trust security model aligns well with the NIST framework and its
guidance on implementing a risk-based approach to information security. By
incorporating the principles and practices of the zero-trust security model into
the information security framework provided by NIST, organizations can reduce
the risk of security incidents and protect sensitive information from potential
threats.
NIST was the first organization that came up with a concrete set of guidance
for zero-trust architecture, in the form of the document 800-207, we look at that
one next.
90
Zero-trust Governance/Compliance
1. Identity and access management: This section provides guidance on the implementation of
identity and access management controls, including multi-factor authentication, password
management, and the use of identity management systems.
2. Network security: This section provides guidance on the design and implementation of network
security controls, including firewalls, intrusion detection systems, and virtual private networks
(VPNs).
3. Data security: This section provides guidance on the implementation of data security controls,
including data encryption, data loss prevention (DLP), and data backup and recovery.
4. Endpoint security: This section provides guidance on the implementation of endpoint security
controls, including antivirus software, endpoint detection and response (EDR) systems, and
device management systems.
5. Application security: This section provides guidance on the implementation of application
security controls, including web application firewalls (WAFs), application whitelisting, and the
implementation of secure software development practices.
6. Incident response: This section provides guidance on the design and implementation of incident
response plans, including the creation of incident response teams, the development of incident
response procedures, and the use of incident response tools.
91
Zero-trust Governance/Compliance
7.7 HIPAA
92
Zero-trust Governance/Compliance
7.8 CIS 18
CIS (Center for Internet Security) Controls version 18 is a set of best practices
designed to help organizations improve their cybersecurity posture. The CIS
Controls provide a prioritized list of cybersecurity actions that organizations
can take to reduce their risk of cyber-attacks.
Zero trust can be a useful framework for implementing some of the CIS
Controls, such as Control 5, which focuses on limiting access to sensitive data
and systems. By implementing a zero-trust model, organizations can ensure that
only authorized individuals or devices can access sensitive data and systems,
which can help to reduce the risk of cyber-attacks.
93
Zero-trust Governance/Compliance
PCI DSS (Payment Card Industry Data Security Standard) and zero-trust are two
distinct but related concepts in the field of cybersecurity. Here’s an overview of
each concept:
94
Zero-trust Governance/Compliance
95
Zero-trust Governance/Compliance
It might seem strange to talk about tooling in a governance chapter, but a lot
of the tools needed for a zero-trust implementation have their own governance
needs.
In the case of VPN, I have found implementations out there using vulnerable
encryption algorithms, because the VPNs have not been maintained regularly.
Both cases are textbook examples of weak processes and governance for the
infrastructure.
96
Zero-trust Governance/Compliance
No, I am not going to begin talking about zero-trust in a cyber war context, but
the original treatise from Sun Tzu does contain some good advice, as it relates
to cybersecurity. War is conflict, and cybersecurity is a conflict between us, the
defenders, and the attackers that want to compromise our security. This makes
the original work relevant in a modern cybersecurity context.
97
Zero-trust Governance/Compliance
1. Know your enemy: In the context of zero-trust, it is important to understand the types of threats
and attack vectors that exist, so that organizations can implement appropriate security controls
and respond to incidents in a timely manner.
2. Plan and prepare for the worst-case scenario: Organizations should plan for potential security
incidents and prepare for the worst-case scenario by implementing incident response plans,
training employees on security best practices, and regularly reviewing and updating security
policies and procedures.
3. Anticipate your opponent’s moves: By continuously monitoring and assessing the effectiveness
of security controls, organizations can anticipate potential security incidents and respond to
them before they cause significant harm.
4. Be flexible and adaptable: The security landscape is constantly evolving, and organizations
must be flexible and adaptable in order to stay ahead of potential threats. Regularly monitoring,
assessing, and improving security controls and processes can help organizations maintain a
zero-trust security model in the face of evolving threats.
5. Use deception: In a zero-trust security model, organizations can use deception to mislead
potential attackers and protect sensitive information. For example, organizations can use
honeypots, decoy systems, and fake data to distract and mislead potential attackers.
This concludes this chapter on governance and compliance for zero trust. Please
do not underestimate the importance of the principles outlined here! Good
governance benefits, not just cybersecurity, but the business and organization
overall.
98
CHAPTER
OT Zero-trust Security
Before doing that, however, I will spend a few lines explaining the
importance of security for the OT infrastructures in use around the world.
Operational technology (OT) refers to the hardware and software systems
used to control and monitor industrial processes, physical infrastructure, and
production facilities. It is a business-critical component of many industries, such
as manufacturing, energy, transportation, and communication.
99
OT Zero-trust Security
The one of the most recent examples of a critical OT system getting attacked
and made unavailable for the purpose it was designed for is the Colonial Oil
Pipeline attack that happened back in May of 2021, which resulted in long
queues at the petrol stations around the United States. Attacks against OT
systems will in many cases have an immediate and serious impact on societies.
Hence the importance of cybersecurity of OT infrastructures.
8.1 Terminology
Before beginning the zero-trust part of this chapter, I will begin by establishing
some of the terminology of OT, for those of you that are new to cybersecurity
within OT infrastructures. The most common terms are listed in Table 8.1.
Term Explanation
SCADA Supervisory control and data acquisition (SCADA) is a control system architecture comprising
computers, networked data communications and graphical user interfaces for high-level
supervision of machines and processes. It also covers sensors and other devices, such as
programmable logic controllers, which interface with process plant or machinery.
ICS An industrial control system (ICS) is an electronic control system and associated
instrumentation used for industrial process control. Control systems can range in size from a few
modular panel-mounted controllers to large interconnected and interactive distributed control
systems (DCSs) with many thousands of field connections. Control systems receive data from
remote sensors measuring process variables (PVs), compare the collected data with desired
setpoints (SPs), and derive command functions that are used to control a process through the
final control elements (FCEs), such as control valves.
100
OT Zero-trust Security
Term Explanation
OT Operational technology (OT) is hardware and software that detects or causes a change,
through the direct monitoring and/or control of industrial equipment, assets, processes and
events. The term has become established to demonstrate the technological and functional
differences between traditional information technology (IT) systems and industrial control
systems environment, the so-called "IT in the non-carpeted areas".
IIoT The industrial internet of things (IIoT) refers to interconnected sensors, instruments, and other
devices networked together with computers’ industrial applications, including manufacturing
and energy management. This connectivity allows for data collection, exchange, and analysis,
potentially facilitating improvements in productivity and efficiency as well as other economic
benefits. The IIoT is an evolution of a distributed control system (DCS) that allows for a higher
degree of automation by using cloud computing to refine and optimize the process controls.
DCS A distributed control system (DCS) is a computerized control system for a process or plant
usually with many control loops, in which autonomous controllers are distributed throughout
the system, but there is no central operator supervisory control. This contrasts with systems
that use centralized controllers; either discrete controllers located at a central control room or
within a central computer. The DCS concept increases reliability and reduces installation costs
by localizing control functions near the process plant, with remote monitoring and supervision.
The PLC component of OT became infamous back in 2010 with the Stuxnet
attack, since this was the main component attacked at the Iranian nuclear
facility. You can see an example of a PLC in Figure 8.1.
Figure 8.1: PLCs are the worker units in an OT infrastructure and must be protected from
malicious traffic, since many of them are old and not designed for today’s threats.
101
OT Zero-trust Security
Protocol Explanation
Modbus Modbus is a data communications protocol originally published by Modicon (now Schneider
Electric) in 1979 for use with its programmable logic controllers (PLCs). Modbus has become
a de facto standard communication protocol and is now a commonly available means of
connecting industrial electronic devices.
Profinet Profinet (usually styled as PROFINET, as a portmanteau for process field network) is an industry
technical standard for data communication over industrial Ethernet, designed for collecting data
from, and controlling equipment in, industrial systems, with a particular strength in delivering
data under tight time constraints. The standard is maintained and supported by Profibus and
Profinet International, an umbrella organization headquartered in Karlsruhe, Germany.
OSGP The Open Smart Grid Protocol (OSGP) is a family of specifications published by the European
Telecommunications Standards Institute (ETSI) used in conjunction with the ISO/IEC 14908
control networking standard for smart grid applications. OSGP is optimized to provide reliable
and efficient delivery of command-and-control information for smart meters, direct load control
modules, solar panels, gateways, and other smart grid devices. With over 5 million OSGP based
smart meters and devices deployed worldwide it is one of the most widely used smart meter
and smart grid device networking standards.
Instabus Instabus, is a decentralized open system to manage and control electrical devices within a
facility. It was developed by Berker, Gira, Jung, Merten and Siemens AG. There are about 200
companies of electrical supplies using this communication protocol. The European Installation
Bus (EIB) allows all electrical components to be interconnected through an electrical bus. Every
component is able to send commands to other components, no matter where they are. A typical
EIB network is made of electrical components such as switches, pulsers, electric motors, electro
valves, contactors, and sensors.
There are many, many more protocols than the ones listed above, and
although the industry is slowly but surely moving to Ethernet as the underlying
protocol for communication with devices in an OT infrastructure, legacy
communication will persist in many OT infrastructures for many years, due
to the length of time a production plant will exist, before the technology gets
upgraded.
8.2 IT/OT
The reason for the focus in recent years, on the vulnerabilities of OT, is because
of the integration that is rapidly happening between IT and OT infrastructures
(Figure 8.3). This integration makes it possible for nefarious hackers to make
the jump from the regular IT systems, to attack the OT infrastructures. This,
along with the fact that in many cases IT is being used to manage and measure
102
OT Zero-trust Security
OT refers to systems that are used to monitor and control physical processes
in industries such as manufacturing, energy, and transportation. These systems
are often embedded in physical devices such as sensors, controllers, and
actuators. Examples of OT systems include industrial control systems (ICS),
supervisory control and data acquisition (SCADA) systems, and programmable
logic controllers (PLC).
IT, on the other hand, refers to systems used for data processing, storage,
and communication. IT systems include desktop computers, servers, networks,
and software applications.
Because OT and IT systems have different purposes and functions, they have
different cybersecurity requirements (Figure 8.2). OT systems are designed to
be highly reliable and available, but they may not have strong security measures
in place. IT systems, on the other hand, are often designed with strong security
measures in mind, but they may not be optimized for reliability and availability.
Figure 8.2: The recent integration between OT and IT has created a new set of threats that
cybersecurity professionals must account for.
103
OT Zero-trust Security
Note that many of the steps above mirror the ones we are used to in an
IT environment. It is because of the lifetime of OT equipment that we cannot
just apply these steps to all of the legacy equipment in use out in the world.
The OT vendors have begun creating equipment that can be protected with the
usual steps we know from IT, patching and the like, but we will for many years
104
OT Zero-trust Security
Figure 8.3: Integration OT and IT creates complexity, and this complexity must be managed in
order for us to secure the OT environments.
105
OT Zero-trust Security
Level 1: The control level, which monitors and controls the physical process.
Level 2: The supervisory level, which oversees the control level and provides
information to higher levels.
Level 3: The production planning level, which plans and schedules the
production process.
Level 4: The business planning level, which handles the overall business
strategy and goals.
The levels are connected by a communication network that allows for the
exchange of data and information between them. The network may include
various protocols and technologies, such as Ethernet, TCP/IP, and OPC.
Overall, PERA is a useful tool for organizations that want to optimize their
industrial automation systems and improve their operational efficiency.
106
OT Zero-trust Security
IEC 62443 consists of a series of standards and technical reports that provide
guidelines for implementing cybersecurity measures in IACS. The standard
covers various aspects of cybersecurity, including risk assessment, security
policies, network security, access control, and incident response.
The standard defines four levels of security, with each level representing a
different degree of cybersecurity. The levels are as follows:
Level 1: Basic security measures, suitable for systems with low cybersecurity
requirements.
Level 3: High security measures, suitable for systems with high cybersecurity
requirements.
Level 4: Very high security measures, suitable for systems with extremely
high cybersecurity requirements.
8.4 OT Zero-Trust
107
OT Zero-trust Security
can help to prevent unauthorized access to sensitive information, such as intellectual property,
trade secrets, or personal information.
4. Visibility and monitoring: Zero-trust provides visibility and monitoring capabilities that can help
to detect and respond to security incidents in real time. This can help to prevent or limit the
impact of security breaches and ensure that critical OT systems remain operational.
5. Compliance: OT environments are often subject to strict regulations and compliance
requirements, such as the North American Electric Reliability Corporation Critical Infrastructure
Protection (NERC CIP) standards. Zero trust can help organizations to meet these requirements
by providing a comprehensive security framework that addresses key security principles, such
as authentication, authorization, and accountability.
Zero-trust security is becoming increasingly important in operational
technology (OT) environments because of the unique security risks posed by
these systems. Unlike traditional IT networks, OT systems are often more
vulnerable to cyber-attacks because they were not designed with security in
mind and in many cases rely on outdated technology.
The Purdue Enterprise Reference Architecture (PERA) and zero trust are two
different concepts that can be used together to improve the cybersecurity of
industrial automation systems.
108
OT Zero-trust Security
Zero trust, on the other hand, is a security model that assumes that all
devices, users, and processes are potentially malicious and should not be trusted
by default. Under the zero-trust model, access to resources is only granted
after proper authentication and authorization, and all access requests are
continuously monitored and analyzed for potential threats.
In this approach, each level of the system would have its own security
perimeter, and access between those perimeters would only be granted after
proper authentication and authorization. This helps to reduce the risk of
unauthorized access or data breaches, and it also makes it easier to identify
and contain potential threats.
Overall, the combination of PERA and zero trust can provide a powerful and
effective approach to securing industrial automation systems and protecting
critical infrastructure from cyber-attacks.
1. Identify systems and assets: Identify all IACS systems and assets in the environment and classify
them according to the PERA model. This will help to determine the appropriate security controls
and access requirements for each system and asset.
2. Conduct a risk assessment: Conduct a risk assessment to identify potential threats and
vulnerabilities to the IACS environment. This will help to determine the appropriate security
controls and access requirements needed to mitigate identified risks.
3. Establish security requirements: Use the PERA model to establish security requirements for each
level of the IACS environment, based on the identified risks and assets. This should include a
zero-trust security model that requires authentication and authorization for all access to sensitive
systems and data.
4. Implement a zero-trust security model: Implement a zero-trust security model that includes the
following:
• Strong authentication mechanisms, such as multi-factor authentication, for all
users and devices.
• Role-based access controls to ensure that users have only the access they need
to perform their jobs.
• Network segmentation to limit access between systems and networks, and to
isolate critical systems from less critical ones.
• Monitoring and analyzing all traffic in the IACS environment for anomalous
behavior or suspicious activity.
109
OT Zero-trust Security
• Using encryption and other security technologies to protect data in transit and at
rest.
• Test and validate: Test and validate the security measures implemented in the IACS
environment to ensure that they are effective and meet the security requirements
established in step 3.
By using the PERA model to establish security requirements and
implementing a zero-trust security model in IACS environments, organizations
can help ensure that their critical infrastructure and industrial processes
remain secure and reliable.
IEC 62443 and zero trust are two approaches to cybersecurity that can be used
together to provide a comprehensive security solution.
Zero trust, on the other hand, is a security model that assumes that all users,
devices, and network traffic are potentially malicious, and requires verification
of all access requests regardless of whether they are coming from inside or
outside the network perimeter. This approach helps to minimize the attack
surface by only granting access on a need-to-know basis and using strong
authentication and encryption.
When used together, IEC 62443 and zero trust can provide a strong
defense-in-depth approach to cybersecurity. IEC 62443 provides a framework
for securing IACS systems, while zero trust provides a methodology for
implementing a strong access control model that assumes that all users and
devices are potentially malicious.
Some key considerations for implementing IEC 62443 and zero trust
together include:
• Conducting a risk assessment to identify the key assets and threats to IACS systems.
• Implementing a defense-in-depth strategy that includes both network and system security
measures.
• Segregating IACS networks from enterprise networks to reduce the attack surface.
• Using strong access controls and authentication mechanisms, such as multi-factor
authentication, to verify all access requests.
110
OT Zero-trust Security
• Implementing strong encryption mechanisms to protect sensitive data and network traffic.
• Regularly monitoring and auditing access requests and system activity to detect anomalies and
potential threats.
By using IEC 62433 as a framework for establishing security requirements
and implementing a zero-trust security model, organizations can help ensure
that their OT environments are protected against cyber threats and that critical
infrastructure and industrial processes remain secure and reliable.
There is a significant overlap between the Purdue model and IEC 62443,
but the most modern and well-maintained framework is the IEC 62443 one, and
it is this framework that is the main focus for both vendors and organizations
challenged with the new focus on cybersecurity for OT infrastructures.
111
OT Zero-trust Security
8.5.2 GIAC
GIAC has for many years been seen as a core certification/training provider
for serious cyber professionals, and they of course have certifications on OT
security as well:
• Global Industrial Cyber Security Professional (GICSP)
◦ Industrial control system components, purposes, deployments, significant
drivers, and constraints
◦ Control system attack surfaces, methods, and tools
◦ Control system approaches to system and network defense architectures and
techniques
◦ Incident-response skills in a control system environment
◦ Governance models and resources for industrial cybersecurity professionals.
• GIAC Response and Industrial Defense (GRID)
◦ Active Defense Concepts and Application, Detection and Analysis in an ICS
environment
◦ Discovery and Monitoring in an ICS environment, ICS-focused Digital Forensics,
and ICS-focused Incident Response
◦ Malware Analysis Techniques, Threat Analysis in an ICS environment, and Threat
Intelligence Fundamentals.
• GIAC Critical Infrastructure Protection (GCIP)
◦ BES cyber system identification and strategies for lowering their impact rating
◦ Nuances of NERC defined terms and CIP standards applicability
◦ Strategic implementation approaches for supporting technologies
◦ Recurring tasks and strategies for CIP program maintenance.
The above certifications and training are vendor neutral, but there is
cybersecurity specific training available from most of the OT vendors out there
focusing on their own equipment. Depending on the organization where you
might become responsible for the security of the OT infrastructure, these
courses might provide value to you as well!
112
CHAPTER
Next Steps
This book has touched on many, many subjects, all of which are important to a
zero-trust project. I hope that you have gotten the message of the complexity
of implementing zero trust in an existing infrastructure. That is not to say that
the effort is not worth the resources, time and money needed, not at all! Let’s
review the topics we have been looking into.
9.1 Cisco
113
Next Steps
• Analytics and automation: Cisco offers solutions such as Cisco SecureX that provide analytics
and automation capabilities. These solutions can help organizations to identify security threats
and automate responses to security incidents, improving the overall security posture.
• Integration: Cisco offers solutions that integrate with other security technologies, such as
firewalls and endpoint protection, to provide a comprehensive zero-trust security framework.
Cisco is a leading provider of networking solutions, and its solutions can
be used to implement the networking layer of a zero-trust security model.
The networking layer of zero trust is focused on implementing network
segmentation and micro-segmentation to limit access to specific resources and
data.
1. Comprehensive solutions: Cisco offers a range of solutions that can be used to implement
network segmentation and micro-segmentation, including Software-Defined Access (SD-
Access) and Cisco TrustSec. These solutions are designed to provide granular access control
and protect against unauthorized access to network resources and data.
2. Identity-based access control: Cisco solutions such as Cisco Identity Services Engine (ISE)
and Cisco Duo provide identity-based access control, which can verify the identity of users and
devices before granting access to the network. This helps to ensure that only authorized users
and devices are accessing network resources.
3. Continuous monitoring: Cisco solutions such as Cisco Stealthwatch provide continuous
monitoring of the network. These solutions can detect and respond to security incidents in real
time, helping organizations to prevent or limit the impact of security breaches.
4. Integration: Cisco solutions integrate with other security technologies, such as firewalls and
endpoint protection, to provide a comprehensive zero-trust security framework. This allows
organizations to leverage their existing security investments and build a more effective security
architecture.
5. Experience and expertise: Cisco have a wealth of experience and expertise in networking and
security, and its solutions are widely used by organizations around the world. This means that
organizations can rely on Cisco for support and expertise in implementing zero-trust security at
the networking layer.
9.2 Microsoft/Cloud
I have touched on multiple Microsoft tools in this book, most prominently Azure
AD and Azure itself. Microsoft provides a range of solutions that can be used to
implement a zero-trust security model. These solutions are designed to provide
granular access control and protect against unauthorized access to network
resources and data.
• Identity and access management: Microsoft offers solutions such as Azure Active Directory (AD)
and Microsoft Identity Manager (MIM) that provide identity and access management capabilities.
114
Next Steps
These solutions can help to verify the identity of users and devices before granting access to
network resources.
• Conditional access: Microsoft offers conditional access capabilities within Azure AD, which
allows organizations to control access to resources based on risk and compliance policies. This
helps to ensure that only authorized users and devices are accessing network resources.
• Endpoint protection: Microsoft offers solutions such as Microsoft Defender for Endpoint that
provide endpoint protection capabilities. These solutions can detect and respond to security
threats on endpoints, helping to prevent or limit the impact of security breaches.
• Cloud security: Microsoft provides a range of cloud security solutions, such as Azure Security
Center and Microsoft Cloud App Security, that can be used to implement zero trust in cloud
environments. These solutions provide visibility and control over cloud resources and data,
helping to ensure that they are secure.
• Integration: Microsoft solutions integrate with other security technologies, such as firewalls
and endpoint protection, to provide a comprehensive zero-trust security framework. This allows
organizations to leverage their existing security investments and build a more effective security
architecture.
Most of the tools above can be used across the Microsoft cloud environment,
Azure, M365 and Dynamics 365. As mentioned in the chapter on Cloud and zero-
trust, many companies are utilizing multiple different clouds from different
vendors in their business environments. This presents some new challenges and
risks to businesses and organizations.
1. Lack of visibility: Multi-cloud environments can make it difficult to gain visibility of all of the
cloud resources that are being used by an organization. This can make it difficult to identify
security risks and respond to security incidents.
2. Complexity: Multi-cloud environments can be complex, with different cloud providers and
services having different security configurations and controls. This can make it challenging to
maintain a consistent security posture across all cloud resources.
3. Data protection: Multi-cloud environments can create challenges around data protection. Data
may be stored in different clouds, and it may be difficult to ensure consistent data protection
policies and controls across all clouds.
4. Compliance: Multi-cloud environments can create compliance challenges, as different clouds
may have different compliance requirements. It may be difficult to ensure that all clouds are
compliant with relevant regulations and standards.
5. Unauthorized access: Multi-cloud environments can be more vulnerable to unauthorized access,
as there may be more points of entry for attackers. It can be challenging to ensure that only
authorized users and devices are accessing cloud resources.
6. Cloud provider security: Cloud providers may have different levels of security, and it can be
challenging to ensure that they are all secure. Organizations may need to perform due diligence
on cloud providers to ensure that they have appropriate security controls in place.
Governance across multiple different clouds presents some challenges as
well, since in many cases the governance models differ between cloud vendors.
115
Next Steps
9.3 Governance
9.4 5G
116
Next Steps
networks to provide granular access control and ensure the security of network
resources and data. Here are some ways to implement zero trust in 5G networks:
• Network segmentation: Use network segmentation and micro-segmentation to limit access to
specific network resources based on user identity and device characteristics. This can help to
prevent unauthorized access and reduce the attack surface.
• Identity and access management: Implement a centralized identity and access management
(IAM) solution that provides strong authentication and authorization controls for all network
resources. This will help to ensure that only authorized users and devices are accessing network
resources.
• Continuous monitoring: Implement continuous monitoring of the network to detect and respond
to security incidents in real time. This can help to prevent or limit the impact of security breaches.
• Encryption and data protection: Implement encryption and data protection measures for network
resources to ensure that data is protected both in transit and at rest.
• Cloud access security brokers (CASBs): Implement a CASB solution that provides visibility and
control over cloud resources and data. This can help to ensure that cloud resources are being
used in a compliant and secure manner.
• Compliance: Implement compliance measures to ensure that the 5G network is meeting
regulatory requirements and industry standards. This includes implementing security controls,
such as encryption, and performing regular security audits and assessments.
117
Next Steps
118
Next Steps
6. Cloud-native zero trust: Cloud-native zero-trust solutions may emerge, providing a more cloud-
centric approach to zero-trust security. These solutions will likely focus on cloud-specific threats
and provide granular access control to cloud resources based on user identity and device
characteristics.
119
Index
121