Network Perimeter – The Wall is Coming Down. The Digital Revolution is driving an unprecedented level of connectivity outside the traditional Enterprise Network. Here are some examples that illustrate the point:

  • 68% of business application workload will be in the public cloud by 2020 – Cisco Global Cloud Index: Forecast and Methodology 2015-2020;
  • >80% of Global Knowledge workers connect from outside the network – PGI Global Telework Survey;
  • IoT devices and Operational Technology (OT) are connecting to IT Networks in large numbers, making it hard to know what’s connected to the network;
  • Eco-systems of suppliers, contractors, and partners are given system access for better collaboration and synchronization; and,
  • Within the next year, Gartner estimates that 25% of corporate data traffic will be bypassing perimeter security and flowing directly from mobile devices to the cloud

The Digital Age Challenge. In the Digital Age, identifying and protecting a static network perimeter is virtually impossible. Not surprisingly, per the 2018 Verizon Data Breach Report, the breach count continues to be sizable. To make things worse, 68% of intrusions studied by Verizon went undetected for months. The point is that bad actors are in the network whether or not you’ve detected them.

What’s the Problem? Traditionally, interactions with the network have occurred through local area networks (LANs), and wide area networks (WANs). Security in this environment is focused on protecting a perimeter with fire walls, network access controls, and virtual private networks (VPNs). Once a user or device gains access to the network, they are trusted to go anywhere inside the network perimeter. A classic exploit is to gain network access, then move laterally toward the intended target. Phishing attacks and insider threats play out this exploit.

The concept of protecting a static, secure network perimeter is ineffective for the modern digital environment. With the growth in cloud and mobile applications, and the proliferation of connected devices, the network perimeter is very dynamic. 

To overcome the challenge, a different paradigm has emerged based upon Zero Trust.

Zero Trust – There Is No Inside. Zero Trust is a paradigm shift from “trust, but verify” to “never trust, always verify”. The foundational thought is that there is no “inside the network”, meaning there is no safe boundary. The entire network is assumed to be compromised and hostile. In this paradigm, every user and device is equally untrusted. Each request for access to a resource or to data is evaluated to establish trust before access is granted. 

Making the Shift to Zero Trust. Changing the paradigm to execute Zero Trust takes time. In a previous post, I recommended focusing on the “protect surface”, an organization’s most vital functions and assets. This advice applies to implementing Zero Trust; start with the “crown jewels”.

There are four fundamental tenets to apply while implementing Zero Trust:

  • Authenticate-before-Connection - Verify identity before allowing connection. Ensure that only authenticated users and devices can access applications, resources, and data.
  • Limit Access – Based upon identity, adopt a “least privilege” strategy and strictly enforce access control to reduce excessive user privileges.
  • Raise Visibility - Inspect and log all network traffic for suspicious activity to improve security detection and response. Track who is accessing the network, from where, which applications, and at what time to understand real-time user behavior.
  • Secure the Edge to Anchor a Chain of Trust – Establish identity at the edge “where the data is born” to enable end-to-end security and provide a basis for authentication.

Any cybersecurity solution being evaluated or implemented should support these four tenets.

Six Must-Haves for a Secure Edge. Securing the edge device is the best way to anchor a chain of trust that supports a Zero Trust paradigm. There are six crucial elements to secure the edge:

  1. Hardware Root of Trust Identity – Since hardware is immutable (fixed), identity anchored in hardware provides strong validation for authentication, integrity, attestation, and tamper resistance. If the hardware is altered or swapped, access is denied.
  2. Secure Boot – Hardware enforces integrity and authenticity of embedded software. It assures the system is trustworthy and performing the intended functions.
  3. Secure Update – Hardware enforces integrity and authenticity of a secure update image. The source of the update image is authenticated prior to performing the update process. This ensures that updates to fielded products originate from only a trusted source.
  4. Trusted Execution Environment (TEE) – This is a secure area inside a main processor. It runs in parallel to the operating system, in an isolated environment. It guarantees that the code and data loaded in the TEE are protected with respect to confidentiality and integrity. The TEE is used for security sensitive operations.
  5. Secure Debug – Debug interface access is locked to prevent access to debug functionality, a state in which the device is most vulnerable. Only trusted/authorized resources can unlock the interface to gain access.
  6. Secure Communication – Mutual authentication between two end points provides confidentiality and integrity of data that’s being shared.

Making Trade-offs – Edge Performance vs. Security. Security isn’t free. Implementing security at an end point may require adding size and weight, drawing power away from other functions, and potentially adding cost. The answer to where to add security, and how much security to add, depends upon the performance requirements of the application and the level of security required. 

Figure 1 provides a way to think about it. The end point’s size, weight and power is more constrained than the cloud, leaving less capacity for security. At the same time, the end point has less to secure, making it ideal for better security. This is why it is so important to think about cybersecurity from a systems perspective. The answer to where and how much security may change within the context of trade-offs within the system. As a general concept, the goal is to secure the end point where it matters most, moving security away from the end point when it makes sense.

Figure 1. Edge to Cloud Trade-offs – The end point’s size, weight and power is more constrained than the cloud and it has less to secure. Simple (less to secure) is better for cybersecurity. 

Adoption – Not So fast. The concept of Zero Trust was introduced by Forrester Research in 2005. Although the concept has been around for over a decade, adoption hasn’t been universally embraced. The level of adoption hinges on recognizing the benefit over the perceived higher cost of implementing Zero Trust.

Implications. Adoption of a Zero Trust approach should accelerate as the lack of a defendable network perimeter amplifies cyber risk to a level well above what is acceptable to most organizations. This will tilt the cost-benefit analysis in favor of shifting to the Zero Trust paradigm. In the Digital Age, Zero Trust is a better way.

Our team at ADI is implementing solutions that secure the edge, and provide a trust flow based upon identity rooted in hardware, and authentication. Securing the edge is a game changer. Designing in the six cybersecurity must-haves is instrumental in securing the edge and enabling organizations to accelerate the pace of Digital Transformation

What Market Voices Are Saying. In the 2018 PwC Digital Trust Insights Survey of 3,000 business leaders, “81% of respondents say IoT is critical to at least some of their business. Only 39%, however, say they are very confident they are building sufficient “digital trust” controls— security, privacy and data ethics—into their adoption of IoT”. 

Shout Out to a Digital Freedom Fighter. To our Deterministic Ethernet and Cybersecurity Engineering Teams working on solutions to drive Ethernet to the edge, securely.