Last year, the government released Zero Trust guidelines to encourage the adoption of Zero Trust architectures. Let's take a closer look at what a Zero Trust architecture is and how WhaTap can be utilized in your environment!

Why Zero Trust?

The proliferation of mobile and cloud has created a remote work-from-home environment, and COVID-19 has accelerated the contactless society. The increasing number of users, devices, and equipment has made authorization management more complex and difficult to manage.

Attacks that take advantage of loopholes in perimeter security's implicit trust policy, such as insider collusion and privilege theft, have increased. The limitations of the perimeter-based security model are becoming apparent, and a new security paradigm is needed.

The Zero Trust Concept

Traditional perimeter-based security models start with the assumption that access requests (users, devices, etc.) inside the network are somewhat trustworthy. Zero Trust, on the other hand, starts with the assumption that hackers can be anywhere, inside or outside the network, and that all access requests are untrusted.

It separates and secures all data and computing services to be protected into their own resources, ensures that once access is granted to a resource, activity is limited to defined privileges, and limits penetration with continuous authentication when additional access to nearby resources is requested.

Zero Trust Architecture

Zero Trust is not a specific product suite or solution, but rather a security paradigm based on a common understanding across the entire organization. The philosophy of Zero Trust should be embedded in all existing and new solutions that are introduced into the enterprise network, and each individual solution should work together to continuously authenticate legitimate users of the enterprise network to inspire trust and granularly manage access to corporate resources.

Zero Trust Fundamental Philosophy

• No trust for any kind of access (allowing access to resources after explicit trust checks)
• Need consistent, centralized policy management and enforcement of access control decisions
• Management and strong authentication for users, devices
• Fine-grained access control (least privilege) with resource classification and management
• Create logical perimeters, allow session-level access, and apply communication protection techniques
• Continuous validation and control of reliability by monitoring all states, logging, etc.

Core principles for implementing Zero Trust

• Strengthen the authentication system (1, 2, 3, and 6 of the basic philosophies)
  • Establish an authentication policy with trustworthiness (judging the device used, asset status, environmental factors, access location, etc.
• Microsegmentation (2, 4, and 5 of the basic philosophies)
  • Placing development resources in a dedicated network zone protected by a secure gateway, and performing continuous trust validation on various access requests.
• Software-defined perimeter (1, 2, and 5 of the underlying philosophies)
  • Leveraging software-defined perimeter techniques to dynamically configure the network based on policy engine decisions, forming data channels for resource access after user endpoint trust is established

When adopting a Zero Trust architecture, three key principles must be set up and managed to ensure proper operation of the six underlying philosophies.

The impact of Zero Trust

Let's take a remote attack or insider threat scenario as an example.

If a malicious attacker uses internet-based malware to hijack a user's device, or if the attacker is an insider with malicious intent, the attacker can use legitimate user credentials to gain network access, elevate privileges, and move laterally to compromise data storage in a traditional corporate network environment. to compromise data storage, etc.

However, in a Zero Trust environment, forged user credentials and devices are assumed to be suspicious until proven legitimate, making lateral movement impossible. Even if an attacker is able to pass user credentials and device authentication, access to data is limited by security policies, roles, and other fine-grained access controls, making it difficult for them to work with sensitive data.

Continuous logging and monitoring of user behavior also allows for analysis, requiring additional authentication and dynamic access restrictions for suspicious users. Even if some compromise does occur, the range of resources impacted is reduced and a quick response is possible.

How WhaTap fits into a Zero Trust architecture

In a Zero Trust architecture, monitoring of all states is essential. All states include the various states of access entities (users and devices), resources (data, applications, servers, networks, cloud services, etc.), and policy servers. It is not just about monitoring logs, events, and so on, but about monitoring the integration of multiple modules, servers, services, and so on in an MSA environment.

This status information must be monitored to provide a numerical and visual picture of the current state, and logs must be available for detailed analysis and auditing later. Monitoring data and logs provide the basis for continuous verification of the trustworthiness of all currently accessing entities and corporate networks, and for dynamic management of access. This data needs to be stored long-term for further analysis and its integrity must be guaranteed.

WhaTap's various monitoring data allows you to understand the current status of your servers and applications, and log monitoring enables continuous auditing. You can also respond immediately with various notifications.

Zero Trust Architecture in WhaTap

WhaTap has several features implemented that reflect the underlying philosophy of Zero Trust.

1) Identifier and cool multi-factor authentication support

• Supports MFA authentication, making it impossible to break in just by stealing an ID and PW.

2) Granular user access control

• Project-specific role-based access control (RBAC) allows you to grant minimal authorizations.
• For more information on access control, check out our blog post B2B SaaS services, setting authorizations based on RBAC!

3) Track user behavior

• Monitor user behavior.
• Monitoring user behavior allows you to require additional authentication or dynamically restrict access in case of abnormal activity.

4) Data Security

• Passwords are encrypted with one-way SHA-256 encryption, and other personal information (name, phone number, company name) is encrypted with AES-256.
• Disk encryption is in place to protect monitoring data if other defenses fail.

As the limitations of traditional perimeter-based security models become clear, the importance of Zero Trust is being emphasized. When configuring the right Zero Trust architecture for your organization, WhaTap can help with the associated monitoring and visibility.