As organizations shift more of their workloads and data to the cloud, they face new security challenges. The cloud presents a unique set of challenges for security teams, who must now deal with a more complex and dynamic attack surface. One of these is the need to re-think their approach to security. The term “zero trust” has been gaining a lot of traction lately as organizations look for ways to improve their security posture in the face of increasingly sophisticated cyber attacks. But what exactly is a Zero Trust security model, and how can it help organizations better protect their data and systems?
In this article, we will explore the main challenges of cloud application security, how the Zero Trust model can help organizations overcome these challenges, and the vision that MSC has in building a possible security approach to cloud services.
In a traditional network security model, organizations would establish a “front line” of defense, often in the form of a firewall, and then trust any traffic that made it past that initial barrier. The problem with this approach is that it assumes that all internal users can be trusted, and that all external users are untrustworthy.
On the other hand, the Zero Trust Model flips this approach on its head. In a Zero Trust environment, all users are treated as untrusted, regardless of whether they are inside or outside of the network. This means that all traffic and access to resources must be verified and authenticated. There are a number of benefits to this approach, including improved overall security, infrastructure and network visibility, end-user experience and accurate monitoring and alerting. In addition, one of the central pillars of Zero Trust is Identity, including identities representing applications and workloads.
Application identity management is the process of ensuring that each application has a unique identity that can be verified and authenticated. One of the biggest challenges of cloud security is managing application identities.
This is because many cloud applications are built on top of other cloud applications, making it difficult to understand the relationships between them. Another challenge is segregating application identities. Again, in the traditional data center, it was common to have a few large applications that served the entire organization. This is not something advisable from a Security standpoint, because if an application identity is compromised, many different components are impacted. On the opposite, if a proper application identity segregation is put in place, the impacts would be much lower and bound to a specific area. This enabled to segment them into different security zones. In the cloud, however, there are often many small applications that are spread across different parts of the organization. Therefore, segmenting them into different security zones without impacting the functionality of the applications becomes more difficult.
Another challenge is assigning and managing permissions for application identities.
Finally, another challenge is managing secrets for application identities.
The challenges of cloud application security can be daunting, but by adopting a Zero Trust approach and implementing the necessary controls, organizations can keep their data and workloads safe.
Security principles for building secure cloud applications:
1) Least privilege approach
Least privilege is a security practice that requires individuals and processes to have only the bare minimum permissions necessary to perform their work. This approach reduces the potential for unauthorized access and privilege escalation by malicious insiders or external attackers.
When it comes to cloud-native application security, least privilege is especially important for preventing over-permissioned/over-privileged application Identities from being created. Application Identities are cloud objects that can be used to authenticate to and access cloud resources. If these accounts are not properly secured, they can provide attackers with a way to gain access to sensitive data and systems. To help prevent this, organizations should follow the principle of least privilege for application Identities. This means only granting the bare minimum permissions necessary to the account. For example, if an account only needs to read data from a database, it should not be given write access. By following this practice, organizations can help reduce the risk of unauthorized access and privilege escalation.
2) Application identity segregation
In a Zero Trust model, application identity segregation is a strategy used to prevent applications from sharing the same identities. By keeping identities separate, each application can only access the resources it needs, and no one application can compromise the security of another. This strategy is especially important in the cloud, where applications may be hosted on different servers or in different regions. By keeping identities separate, it helps to ensure that each application can only access the resources it needs.
Identity segregation can be achieved through a number of means, including using different accounts for different applications, keeping different applications on different servers, or using a separate identity provider for each application.
3) Secure credentials storage and management and Logging
There are a number of challenges that need to be considered when implementing a Zero Trust security model in the cloud. Firstly, organisations need to think about how they are going to store and manage credentials. They also need to ensure that their logging mechanisms are fit for purpose.
Credentials are to be stored securely, and only authorised users should access them. One way to do this is to use a dedicated service such as Azure KeyValut as well as a centralised authentication system, such as Azure Active Directory. This can help to reduce the risk of passwords being compromised, as they are only stored in one place and are not shared between users. It is also important to have a good logging system in place. This can help detect and investigate potential security incidents. When implementing a Zero Trust security model, organisations need to consider how they will collect and store logs, as well as how they will analyse and act on them.
What are “secretless” applications?
A “secretless” application is one that does not require any secrets (passwords, API keys, etc.) to be stored in the application code or configuration. This means that if the application code or configuration is compromised, the attacker would not be able to gain access to any sensitive data. Therefore, one of the main advantages of this model is that it eliminates secrets leakage Indeed, they are much more secure, as secrets are one of the most common targets for attackers.
There are a few challenges that need to be considered when moving to a secretless model, however. One is that it can introduce additional complexity into the application, as there are now more moving parts that need to be configured and managed. Another is that it can be difficult to debug secretless applications, as it can be hard to track down the source of errors when there are no secrets to provide visibility into the system. Overall, secretless applications are a major step forward in terms of security and ease of management.
In the traditional security model, secrets are often leaked through poorly secured perimeter defenses. The Zero Trust model eliminates this problem by ensuring that all secrets are securely stored on dedicated services, such as KeyVault. Another advantage of the Zero Trust model is that it protects against secret purges. In the traditional security model, secrets are often purged when they are no longer needed. This can lead to serious security problems, as purged secrets can fall into the wrong hands.
MSC’s security vision in building secure and secretless applications in the cloud
There are a number of tools and services available that can help organizations to implement and manage a Zero Trust security model. Here’s the Security vision by MSC, and the tools proposed:
Let’s start with Azure Managed Identities. Azure Managed Identities is a service that provides an identity for an Azure resource/s. The identity is managed by Azure and can be used to authenticate to any service that supports Azure Active Directory authentication.
There are two types of Azure Managed Identities: user-assigned and system-assigned. They can be used with any Azure service that supports Azure Active Directory authentication, including for example Azure SQL Database, Azure Cosmos DB, and Azure Key Vault. Azure Managed Identities offer a number of benefits, including enhanced security, automation, ease of setup and management, and removed effort in credentials rotation. If you are looking for a way to improve the security of your Azure resources, then Azure Managed Identities is a great option to consider.
Azure KeyVault is another fundamental tool: it is a cloud-based service that provides secure storage for secrets, such as passwords, application keys, and database connection strings. KeyVault solves the problem of how to securely manage secrets used by cloud applications and services. KeyVault provides a central repository for secrets, allowing you to control their access and rotation. Secrets are encrypted using industry-standard algorithms, making them safe from attackers even if they are stolen.
Advantages of using Azure KeyVault include:
- Secrets are encrypted and securely stored
- Secrets can be centrally managed
- Access to secrets can be controlled
- Secrets can be rotated on a regular basis
- Secrets can be backed up and restored
Using Azure KeyVault can help you meet your organization’s security and compliance requirements, and can make it easier to manage secrets used by your cloud applications and services.
How to put in place security principles
There are several principles that need to be in place in order to put Zero Trust security in place.
First, compute services should be dedicated to running a specific application. In this way, it’s easier to track and monitor activity. Second, a proper application identity segregation should be put in place. Hence, each application/service should be assigned a unique identity that will allow the app to access other services and resources. One of the best setup options to be followed is to have a dedicated compute service to host a specific service or application and assign to that compute service should be assigned a unique Managed Identity. All application secrets, credentials and connection strings should be stored in a dedicated Azure KeyVault. In this way, they’re more secure and they are still easily accessible by the application. The application should use the Managed Identity to authenticate with KeyVault and retrieve the secrets. Finally, it’s important to collect logs from both the infrastructure components and the application itself. This way, you can have a complete picture of activity and identify any suspicious activity.
To wrap up, this approach eliminates the presence of any kind of secrets and credentials in the application code or configuration files and moves them to a dedicated service such as the Azure KeyVault.
On top of this, the usage of Azure Managed identities provides an out-of-the-box and managed method to authenticate to Azure Active Directory and access its resources and services without taking care of any credentials.
Nowadays, companies rely heavily on the cloud to deploy their applications: this requires rethinking the way internal and external users access data. Zero Trust models, as we described, provide a way to ensure that privileged data and resources are only accessed by users that should. This framework brings several challenges, and in this article, we described the approach to tackling these challenges with cutting-edge tools and techniques.