93bea1b8 zero trust

Zero-Trust Principles


About 10 years ago or so a new philosophy in security started to usurp the perimeter-based models. The principles of zero-trust are that each layer must affirmatively prove itself to its neighbour (in both directions). This continuous security (rather than a single strong vantage point) provides for Defense in Depth, one of my favourite principles.

You see, I selected the logo of my company as a compass on a shield, to remind ourselves that threats have direction, and that we often forget the east-west threat of the risk that is already inside. I assume that the first layer of defense will be breached, and thing about delay and confuse as strategies for what is next.

Imagine your body. Your skin is your firewall, keeps all sorts of bad bacteria out. But, you don’t die if you are scratched, your white blood cells provide the next layer, they don’t trust that the skin will do it all.

Others have talked about Zero-Trust, from Google’s BeyondCorp, standards like SPIFFE and SPIRE, books, etc.

Zero-Trust is the basis of our architecture, internally, and, of what we provide to our partners.

The basic principles of zero trust are that each layer proves itself to its neighbour. If we imagine 5 layers (user, device, transport, application, data), we might think how each would protect itself from its neighbour, and show how its achieved that when asked.

  • A user? password + 2-factor authentication.
  • A device? UEFI Secureboot, encrypted storage, trusted computing, client certificates
  • Transport? (mutual) TLS
  • Application? Segment it from non-participating bits. Use mutual TLS + SPIFFE between the participating pieces.
  • Data? Checksum, tamper-proof audit logs.