How do you make a home secure? Lock everything and only you hold the key. This is kind of the Zero Trust Architecture concept
Typically, for most websites and centralized digital frameworks, once you login with the correct credentials you then have access to the sphere of hosted functions. This sphere is classified as the site’s ‘trusted perimeter’
Security models set their perimeters using say encryption, login protocols and firewalls. Somewhat like a gate around a physical property, inside that gate is the trusted perimeter
The trouble is once someone knows your login details or possibly controls your unlocked device, concurrently, they could access the ‘trusted perimeter’. They’re able to login. In other words, they use the obtained key to open the gate
The potential unknown of someone doing just this is a long recognized stumbling point for various types of collaboration processes, even for a body like the UN [215] While there are ongoing advancements in layering login protocols, increased complexity for verification as well as cross device checks, such as two-factor authentication, the possibly unknown actor problem persists
Instead of concentrating on one centralized access point, there is a way to further segment functions, to make each function or activity a gate itself. This applies to the first trusted perimeter and equally to all newly set ‘gates’ that follow. And with Zero Trust Architecture, the concept of “never trust, always verify” becomes its guiding ethos
We logically touch on microservices when shifting away from centralization. The microservice structure is one where each time you perform a different segmented function, you have the ability to call out to a different and even a unique location. Microservices will be detailed throughout following articles while here we focus primarily on Zero Trust Architecture
To make the Zero Trust Architecture concept more tangible, as a thought experiment, imagine that you’re invited to a house party. Let’s look at two possible security scenarios of attending this house party, using traditional or Zero Trust Architecture;
Traditional Architecture
You’re on the invite list. You give your name to the doorman and that’s your key through the front gate. Once inside, you can walk up to the house. You now have full access to every room in the house. You make your way to the kitchen and grab a drink, you walk out to the porch and strike up a conversation with another guest
Then you make your way to the bathroom (taking a moment to rummage through the medicine cabinet, just out of curiosity), and finally end up having a nice discussion whilst lounging on the living room couch. Easy. Done. Great party
The trouble is, should anyone else give your name at the gate, sufficiently fooling or bypassing the doorman, this person has utilized your key. They would have almost unrestricted access to the entire spread, as you would if it was actually you
Zero Trust Architecture
You have a personalized key, which can be of varying complexity, even say device specific with double passwords and biometric signatures plus geo-location certification, or so on. You use your personalized key with the doorman. You pass the front gate
Then you use your key to open the kitchen door and again to take a drink. Then you use your key to open the door that leads out to the porch. Then you use your key again with the person your chatting to, so that you both know who is who
Then you use your key to open the bathroom door. Then again for the medicine cabinet, and again when entering the living room, and so on. Roughly and figuratively this could be referred to as granular perimeter security. Every [granular] function becomes segmented [having its own perimeter] thereby acting as a gate itself with each gate confirming your key
Making physical comparisons explains the principle but overlooks the benefits of digital implementation-
Meaning, if one had to physically perform all those additional actions during unlocking then, obviously, it would increase the time and energy required. It would be a hassle, no doubt. Extra steps would entail extra work and, therefore, this constant re-checking would become laboriously counterproductive. However, from a digital standpoint, Zero Trust key use can be imperceptibly fast
Goliaths such as Siemens and Google have been using variations of Zero Trust structures for a long time. The segmentation allows for compartmentalization of data as well as lateral tracking
Lateral tracking security analysis is made possible by the increased gates and associated ledger data. From a security perspective, the capacity for analysis processes like lateral tracking has multiple benefits
firstly
Your key may grant access to some areas but may not be authorized to get into others. Key providers and holders set as well as have the ability to review types of access, on a granular level
secondly
Automated and potentially private pattern recognition can prompt additional verification as required during unusual behaviour or possible breaches, whilst concurrently minimizing loss exposure throughout
A red flag could be instantly raised if for years you’ve used your key like clockwork to follow a preferred usage pattern but, one day and out of the blue, your key is suddenly or unusually used to collate highly sensitive data or dig into never before touched areas
Because the key is used for each granular portion or function, there is a much better chance and now an existing method to stop unauthorized use
-
and
The structuring of one’s personal and identity data can be hosted across multiple points. Even a breach to one of the sources holding a portion of the personal information would not give the full key
More broadly, particularly from a trust and reputation based marketplace example, there are long standing proposals for machine learning and economic advantages being derived [216] The ramifications of such could, when widely adopted, influence entire economic systems of trade and politics [217]
Extending this segmented and granular methodology is where microservices come in. Let’s break this out once more for microservices. Making a comparison between traditional centralized structures just imagine a functional website, say most any popular social media platform or online banking service;
Traditional Centralized Web Service
Your key gives you access to the front gate and you have access to whatever is inside. When the site wants to renovate, add a new service or fix up an old one, then each such task constitutes a massive undertaking
While the required work is happening these significant restructurings or renovations can have knock-on effects and various negative ramifications on usability for the rest of the site
Micro-Services + Zero Trust Architecture
Your key gives you access but is used again and again for following functions. Each function acts as a gate which you unlock
This is where the structure gets exciting. As there is little distance between calling a service from one location or another, each gate can be set in its own individual or unique space. Each gate doesn’t have to rely on the same centralized host
So in using microservices, restructurings or renovations can be done specifically to one portion without affecting the usability of others. Each function, with all supporting peripherals, are able to act independently
Next articles will go into details and benefits of microservices, as well as the cross over functionalities with various distributed ledger technologies, digital security tokens and cryptocurrency use
This granular segmentation principle has amazingly beneficial implementations, for everything from direct real world engagement to actualized payments. It is a core philosophy behind the TOF® Biosphere
It has implementations into the realms of law, copyrighting, intellectual property control and beyond. Remember, throughout the real ‘key’ remains in always making choice personal