Case Study: Assessing Your Security Posture Using the Zero Trust Approach.
Assume you're in charge of protecting your IT system. In theory, it might be straightforward: Set strict security controls and firewalls to protect the perimeters of your network from illegal access. How about the internal network, though?
We can no longer rely on assuming that internal networks are trustworthy and that external actors are bad. Why? Because the majority of attacks come from within the environment.
Attackers typically use stolen or phished credentials to log in instead than hacking their way in. In fact, vulnerabilities related to identification account for almost 80% of data breaches. In light of this, we’re unable to trust practically anything.
This is the main tenet of Zero Trust: Never trust and always verify.
What is Zero Trust?
Zero Trust is not a product or a tool. In reality, there is no single tool you can use to configure a full-stack Zero Trust implementation in an environment. The ultimate Zero Trust is likely to be impossible to achieve.
Instead, the Zero Trust approach involves doing away with implicit trust and constantly validating every level of a digital connection to safeguard an organisation.
Three guidelines can be used to summarise the core tenet of Zero Trust:
- Never trust, always verify. Use all available information points to evaluate the access.
- Enforce least privilege access by limiting access to the absolute minimum needed to do the necessary tasks.
- Assume breach. Reduce the explosion radius using telemetry and micro-segmentation and have the essential processes in place to respond.
Our Approach.
Nordcloud has developed an efficient and unique Zero Trust maturity assessment for Azure environments which is carried out against five different pillars:
Identities, devices, infrastructure, workloads and data.
The assessment starts with an initial workshop to identify the customer’s needs, environment maturity, scope definition and alignment on the expectations.
In the summer of 2022, we carried out the assessment for a large Finnish manufacturing company. We did a complete analysis on their Azure environment and found many concrete gaps from Zero Trust’s perspective. We provided them with a detailed report containing actionable and prioritised insights to improve their Azure Zero Trust posture.
What did we find during the assessment?
We were able to pinpoint misaligned permissions in their identities and help the customer to mitigate potential attack paths as well as reduce the attack surface significantly. The customer gained enhanced visibility into resources which allowed them to gain a better understanding of the environment and its components. We also found usage of unapproved code hosting platforms as well as non-compliant sharing practices - and provided ways to take control of Shadow IT.
One of the most common misconfigurations for any cloud deployment is to have far too many users with privileges to resources they should not have. In this case, we recognised a large number of contributors for the root management group. In case one of these accounts would be breached, the consequences would’ve been catastrophic.
Azure backups was one of the critical resource types where all the contributors had access. There was no separation of duties. Backups are a strong protection mechanism against ransomware, but only if they themselves are properly protected. We found several ways the customer could remove the over provisioned access rights and standing access to Azure backups.
Another type of critical users in Azure are those with owner rights. Especially subscriptions owners. These users can by default move their subscriptions out of your tenant, meaning you could lose entire workloads. In this case the guardrail for stopping this behavior was not in place.
While these were only a fraction of the findings, it shows that when implementing any kind of cloud solutions, one should always assume that bad actors have access to your resources. That is why it is paramount that you have complete visibility over your cloud environment. In our case example, the customer lacked the visibility of the environment. By improving the overall visibility, the customer was able to spot misconfigurations and even detected breach attempts in surprising places.
What was the business impact?
The customer was able to improve their overall security posture by increasing their visibility of their Azure environment, by identifying and correcting misaligned permissions in their identities and reducing attacker paths and blast radius.
Implementation of the prioritised recommendations will see the customer reduce costs simply by standardising their Azure security architecture and by keeping customisation to a minimum. By adopting passwordless authentication, the customer workforce has experienced a better user authentication experience and potentially productivity.
Are you ready to improve your environment’s Zero Trust posture? To find out more, contact us here, or get in touch with Matias or Rickhard directly:
Matias Oksanen: matias.oksanen@nordcloud.com
Rickhard Alen: rickhard.alen@nordcloud.com
Get in Touch.
Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.