With hybrid and multicloud environments now ubiquitous, zero trust has become essential for security. The traditional enterprise network perimeter between the adoption cloud and edge environments is obsolete, requiring modern, zero trust security practices.
A brief overview of zero trust
While the idea of perimeter-less security goes back to the mid-1990s, the modern zero trust concept traces its roots to Forrester Research analyst John Kindervag in 2010. Despite sometimes sounding like a specific technology, the National Institute of Standards and Technology (NIST) defines zero trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”1
There’s no single right way to implement zero trust, which is both good and bad. It offers the flexibility to be applied in a manner that works for your organization, but it can also require considerable planning and tools to cover your bases. While the specific details may vary, your zero trust architecture should consider several key principles:
- Verify and authenticate all users, machines, and devices continuously.
- Provide least privilege access—the minimum level needed to perform required tasks.
- Use micro-segmentation for isolation and access control.
- Collect, analyze, and correlate security events and data continuously.
- Employ automation and orchestration for faster response and fewer errors.
- Authorize each request using context for better accuracy.
Getting started with zero trust in the cloud
To begin planning your zero trust strategy, first evaluate your workload portfolio. Identify areas to consider adding identity and security tools, as well as ways to monitor health, so you can start to align with a zero trust strategy.
For workloads in the cloud, AWS offers identity and networking services to provide the building blocks for zero trust. Identity-centric controls in AWS uniquely authenticate and authorize each and every signed API request and provide fine-grained access controls. Network-centric tools in AWS filter unnecessary noise out of the system, providing guardrails for identity-centric controls. Both types of controls work together for greater effectiveness.
Service-to-service interactions within AWS also rely on zero trust principles to remain secure. Calls are authenticated and authorized by AWS Identity and Access Management. These same tools are also used to secure user access.
Zero trust in hybrid environments
If you operate in a hybrid environment or multiple clouds, as most organizations do, you must extend your zero trust architecture to those environments. This is where things can get complicated. Many environments have their own proprietary tools, which require more time to manage and make it difficult to see the complete picture.
Zero trust security is required for containerized apps, too. In the most recent Gartner Hype Cycle for Zero Trust Networking,2 Kubernetes networking was considered an early mainstream technology category that addresses the shortfalls of native Kubernetes capabilities. A zero trust Kubernetes networking solution provides security and scale for pod-to-pod communication, north-south traffic, and east-west traffic.
F5 solutions, including F5 Distributed Cloud Services, F5 BIG-IP Access Policy Manager, and F5 NGINX, fit natively into a zero trust architecture and strengthen security through least privilege access, explicit verification, continuous assessment, and risk-aware remediation for apps and containerized microservices. These solutions also operate anywhere your apps run: in the cloud, on-premises, or at the edge. Consistent security tools and policies across environments make it easier to employ an effective zero trust strategy.
Protect Your Hybrid Environment with F5 and AWS
Together, F5 and AWS offer the tools you need to simplify zero trust security in a hybrid environment. Safeguard your apps, APIs, and users everywhere with consistent policies, granular controls, and accurate authentication.
Learn more about how F5 and AWS come together to deliver zero trust security at f5.com/aws.
Sources
1. NIST, Special Publication 800-207, Aug. 2020
2. Gartner, Hype Cycle for Zero Trust Networking, 2023, Jul. 2023
About the Author
Related Blog Posts
The everywhere attack surface: EDR in the network is no longer optional
All endpoints can become an attacker’s entry point. That’s why your network needs true endpoint detection and response (EDR), delivered by F5 and CrowdStrike.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.