The amount of respect I have for Lisa cannot be understated. Every sentence that is summoned forth from her through her fingers and subsequently the compute device she is in front of has such calculated thought behind it. It was in her recent blog post which referenced Motte and Bailey architectures in conjunction with modern corporations, did I realise she had articulated something that was rattling in my head for a little while.
It is quite well known that I am a man who enjoys medieval fantasy, science fiction and medieval history. Throughout history there have been many civilisations that have risen and fallen on the back of warfare. Medieval warfare was harsh, brutal and very deadly. It was well known the Norman invasion of 1066 brought feudalism to England and along with it well defined castle architectures. Motte and Bailey styled castles took advantage of hilled terrain and formed natural defences that were augmented by man-made construction. For the uneducated and religion following masses that tilled the fields and supplied the lord of the land the formation of town halls and castles served as a point of refuge. This bastion of safety formed a security blanket from the harsh reality of war, invasion and pillaging.
With an evolution of defences within the realm there was a new drive in advancement of weaponry. Siege tactics, latin for “to sit”, and siege warfare introduced weaponry such as trebuchets, onagers, catapults and battering rams. Offensive siege warfare involved controlling supply lines and strangling the enemy through control of resources. Whilst modern day accounts of warfare depict rapid ends to sieges, castle strongholds could hold out against an invading army for months.
Where the object required at all cost a campaign may not have been fought by military muscle alone. Whilst the perception was that everyone on the inside of the wall had allegiance to the land holder it was often found that this wasn’t the case. The black and white notion of inside good and outside bad was blurred and smeared with loyalties that have a price. Serfs, servants, military personnel or the lowly stable boy had a price. Trained spies or paid informants leaked information, facilitated tasks or quite simply compromised fortifications during a siege.
Using the reference point of a Motte and Bailey castle architecture there is a comparison between the inside versus outside of castle defences and that of security within society, our workplaces and computer networks. Gaolers have enforced the laws of our society to keep us safe and put criminals in containers, corporations have delineated trust based on those working for and those who don’t and computer networks simply place isolation where required.
Whilst firewalls have provided a hard perimeter in our network the demarcation of inside and outside is generally defined by configurations which simply isolate two sides. We have also built our businesses this way where corporations inherently trust their staff on the inside. Our defences have improved are we have evolved and there has been more layers added to the security onion. We add varying levels of measures to increase our defences but they either provide isolation or context. As Lisa touched on, this theme has not changed for years and our IT security postures reflect this. Whilst we have token security checkpoints to ensure what control you have (and sometimes who you are) most postures boil it down to the simplistic ideal of inside versus outside or more simply: internal or external.
If we simply can only control what is internal and external how do we deal with threats from within? Our hallowed internal zone which has limited controls is ripe for the picking. Whether it being an information gathering exercises, opening a backdoor or simply a reconnaissance task and the perpetrator biding their time these functions undermine internal security. It doesn’t matter how thick, efficient or tight controls are isolating outside and inside, once they are in they are in.
The enemy is within the castle walls unknown to all those within. Why do we struggle when what is wrong is not the tools that we use but the ideology behind it? Why do we implicitly trust those on the inside when it is generally those on the inside whose loyalty can be bought? If we continue to enforce old ideals which are ingrained our culture can we enforce and secure how we want, what we want and where we want?
Before we talk about how we can enforce this ideology of understanding who is using our network we need to first make a mindset shift. Creating a mindset shift is started by questioning the status quo. In 2014 we should not be building inside/outside only networks. The way we enforce workloads and ensure compliance through standards and control mechanisms must change and become dictating. Compliance architectures have a flow on effect which dictate how people build networks yet we see information leak like a sieve. In 2013 and 2014 some big name companies have been exploited from the outside but the more prominent was the NSA from within.
It seems that I am promoting a paranoia state which we say we should trust no one. Well – in terms of IT and information security I counter that point. Why should we trust anyone? In 2014 the only viable security architecture is to look towards a zero-trust model. Removing the reliance on points of control at the edge of the network where we delineate inside and outside and focus on delivering user-based access control to workloads and environments. This proposal dynamically controls with context about the security policy to deliver isolation, segmentation and correct user access without administrative overhead and complexity. No longer are workloads secured based on location or using the network centric approach to infrastructure control. Workloads need to be secured based on who is connected, what they are connecting to and why they are connecting.
Question the norm. Challenge perception. For too long we have built networks that have limited our ability to enforce, control and deliver secure architectures. Spice up your architecture with some practical paranoia. Eliminate inherent trust and defend your castle. The threats that besieged castles from the outside affect your company network.
For practical implementation and discussion on zero-trust have a look at Brad Hedlund’s recent post.
Here is a link to my closing keynote presentation for the NSX VMUG day in Sydney which this post was the inspiration for.