Past, Present & Future of Zero Trust Security and How Can You Implement It on a Kubernetes Cluster

Photo by FlyD on Unsplash

Past, Present & Future of Zero Trust Security and How Can You Implement It on a Kubernetes Cluster

In today's day and age, companies store all their data on either an on-prem setup or on a cloud-based service. This includes sensitive data such as customer payment details, passwords, access tokens and more. This makes it all the more important and crucial to ensure that these systems have a robust security mechanism.

Let's take a look at what is Zero Trust, a security model that's gaining popularity and secures your system quite well. Before we dive into Zero Trust and how it works within Kubernetes, let's first understand how things happened before the idea of Zero Trust.

Perimeter Security Model

In a time before a zero-trust security model existed, the idea of perimeter defence, also known as the castle-and-moat model was widely used by many organizations. The idea of perimeter defence essentially meant, separating your internal company networks, from the outside world using a VPN. Within this model, the assumption was that every entity within the internal network is trustworthy, and hence, all devices, and bots within the network have unrestricted access within their network.

However, as you can already guess, this model has several limitations and vulnerabilities. Let’s try and understand some of these problems, and how these might compromise critical business data such as private user data or credit card information.

Limitations of perimeter security

As a general assumption, in today’s world, it is quite unlikely that every single service you use exists within the same network premises. For example, your applications might be using an S3 bucket as its primary data store or one of the many AI solutions that are offered by cloud providers. All these services exist in a completely different network zone and would need access to your private networks to integrate with your business logic. Moreover, with the rise of remote work, employees are distributed all over the world. This means that they could have multiple devices that need to be authenticated and authorized within the company’s internal network.

We already discussed that perimeter security assumes that every device within the network is trusted and there is a lack of granular control. This lack of granular control opens doors to a lot of security vulnerabilities. It also opens doors to threats such as

  • Credential leaks: A security breach, phishing attack, or social engineering attack might cause credentials to get exposed, and the attacker would be able to gain access to the network

  • Human errors: In any kind of configuration or security system, human errors cannot be avoided. Human errors can include downloading a malicious file, opening suspicious links, or similar mistakes.

  • Insider attacks: Insider attacks can refer to an employee who has left the company, but still has access to their credentials. This can be a severe security risk which can be exploited.

  • Infected devices: Even with the best device security solutions implemented, there is still a risk of devices getting infected which can compromise all of their saved credentials and by extension, compromise the private company network as well.

With the traditional approach of perimeter security, there is a lot of room for attack. Since there are so many third-party APIs being used, some malicious actors can gain access to the network, and by extension every resource within the network. These limitations are where the idea of Zero Trust Security comes into play, and offers a robust solution,

What is zero trust and why is it important?

Image Credits: StrongDM blog

Zero trust is a security model that assumes no one and nothing can be trusted by default, whether they are inside or outside the network. It requires continuous verification of the identity and security posture of every user, device, and request before granting access to resources.

Zero trust also applies the principle of least privilege, which means that only the minimum level of access necessary is granted, and only for a limited time. It aims to reduce the attack surface and minimize the impact of breaches by using micro-segmentation and encryption.

Zero trust is important because it addresses the challenges and risks of the modern network environment, which has become more complex, diverse, and dynamic than ever before. Some of the factors that make zero trust essential include:

  • The rise of cloud computing enables users to access applications and data from anywhere, anytime, and on any device. This renders traditional network boundaries ineffective.

  • The proliferation of mobile devices allows users to work remotely and on the go. Users may connect to unsecured networks or use personal devices not managed or protected by the organization or any security layers.

  • The emergence of IoT systems, which connect various sensors, machines, and devices also means that there is an increased attack surface that needs to be monitored and secured.

These factors make it clear that relying on implicit trust or fixed boundaries is not sufficient or effective for security. Instead, a zero-trust approach is needed to verify every request as if it originated from an uncontrolled network.

How does zero trust work?

Zero trust is not a product or a service, but an approach that can be implemented using various technologies and best practices. Based on requirements, there are many different ways in which one can implement zero trust within their systems. Zero trust is based on three core principles:

  • Verify explicitly: Always authenticate and authorize every request being made. This ensures that the correct user, API or bot requesting access is allowed to access that specific resource. Use strong authentication methods such as multifactor authentication (MFA), biometrics, or certificates. Use risk-based adaptive policies that consider user behaviour, device health, location, time, and threat intelligence. Use continuous monitoring and verification to ensure access is valid and appropriate.

  • Use least privilege access: Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), which provides users access only when they need it, for what they need it, and for how long they need it. Following the principle of least privilege means that users only get the minimum level of access required to perform their tasks.

  • Assume breach: Minimize blast radius and segment access by using micro-segmentation to divide the network into smaller zones with different levels of security. Use encryption to protect data in transit and at rest. Use analytics to get visibility, drive threat detection, and improve defences.

What are the benefits of zero trust?

Zero trust offers many benefits over traditional perimeter-based security, such as:

  • Enhanced security: Zero trust reduces the attack surface and minimizes the impact of breaches by verifying every request and limiting every access. It also enables faster detection and response to threats by using analytics and automation.

  • Improved user experience: Zero trust simplifies and streamlines the user experience by providing seamless and consistent access to resources across different devices, locations, and platforms. It also improves user productivity and satisfaction by reducing friction and frustration.

  • Increased agility and innovation: Zero trust enables organizations to adopt new technologies and business models without compromising security. It also supports digital transformation and cloud migration by providing a flexible and scalable security framework.

Why use zero trust for Kubernetes?

If you have any familiarity with Kubernetes and its various components, you know that it is a very huge, and distributed system with a ton of tiny components. Since there are a ton of components within a Kubernetes cluster, it opens up a ton of doors for attacks. Just to give you an idea about the many components of Kubernetes, take a look at the below diagram. This is the most basic cluster you can find, which only has the core components of Kubernetes.

You can see that there are many components within a Kubernetes cluster. Each one of these components acts as its own tiny network. Because of this, implementing zero trust within Kubernetes becomes all the more important.

There are several different ways in which we can implement a zero-trust security model within Kubernetes. Some of them are:-

Let’s look at how we can implement a zero-trust model using Paralus.

Zero Trust in Kubernetes using Paralus

Paralus is an open-source tool that can control access to your Kubernetes infrastructure while generating audit logs. Check out the Paralus website to learn more about how it works internally.

We will be using a local kind cluster for this. Please make sure you have Paralus setup for a kind cluster so you can follow along.

Once you have Paralus installed, and you’ve gotten into the dashboard, you will first need to import your local kind cluster. Check out this guide on how you can do that

Once our clusters are successfully imported, let’s head over to the Groups tab, and create two groups. One for the Developers, and one for the Operations teams.

Once we’ve created the groups, we want to add some users to the respective groups. Let’s say that the SRE is John, and the developer is Sally. We will add these two users to their respective groups.

Now that we have our clusters, our projects, and our user groups, let’s go ahead and ensure that we are accessing the cluster through a zero-trust approach.

Paralus works by creating a service account for each user who needs to log in and access the system. To learn more about how Paralus works, check out this talk.

So let’s first log in as John, the SRE user, and make sure that the appropriate service account is created.

Once we’re logged in as John, let’s go ahead and enter the production project, and open a web shell. This web shell goes through Paralus to make sure that it is compliant with the zero-trust approach.

In this web shell, we will check for the service account and make sure that John’s service account exists.

We can see that a service account for John exists, which means that the zero trust system that is created through Paralus is working successfully.

Now let’s go ahead and log in through Sally, the developer user that we created earlier, and make sure that this works as expected.

Sally can also download the Kubeconfig file, which contains the least privileges which are required by Sally for accessing her resources.

Sally can perform read-and-write operations within the Apple namespace since she has the appropriate permissions for accessing that.

But what happens if she tries to do the same operations that she isn’t permitted? Remember that Sally does not have access to the production environment. Let’s try it out

Well, the operation gets rejected since Sally does not have the appropriate permissions for getting all the namespaces within the cluster.

Another useful feature that Paralus provides is the ability to view the audit logs. This lets us monitor which user has tried to do which actions. This helps maintain a record of any malicious actions being performed by any user, whether they have the appropriate permissions or not.

Conclusion

As we just saw, a zero trust system can help safeguard against a lot of different threats. It’s especially a great step up from the traditional perimeter security model, which was prone to attacks and threats within the network.

With a zero trust model in place, even if an attacker gets access to the private network of an organization, they would still have to go through multiple layers of authN and authZ before they can do any harm or steal sensitive data.

Zero trust is still a relatively new idea, and the number of tools that you can use to easily implement zero trust seems quite limited. However, in the coming years, there will likely be several tools that can help easily implement zero trust, while also handling other security layers such as the container and code security itself.

If we were to combine a tool such as Paralus with a Kubernetes security tool such as Armosec, it would be a powerful combination that ensures your workload stays secure and prevents a catastrophic failure due to some security risk.

References and Resources

Did you find this article valuable?

Support Siddhant Khisty by becoming a sponsor. Any amount is appreciated!