Bench Talk

(Source: Michael Traitov -stock.adobe.com)

Engineers working on mission-critical applications in mil/aerospace and other segments have for years followed some fundamental principles of security intended to reasonably protect their applications, systems, and networks. Traditionally, physical compartmentalization has been a key factor in ensuring security in security-sensitive applications, and entry to a secure area has required positive identification and authorized access by individuals. Enterprise security policies defined the rules of identification, authorization, and access privileges, and those were enforced by security officers who were expected to adopt a certain attitude of distrust in dealing with individuals. In today’s environment of interconnected devices and services, these fundamental principles still remain vital to security, forming the foundation of zero trust security.

Zero trust distills the essence of security down to three principles:

• Verify explicitly: Authenticate requests for access to resources.
• Use least privileged access: Allow requests only from authenticated participants in a network or service group and even then limit access to the minimal required data or service.
• Assume breach: Understand that breaches are inevitable in connected applications, remain vigilant for their occurrence, and ensure their effect remains limited when they do happen.

With the emergence of bring your own device (BYOD) practices, companies have managed to overcome difficulties in defining policies and enforcing measures consist with these principles in the conventional information technology (IT) domain. In IoT networks, and more generally, operational technology (OT) networks, the idea of implementing zero trust across the hundreds or thousands of devices in an enterprise-level IoT application can seem daunting indeed. Nevertheless, achieving zero trust in the IoT environment can be made more accessible by focusing on three key security enablers:

1. Hardware-based security mechanisms
2. Defined security policies
3. Security health monitoring

The first enabler—hardware-based security mechanisms—provides the critical foundation for IoT security. IoT developers can choose from a wide range of security-enabled devices including security-enabled processors, secure elements, secure memory, cryptographic devices, and other devices able to support secure authentication and secure communications using trusted credentials. The availability of processors that enable hardware-based root of trust allows developers to dramatically minimize the possibility that IoT endpoint and edge devices themselves could be compromised, enabling hackers to co-opt a seemingly “trusted” device to penetrate deeper into the enterprise. The trust established at the very periphery of the IoT must be maintained at each higher layer of an IoT application. As companies build out large-scale IoT applications, however, legacy devices built with little or no security will complicate this sort of ideal greenfield security implementation, but even these devices can be isolated within subnetworks managed by highly secure edge devices.

The next enabler—defined security policies—might be the toughest for fast-growing high-tech companies, especially those who’ve established their success on quick action and reaction. Conversely, established enterprises with solid IT security policies might face some challenges in adapting those policies to the IoT domain. It’s not a trivial task to establish practical security policies that define the characteristics of authorized access across each layer and compartment in a complex IoT application. Developers can’t assume that any device or service already connected to the network can be trusted with privileged access to deeper areas of the application. Defining policies with broad brush strokes will likely provide hackers with a set of wide-open doors to sensitive information, critical services, or enterprise resources. It might not be easy to define all the required rules, but doing so is essential. Fortunately, IoT platforms from the major cloud providers offer a solid foundation of services built specifically to simplify implementation of the security rules associated with each resource and communications channel in IoT applications of any size and complexity.

The final enabler—security health monitoring—emphasizes the need to remain vigilant for new sources of potential threats and actual attacks. Not every new threat requires urgent action, but it should at least initiate an analysis of the risk (in all its facets) associated with the threat. On the other hand, an attack that successfully penetrates security measures should quickly initiate an appropriate response—whether it’s disabling the entry point used for the attack, uploading new security credentials, shutting down the affected endpoints or subnetwork, or more. Cloud providers and a growing number of third-party software vendors offer security monitoring software that monitors vulnerability databases for new threats, identifies potential attack surfaces, detects attacks, and generally provide developers and users with greater visibility into the security posture of their devices, networks, systems, and software.

It’s not that hard to find processors that enable building trusted operating environments on a hardware root of trust. It’s also not hard to find services able to support end-to-end security: If you look at zero trust support from leading IoT cloud providers like Amazon and Microsoft, you find largely the same architectural diagrams that they use to highlight their broader range of services. The real missing piece in implementing zero trust in IoT—the piece that you can’t buy off-the-shelf—is taking the time to define your security policies and having the will to ensure end-to-end enforcement in IoT applications.