Security theory

Natasha Ong
This is some text inside of a div block.
4 min read

In a nutshell:

The Zero Trust Model is security approach that requires continuous authentication and access verification, irrespective of location or device. Microsoft recommends three key principles: Verify explicitly, use least privilege access, and assume breach from the outset.
The defence-in-depth model is a security strategy that protects data by adding barriers and controls to slow down potential attackers. It consists of seven layers: physical security, identity and access, perimeter, network, compute, application, and data layers.

What is the Zero Trust Model?

Traditionally, corporate networks were restricted, protected, and generally assumed safe. This is because only company-managed computers could join the network, VPN access was tightly controlled, and personal devices were frequently restricted or blocked.

The Zero Trust model flips that scenario. Instead of assuming that a device is safe because it was provided by the company, it requires everyone to authenticate. Then grants access based on authentication rather than location.

Diagram comparing zero trust authenticating everyone compared to classic relying on network location.

Microsoft highly recommends using the Zero Trust security model. The three principles to follow are:

1. Verify explicitly

With Zero Trust, you never stop being skeptical. Every time someone or something wants to access your valuable information (like files, databases, or systems), you authenticate and double-check if they're authorised.

In practise, this means:

  1. Implement multi-factor authentication (MFA): Make sure users and devices provide at least two types of authentication (e.g. a password and a personal question) before they get the green light to access stuff. This way, you know for sure they are who they say they are.
  2. Continuous authentication: Implement systems that continually assess a user's identity as long as they're logged in. For example, re-authenticate users if they switch devices or locations.

2. Use least privilege access

Don't give users more access than the need to your Azure resources.

In practise, this means:

  1. Just-in-Time (JIT) and Just-Enough-Access (JEA): These rules only let users have temporary and minimal access when they actually need it. This stops long-term unnecessary access. JIT = users only get access for the exact time they need it. JEA = users only get the exact level of permissions they need.
  2. Go with risk-based adaptive policies: Monitor user behavior and adjust access in real-time based on risk factors. For example, if an account shows unusual activity, reduce its access until the issue is resolved. You can also deploy tools that can figure out how risky an access request is. If it seems dicey, these policies can slap on extra security or even deny access altogether.

3. Assume breach at the outset

With Zero Trust, you start by assuming that someone has already breached your account's security. In other words, you don't trust anyone or anything, because cyber threats are always out there and you can't be sure who to trust.

In practise, this means:

  1. End-to-end encryption: ensuring data is encrypted not only in transit but also within your internal network. Even if an attacker gains access, the data wouldn't make sense without the proper encryption keys.
  2. Network segmentation: Divide your network into isolated segments with strict access controls. Only authorised users and systems can move between these segments. If an intrusion happens, they might not be able to move beyond the only segment they managed to access.
  3. Security analytics and threat detection: Use security information and advanced analytics tools to track network traffic and user behaviour. These tools can identify unusual patterns or signs of compromise.

What is the defence-in-depth model?

Imagine your computer data, like photos, documents, and your secret cookie recipe, is in a treasure chest. You want to make sure it's safe from sneaky hackers who want to steal it, but you've never done this before.

If only there is a guide lying around that teaches you what to do to protect your data! That's where defence-in-depth comes in.

What is defence-in-depth?

Defence-in-depth is a recommended strategy for protecting information and preventing it from being stolen by unauthorised people.

How? Through many layers of security that slow the speed of an attack that's trying to get access to your data. Think of this as having not just one big lock for your treasure chest - you're using many locks, traps, and guards to keep your treasure safe.

The 7 layers of defence-in-depth

Like an onion, you'll have to peel through these layers one by one before you can get to your treasure chest.

A diagram the defense in depth layers. From the center: data, application, compute, network, perimeter, identity & access, physical security.

Layer 1: The physical security layer is the first line of defence to protect computing hardware in the data centre. Cloud computing providers (like Azure) are responsible for securing access to buildings and controlling access to computing hardware within their data centres.

Layer 2: The identity and access layer is all about making sure that only authorised people are allowed access.

At this layer, it's important to:

  • Control access to infrastructure and change control.
  • Use single sign-on (SSO) and multifactor authentication.
  • Audit events and changes.

Layer 3: The perimeter layer identifies network attacks before they happen, eliminating their impact, and alerting you.

At this layer, it's important to:

  • Use DDoS protection* to filter large-scale attacks before they can affect the availability of a system for users.
  • Use perimeter firewalls** to identify and alert on malicious attacks against your network.

*In a DDoS attack, cybercriminals flood your network with so much traffic that it can't handle it all, causing services to become unavailable. DDoS protection detects these attacks early, filters out the bad traffic, and ensures your network stays up and running smoothly, protecting it from disruption.

**A perimeter firewall is a specific type of firewall that is typically deployed at the outermost boundary of a network, often called the network perimeter. Its primary role is to protect the entire network from external threats by filtering and inspecting traffic that enters or exits the network.

Layer 4: The network layer is focused on limiting the network connectivity across all your resources to only allow what's required. By limiting this communication, you reduce the risk of an attack spreading to other systems in your network.

At this layer, it's important to

  • Limit communication between resources.
  • Deny by default.
  • Restrict inbound internet access and limit outbound access where appropriate.
  • Implement secure connectivity to on-premises networks.

Layer 5: The compute layer makes sure that your compute resources are secure.

At this layer, it's important to:

  • Secure access to virtual machines.
  • Implement endpoint protection on devices and keep systems updated.

Layer 6: The application layer means reducing the security vulnerabilities in your code. Every development team should ensure that its applications are secure by default.

At this layer, it's important to:

  • Ensure that applications are secure and free of vulnerabilities.
  • Store sensitive application secrets in a secure storage medium.
  • Make security a design requirement for all application development.

Layer 7: The data layer controls access to business and customer data that you need to protect.

In almost all cases, attackers are after data:

  • Stored in a database.
  • Stored on disk inside virtual machines.
  • Stored in software as a service (SaaS) applications, such as Office 365.
  • Managed through cloud storage.