Zero Trust Cloud Security Framework

Why Choose Zero Trust Cloud Security?

Organizations have come to rely on the cloud for many of their computing workloads. This trend has been accelerated by the urgent prioritization of security, the redefined needs of the hybrid and distributed workforce, and a surge in data analytics, machine learning (ML), and artificial intelligence (AI) that benefit from the cloud’s uninterrupted access to software, data, and other resources, anywhere, at any time. The cloud also connects organizations, networks, and users to edge computing devices and systems.

These trends yield a vastly expanded, diverse range of users, devices, and applications that are interconnected loosely through the cloud. Unfortunately, all those elements are potentially vulnerable to attacks by bad actors and malicious code.

Cybersecurity is a critical concern for organizations in the cloud, as they must protect data assets, applications, devices, and users. Data governance is also regulated in many industries and countries, and compliance can depend on security measures.

To be highly effective, a cybersecurity strategy must control access to all assets in the cloud and on the network, identify and respond to threats proactively, and respond quickly to limit damage and recover from any attacks.

Implementing a zero trust security framework is a best practice and a responsible approach to establishing a cybersecurity culture, especially in the cloud. The goal of zero trust is continuous protection across all attack surfaces. Those surfaces include all physical assets in the network, data center, cloud, and at the endpoints, as well as networked software, data, and the users themselves.

What Is Zero Trust Security?

Zero trust is a comprehensive security strategy that is designed to protect all hardware, software, data, and users on an organization’s network and in the cloud.

A zero trust approach to security differs from the more traditional perimeter defense strategy. In a perimeter defense, the organization protects the boundaries of its private network with firewalls and multilayered software security solutions to regulate and filter traffic to and from the public network. Once a user or device has been verified and admitted to the private network, it is typically treated as a trusted resource.

By contrast, a zero trust security framework is designed around the assumption that a cyberattack can happen at any moment, and there is no such thing as a trusted resource. The framework is designed to apply security technologies that protect hardware, software, data, and users across an organization’s infrastructures, and each user or device must be authenticated repeatedly before every interaction.

Zero trust has gained popularity with the growth of cloud computing, as cloud-based operations cannot easily be contained within a defensive perimeter shield.

The COVID-19 pandemic accelerated the move to zero trust security. With the sudden shift to remote work, an unexpected number of users and devices were no longer contained within their organizations’ firewalls or other perimeter defenses. Zero trust was adopted more broadly, as it requires all users and devices to be validated and authorized repeatedly before each network session. In a study conducted by Okta in 2021,78 percent of the global companies surveyed said that zero trust had become a higher priority because of the pandemic and nearly 90 percent had begun work on a zero trust initiative, compared to 41 percent before the pandemic.¹

Benefits of Zero Trust Security in the Cloud

Zero trust cloud security requires a dynamic approach to identity and access management (IAM). The right users or devices must be given access to the right resources. Conversely, unauthorized users and devices must be blocked. Some individuals might have their access restricted to specific resources, while they are blocked from others. For example, it is common for large organizations to restrict system administrators’ rights and permissions so that only the IT staff have access to those applications and files.

Implementing zero trust cloud security measures can help organizations to protect cloud-based data, applications, and business models from cyberattacks. Zero trust also helps to secure customers’ private data to comply with regulatory requirements and good business practices.

Implementing Zero Trust Cloud Security

A zero trust security framework should be incorporated into new or upgraded cloud infrastructure plans early in the design phase.

When implementing a zero trust architecture and security policy, organizations should begin with a defense in depth strategy. This layered approach leverages multiple security measures to protect an organization’s assets.

Defense in depth should first be grounded on a trusted hardware foundation to better protect the firmware, BIOS, and operating system (OS) that support the rest of the technology stack.

Tools such as encryption and platform protections then comprise the next layer to help address the organization’s IT security concerns.

Finally, software-based security solutions can be accelerated and strengthened by hardware- and firmware-enabled capabilities. When all the underlying layers are protected, cloud-based applications and other software can be deployed with confidence on the secure foundation.

With improved data security features available in the cloud, organizations can realize the cost and agility benefits that come with public cloud, private cloud, or hybrid cloud deployments through technologies that help enable confidential computing.

Intel and Zero Trust Security

Intel offers hardware-enabled tools and features that can help to support zero trust cloud security frameworks. Security capabilities are built into Intel® silicon and ready to be enabled in software.

These and other Intel® security technologies help improve the identity and access management needed to enforce role-based control and zero trust security processes.

Note that cloud architects can access some of these built-in capabilities independently, even in the public cloud. Other features must be enabled by individual cloud service providers.

• Intel® Xeon® Scalable processor-based cloud instances offer a balanced architecture that delivers built-in AI acceleration and advanced security capabilities. Intel® Xeon® Scalable processors are optimized for many workload types and performance levels.
• Intel® Software Guard Extensions (Intel® SGX) provide a hardware-based trusted execution environment that isolates specific application code and data in memory. Intel® SGX enables authorized software to allocate and protect memory enclaves with a high level of specificity and control.
• Intel® Trusted Execution Technology (Intel® TXT) helps ensure platforms launch into a known-good configuration before loading sensitive data.
• Intel® Crypto Acceleration capabilities in the 4th Generation Intel® Xeon® Scalable processor help to optimize workload performance in encryption-intensive cybersecurity processes.

In addition to these technologies, Intel is developing a new authentication service, codenamed “Project Amber,” which is expected for general availability in 2023.² Project Amber will provide third-party attestation services that verify trustworthiness of cloud, edge, and on-premises environments. The remote service will validate confidential computing environments to ensure they are correctly configured, up-to-date, and loaded with the expected software before allowing them to handle confidential data.

Because these technologies and tools are rooted in the hardware itself, they help to reduce the potential attack surfaces and related threats to create secure enclaves for confidential computing in private cloud, public cloud, and hybrid cloud environments.

Additional Intel® technologies can help to secure vulnerable endpoints to protect them from unauthorized users and malicious code. For example, desktop and laptop PCs based on the Intel vPro® platform include Intel® Hardware Shield to help safeguard system firmware, OS, memory, applications, and data against advanced threats.

Embracing Zero Trust

Zero trust is a comprehensive security framework for protecting an organization’s operations and assets in the cloud, in the data center, at endpoints, and at the edge. As organizations continue to engage in digital transformation and cloud modernization, it is critical to include a zero trust security strategy in their cloud architecture, beginning with the earliest stage of system design. This effective security strategy should be a priority, along with the technologies and infrastructure that support its full implementation. Security technologies from Intel help to tighten identity and access management, enabling the role-based control and policies that contribute to zero trust security across the entire infrastructure.

Intel® technology supports zero trust cloud security with hardware-enabled capabilities, optimized software, and developer tools that can strengthen third-party security solutions. Further, Intel partners with cloud service providers, security software vendors, and systems integrators to build powerful, effective security solutions for a broad variety of computing environments and usage models worldwide.