A financial entity reached out to Fraktal for a study and a roadmap on zero trust architecture. The organization had identified a need for improving their IT security architecture during red team and other security assessments. Their mixed environment of legacy systems and modern container workloads had led to compromises in their security architecture.
To address these issues and step up the security architecture baseline going forward, the client considered adopting zero trust tenets. Zero trust security model is based on the principle “never trust, always verify”. It fortifies organizations with versatile environments, authenticating every user, device and application.
The client had chosen Azure as their cloud platform for new business applications. They wanted to avoid building separate access control and identity management technology stacks for the cloud and on-premises. Azure services, for example Azure AD and Application Proxy, are relevant for zero trust approach. In any future proposals, the client wants to leverage Azure capabilities for a unified and cost-effective approach.
As the zero trust tenets are not yet widely known outside the IT security domain, Fraktal’s team first built a summary presentation of the tenets to increase understanding of the topic. We summarized the evolution of IT security architectures over the past decades, and how this arc leads to Zero Trust. We used NIST SP 800-207 definitions in setting the objectives and explaining the building blocks of zero trust architecture.
Fraktal’s presentation helps our client to build understanding and take the internal discussion about the IT security architecture with zero trust tenets forward.
We studied the client’s IT architecture and interviewed their key stakeholders from business and IT, as well as vendors, to learn about the current state and their expectations and wishes regarding the security architecture. We learned about their current situation with data centers and their desire to migrate new applications and common services to Azure cloud platform.
With this knowledge we drafted a new high-level IT architecture for the financial company. The architecture roadmap includes their existing data center resources, integration bus and on-premises identity services, and combines these with Azure cloud resources, cloud-based identity management and protection, and cloud-based remote access to existing data center applications.
We used the NIST publication on Zero Trust Architecture as the main source in defining the tenets and architecture approaches of Zero Trust. In a world filled with commercial products and sales talk it is essential to rely on knowledge that is technology and vendor agnostic.
In this assignment we combined services available from Azure to build the client a Zero Trust roadmap that amends their existing data center centric approach. Fraktal’s team has Microsoft certified experts in Azure security technologies and architecture.