12.1 Zero Trust (ZT)
- Traditional security: Relied on a perimeter (firewall) separating “inside” and “outside”; once inside, lateral movement was easy.
- Zero Trust: Rejects implicit trust; focuses on protecting the “protect surface” (data, applications, assets, services).
- Technical objectives:
- No inherent trust, inside or outside boundaries
- Simplified user experience (just-in-time authorisation)
- Reduced attack surface (strict access controls, continuous authentication, least privilege)
- Reduced IT complexity (focused perimeters, easier access control in hybrid/multi-cloud)
- Improved security posture and incident containment (micro-segmentation, continuous authorisation)
- Zero Trust Pillars (CISA ZT Maturity Model):
- Identity: Secure and limit access for users and entities (MFA, context-based authorisation)
- Devices: Device security hygiene as input to access decisions
- Networks: Highly segregated networks
- Applications & Workloads: Protect applications, monitor for malicious traffic
- Data: Protect and monitor data at rest, in transit, and in use
- Visibility & Analytics: Monitor access behaviour for anomaly detection
- Automation & Orchestration: Automate security processes for rapid response
- Governance: Align business, risk, and IT perspectives; define ZTA policies
- ZT Maturity Stages:
- Traditional: Static policies, firewall-based controls
- Initial: Centralised identity management, device security, network segmentation
- Advanced: Continuous, dynamic controls
- Optimal: Fully automated, adaptive identity and network segregation
- ZT Principles mapped to security domains:
- Organisational management: ZT as enterprise strategy
- IAM: Continuous, phishing-resistant MFA, context-based authorisation
- Security monitoring: Monitor everything, presume breaches
- Network: Micro-segmentation, software-defined perimeter
- Workload: Device/workload integrity, malware/data exfiltration monitoring
- Application: Least privilege, separation of duties
- Data: Classify, protect, monitor with strict access controls
12.2 Artificial Intelligence (AI)
- AI in cloud security: AI is both a cloud-hosted service and a tool to enhance cloud security; also poses risks as an attack tool.
- AI characteristics: Most popular AI technologies use neural networks (e.g., LLMs); workloads include training (resource-intensive) and inference (model use).
- AI workload types:
- AI as a Service (SaaS): Ready-to-use AI services (e.g., Claude); quick adoption, minimal expertise needed. Security controls: approve services/data, track prompts/results.
- AI as a Service (PaaS/Foundation model hosting): Provider hosts models, customer builds solutions. Security controls: secure training data, integration, deployment, users, defend against adversarial attacks.
- Cloud as workload host for AI (BYOM): Organisation develops/deploys own models; full lifecycle responsibility.
- AI-enhanced security tools: AI embedded in security products for smarter detection, access control, automated policy enforcement, etc.
- AI use cases in security tools:
- Threat detection
- Log analysis
- Incident response
- Posture assessments
- Secure code analysis
- Malware analysis
- Risk prioritisation
- Entitlement management
Discover more from Information Security Blogs
Subscribe to get the latest posts sent to your email.
