Skip to content
Zero Trust

Illustration by iStock, Security Management

Why Zero Trust Must Extend into Deep Infrastructure

It is a dramatic understatement to say that staying one step ahead of continually evolving cyberthreats like ransomware, malware, and other serious attacks must be a top priority. Today’s global community of threat actors and hackers are sophisticated and organized, constantly on the move to find the next layer of vulnerability in your environment. A proactive, all-encompassing security strategy is essential.

If you are like most organizations, your focus on tightening security starts with heightening identity access management at the perimeter and graduates to following established best practices that span across your applications, your data, your networks, and the cloud.

This begs the questions: What’s next? To where should you turn your attention? The fact is serious, persistent threats are already looming in your infrastructure. The lowest-hanging fruit—and the most vulnerable point of attack—is where you may least expect it: the hardware and firmware that lies in the deep layers of your physical infrastructure.

Firmware Updates and Vulnerabilities

The increasing proliferation of malware attacks on server infrastructure prove they are vulnerable ransomware or malware targets.

Let me paint a picture of why. Think about how many different components in your data center need firmware updates. Your server includes myriad specialty pieces of hardware and the firmware that goes along with them—some examples include the BIOS (basic input/output system), Board Management Controller (BMC), solid state drives (SSDs), storage controllers, network card, and more.

If you are part of a large shop, you have thousands of devices that constantly need updating. Keeping ahead of the update curve is an endless challenge. First, you need to be monitoring the latest updates—with some coming every several months. Then the updates themselves require time and resources, both of which are already a scarce commodity.

Anything and everything attempting to establish access must be verified.

To complicate things further, the firmware update process is not universal across operating systems, hardware vendors, or the device getting updated. Some require you to boot from one operating system, update the firmware, and then go back to the previous operating system. Due to the cumbersome nature of this updating process, IT organizations tend to ignore the firmware, leaving a huge hole that is very open to ransomware and other attacks.

Although organizations understandably won’t voluntarily disclose that they have been the target of a firmware-based attack, there is mounting evidence that bad actors are pursuing this route. A recent Microsoft Security Signals report found that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years, yet only 29 percent of security budgets are allocated to protect firmware.

As you plan your best next courses of action, there are two key security principles and solutions to keep in mind. 

Zero Trust Security Models

While it’s been around for a while, the concept of zero trust is prominent in every current security discussion and is used in the design and implementation of IT systems. It’s built on a never-trust, always-verify model where devices are not trusted by default, even if they are connected to a permissioned network such as a corporate local area network (LAN) and even if they were previously verified.

A recent report published on 26 January 2022 by the Executive Office of the President builds a case for moving the U.S. government toward zero trust cybersecurity principles.

The report notes that in the current threat environment, the U.S. federal government can no longer depend on conventional perimeter-based defenses to protect critical systems and data. These perimeter-level mechanisms—firewalls, for example—focus only on protecting infrastructure accessibility. If breached, hackers can suddenly get their hands on all data and information within the perimeter, as there are no other layers of defense.

It then goes on to build the case that a transition to a zero-trust approach to security provides a defensible architecture for this new environment.

As outlined in this report, the foundational tenet of the zero-trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, anything and everything attempting to establish access must be verified. This is a dramatic paradigm shift in philosophy of how infrastructure, networks, and data are secured—moving from verify once at the perimeter to continual verification of each user, device, application, and transaction.

To simplify the idea, let’s look at how zero trust would be applied to a real-world environment, like your home, for instance. The most common security model today is perimeter security. For your home, this means your front door is locked. And that might be enough, right? Wrong. What if you are storing something valuable in one of the rooms inside your house? Once the front door is bypassed, the intruder can access any room in the house. With zero trust security models, each room within the house would be locked and the contents secure.

At every security layer, this line of thinking is applicable to government organizations and private enterprises alike. Increased value comes as zero trust models incorporate always-on, end-to-end encryption of data at rest as well as data in-flight. And applying a zero-trust model ensures that all customer and application data is always secure, even if drives are physically removed from the servers.

Avoid Configuration Drift

With threats increasingly targeting deeper levels of server hardware and firmware, there’s a pressing need for a way to securely deploy and maintain the deeper layers of server-based infrastructure. The ideal way to protect your infrastructure is through an immutable solution, one that prevents inadvertent changes by users that could open the door to malicious software. An immutable solution can be used to deploy standardized server-based infrastructure rapidly and repeatedly, yet still maintain consistency.

The fact is serious, persistent threats are already looming in your infrastructure.

Immutable machine instances implemented avoid configuration drift, so that the firmware across all your devices is up to date, with no holes where a new cyberthreat can break in. Cluster upgrades are simplified using discretely versioned immutable instances and infrastructure standardization.

In this way, your IT organization can manage and maintain your hardware-based infrastructure, overcoming increasing security challenges as you consistently and reliably provision bare-metal infrastructure services and operating systems. As a result, you can avoid configuration drift and maintain infrastructure security at the same time.

What’s more, to help you better meet and maintain your security goals, some vendors are now offering streamlined mechanisms that eliminate the need for complex encryption and security configurations at every level. This ensures your organization—and its infrastructure—isn’t subject to vulnerabilities due to lack of expertise or incomplete security configurations.

Between the application of zero trust principles throughout the infrastructure and the elimination of configuration drift, there will be no holes to exploit beyond your front door.

Siamak Nazari is the CEO and cofounder of Nebulon. Nazari has more than 25 years of experience and more than 30 patents on distributed and highly available systems. In his position as HPE fellow and vice president, he was responsible for setting technical direction for HPE 3PAR and its portfolio of software and hardware. Prior to that, Nazari served as chief software architect at 3PAR from 2000 to 2010. In this role he was responsible for designing and implementing distributed memory management and the high-availability features of the system. Prior to joining 3PAR, Nazari was the technical lead for the distributed, highly available Proxy Filesystem (pxfs) of Sun Cluster 3.0.

© 2022 Nebulon Inc