The concept of zero trust and zero trust network access (ZTNA) has been around for years. In the past year and a half, though, zero trust has gained significant momentum thanks to the COVID-19 pandemic and the sudden shift to everyone working remotely. As organizations embrace digital transformation and adopt zero trust, though, businesses must also look to embrace zero trust at the chip level.
IDC predicts that worldwide spending on cybersecurity will reach nearly $175 billion by 2024. Organizations are spending more and more on cybersecurity every year, but the volume of vulnerabilities and exploits continues to grow. In the last year and a half, we have seen an explosion in ransomware attacks as cybercriminals try to take advantage of the chaos from the pandemic. Clearly, there is work to be done to build more secure systems, and it seems like zero trust will play a central role in the future of cybersecurity.
Martin Dixon, VP of Security Architecture and Engineering at Intel, <href=”#gs.adld90″>explains zero trust as “a proactive and pervasive approach to network security designed to minimize uncertainty. It shifts the paradigm from trust based on physical connectivity or proximity to one that involves always authenticating every access. The Zero Trust model has enabled work from home without joining a virtual private network (VPN).”
Dixon summed up, “Simply put, it means no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to network resources.”
Zero trust is primarily an issue of software—taking the concept of least privileged access and the process of identity and access management and amplifying them to challenge authentication and permission on a task-by-task basis. When it comes to the hardware, though, most things still function based on physical connectivity. Once access is granted at the hardware level, all activity is assumed to be legitimate.
Dixon recommends that the industry must work on changing that to ensure that the entire system—from the chip to the operating system to the applications running on it—can benefit from the stricter security of zero trust. Intel is building a foundation of trust around a set of security principles it has dubbed “Trust No One.”—Intel’s variation on zero trust architecture.
The company has developed technologies that allow for immutable identifiers to be assigned. Each transaction internally has a hardware-generated identifier. Within a system, mutual authentication is also required between die within a package.
The fundamentals of security are similar in many ways for both hardware and software. However, software changes or updates can be accomplished relatively quickly, while designing and deploying new hardware is a much more expensive and time-consuming endeavor. With that in mind, businesses looking to employ this “Trust No One” architecture at the hardware level must keep the following principles top of mind:
- Defense in depth: Build multiple walls.
- Simplicity: Invent simpler architectures.
- Psychological acceptability: Make security mechanisms easy to use.
- Fail safely and securely: Ensure that error conditions don’t leave secrets around.
- Complete mediation: Check every single access to confirm legitimacy.
- Rule of least privilege: Minimize the privileges any hardware agent has.
- Separation of duty: Make agents have their own purpose on the designs.
- Least common mechanism: Separate out security functions from others.
- Secure the weakest link: Protect the design’s weakest part.
Following these principles is especially important in the age of hybrid work, where businesses are increasingly relying on a slew of devices to stay connected in remote settings. As organizations continue to “go digital” to meet the needs of today’s new working model, they’ll need to prioritize hardware security and a “Trust No One” approach to mitigate a growing attack surface.
In a separate blog post, Dixon shared, “Security solutions rooted in hardware provide the greatest opportunity to provide security assurance against current and future threats. Intel hardware, and the added assurance and security innovation it brings, helps to harden the layers of the computing stack.”
The zero trust movement has made significant strides to improve cybersecurity for organizations, but it needs to run on a solid, secure foundation. The innovations Intel is putting in place to engineer zero trust concepts and the principle of “Trust No One” at the chip level enable us to build systems that are more secure at every level.
As we look to a future where businesses will prioritize investing in the latest tech and undergoing a series of digital transformations, the zero trust movement will only become more critical. In order to keep up with the pace of innovation while also maintaining security, the industry must look to employing a “Trust No One” architecture at the hardware level. With zero trust at both the software and hardware levels, organizations can be prepared to defend effectively against all threats.