Kemp ZTAG Zero Trust Use Case

Posted on

When it comes to the security of our networks today, does that concept of a trusted entity really exist anymore? As the reality of the cyber threats that we face sets in, the answer becomes more and more clear, that answer, of course, is No.

Circle of Trust… What is that?

Enter Zero Trust, a security model which as its name implies, trusts no one and trusts nothing. I know this seems a bit aggressive but let’s face it we live in hostile times. What this really boils down to is that security at the perimeter of the network is not enough to defend against today’s threats. The security needs to be brought inside the network and applied to all applications, services, and systems independently. As there are many different approaches to secure the workloads running within an organization. A logical place to apply these principals would be on the load balancer which is already positioned to publish the application and provide high availability, optimization, and security particularly Web Application Firewall and SSL Termination.

Kemp Zero Trust Access Gateway solution

Zero Trust is more than validating the combination of your username and password to access an application. It is asking the questions “where are you connecting from” and “what exactly are you trying to access” and “are you really who you say you are”. All those questions can be summed up with a common Zero Trust principle, Least Privilege Access. Least Privilege Access is a security method that should be applied to each and every application within an organization. I don’t know of any argument that supports giving a user more access than is required to carry out their role.

Using the Kemp Zero Trust Access Gateway solution, least privilege access policies can not only limit the access for a given application based on a user’s role but also dynamically change the level of access and authentication requirements depending on where they are connecting from. A user connecting that is a member of the “Legal” group may have access to confidential reports when connecting from within the corporate network but when connecting from an unknown network, be restricted, or be required to provide additional authentication credentials (i.e., Multi-Factor Authentication).

Using Least Privilege Access with the Zero Trust Access Gateway secures Object Storage solutions as well. With the explosion of unstructured storage growth in the enterprise, the need to apply granular controls has never been more top of mind. The modern applications that share this storage solution each have their own set of security requirements. Since the load balancer is a critical component in many object storage solutions, utilizing it as a Zero Trust Access Gateway delivers this granular security at the most optimal point. Most environments will classify different security zones or network subnets to protect highly secure applications from having any communications with less secure systems. Should a threat actor compromise a system in a less secure zone it is crucial that lateral movement is not possible.

Object storage challenges

The challenge with object storage is that systems across all security zones typically require access to shared storage which presents the possibility that some malicious content could be written to the storage from a less secure zone, with the result of compromised data integrity affecting those applications in high-security zones. The Zero Trust Access Gateway prevents this by limiting what entities accessing the storage ecosystem have the ability to do. For instance, allowing systems in the trusted zones to write, read and delete objects from a bucket but limiting the system in the least trusted zones to only read. Once again, enforcing least privilege access by leveraging granular controls as to who has access to the shared storage, what access should that entity have, and where is the content being written, deleted, or read from.

Kemp Zero Trust access gateway diagram

These are just a few examples of how customers can leverage their existing load balancing solution to deliver granular security using the Zero Trust Access Gateway. Download the Zero Trust Access Gateway package today to start applying this security model to workloads running in your environment.

Kemp Zero Trust Access Gateway- https://kemp.ax/solutions/zero-trust-access-gateway

Posted on
Kurt Jung Headshot

Kurt Jung

Kurt Jung is a Senior Technical Marketing Engineer at Kemp Technologies. He works hands on with many technologies around application delivery and how to position these in today’s market. Kurt also works closely with key alliance partners to further strengthen the synergy. Prior to Kemp, Kurt has spent most of his career working as a consultant helping customers deploy on-premises, cloud and hybrid cloud solutions to support their business.