Zero Trust and Dedicated Servers
Tuesday, July 6th, 2021We will continue on in our series on Zero Trust, this time discussing Zero Trust and dedicated servers. As a quick recap, the Biden Administration ordered all federal agencies to develop a plan to adopt Zero Trust Architecture. This is a security model that begins with the assumption that even an organization’s own network may be insecure.
It accepts that bad actors may be able to penetrate the network, therefore a network designed under the Zero Trust model is built to make security perimeters as small as possible. Zero Trust Architecture also involves constantly evaluating those who are inside the network for potential threats.
One of the core aspects of Zero Trust Architecture is the concept of trust zones. Once an entity is granted access to a trust zone, they also gain access to other items in the trust zone. The idea is to keep these trust zones as small as possible to minimize what an attacker would be able to access if there is a breach.
Dedicated servers are a critical component of trust zones and Zero Trust Architecture as a whole.
The Role of Dedicated Servers in Zero Trust Architecture
Dedicated servers are an important part of Zero Trust Architecture. LuxSci customers can host their services on their own dedicated servers or server clusters, instead of sharing a server with other clients who may introduce additional threats. This isolates an organization’s data and resources from other entities, creating a small trust zone.
LuxSci also uses micro-segmentation to protect each customer’s server cluster. Our solution is host-based, and the endpoints are protected by firewalls. Each customer’s server (or cluster of servers) is dynamically configured in a micro-segment using server-level firewalls. This means that each customer is separated from others, and there is no privileged access between customers.
As a dynamic host-based micro-segmentation solution, this setup adapts fluidly to software modifications, service alterations, customer changes, and new developments in the threat landscape (as detected by automated systems).
Our customers can also choose to place a static traditional network firewall in front of their assets. This acts as an additional line of defense. With this traditional firewall on top, both customer assets and the dynamic micro-segment are placed in a well-defined network segment with added ingress and egress rules.
Access Controls
LuxSci’s dynamic host-based micro-segmentation solution is complemented by our flexible and highly configurable access controls. These include:
- Two-factor authentication
- Time-based logins
- IP-based access controls
- APIs that can be restricted to the minimum needed functionality
- Application-specific passwords
These configuration options allow your organization to tailor access to your systems on a more granular level, limiting unauthorized access while still making resources available where necessary.
Limiting access and verifying user identities are important aspects of Zero Trust Architecture. These access controls fit hand-in-hand with our micro-segmentation setup for protecting server clusters.
Zero Trust: Dedicated Servers vs Shared Cloud Systems
A shared cloud system is not suited to the Zero Trust model, because the data and computations for different customers are managed in a shared environment. This means that segmentation isn’t possible, so the potential threats from other customers on shared resources can’t be eliminated. The risks of using a shared cloud server have been well-documented elsewhere. The industry’s shift to Zero Trust Architecture only reinforces the importance of using dedicated server environments.
Compared to cloud environments, dedicated servers are better aligned with Zero Trust Architecture. LuxSci’s dynamic customer micro-segmentation isolates customers from each other, protecting your organization from these additional threats. A second layer of network firewalls only serves to reinforce the separation, making the defenses even more formidable.
Contact our team if you want to learn more about how dedicated servers and Zero Trust Architecture can help to protect your organization from advanced threats.
In many ways, the Internet is still like the Wild Wild West. Email messages sent to you or from you can and do “go missing” for no apparent reason. This can happen no matter what email provider you use. So, what happened to these “AWOL” messages? How can you diagnose and solve the problem? 
Can I block this one IP that is scanning our accounts? Can I restrict my account so that people can only access it from our office network, or require that they authenticate to WebMail first (using two-factor authentication)?
