" zero trust Archives - Page 2 of 2 - LuxSci

Posts Tagged ‘zero trust’

Zero Trust and Dedicated Servers

Tuesday, July 6th, 2021

We will continue on in our series on Zero Trust, this time discussing Zero Trust and dedicated servers. As a quick recap, the Biden Administration ordered all federal agencies to develop a plan to adopt Zero Trust Architecture. This is a security model that begins with the assumption that even an organization’s own network may be insecure.

It accepts that bad actors may be able to penetrate the network, therefore a network designed under the Zero Trust model is built to make security perimeters as small as possible. Zero Trust Architecture also involves constantly evaluating those who are inside the network for potential threats.

One of the core aspects of Zero Trust Architecture is the concept of trust zones. Once an entity is granted access to a trust zone, they also gain access to other items in the trust zone. The idea is to keep these trust zones as small as possible to minimize what an attacker would be able to access if there is a breach.

Dedicated servers are a critical component of trust zones and Zero Trust Architecture as a whole.

zero trust and dedicated servers

The Role of Dedicated Servers in Zero Trust Architecture

Dedicated servers are an important part of Zero Trust Architecture. LuxSci customers can host their services on their own dedicated servers or server clusters, instead of sharing a server with other clients who may introduce additional threats. This isolates an organization’s data and resources from other entities, creating a small trust zone.

LuxSci also uses micro-segmentation to protect each customer’s server cluster. Our solution is host-based, and the endpoints are protected by firewalls. Each customer’s server (or cluster of servers) is dynamically configured in a micro-segment using server-level firewalls. This means that each customer is separated from others, and there is no privileged access between customers.

As a dynamic host-based micro-segmentation solution, this setup adapts fluidly to software modifications, service alterations, customer changes, and new developments in the threat landscape (as detected by automated systems).

Our customers can also choose to place a static traditional network firewall in front of their assets. This acts as an additional line of defense. With this traditional firewall on top, both customer assets and the dynamic micro-segment are placed in a well-defined network segment with added ingress and egress rules.

Access Controls

LuxSci’s dynamic host-based micro-segmentation solution is complemented by our flexible and highly configurable access controls. These include:

  • Two-factor authentication
  • Time-based logins
  • IP-based access controls
  • APIs that can be restricted to the minimum needed functionality
  • Application-specific passwords

These configuration options allow your organization to tailor access to your systems on a more granular level, limiting unauthorized access while still making resources available where necessary.

Limiting access and verifying user identities are important aspects of Zero Trust Architecture. These access controls fit hand-in-hand with our micro-segmentation setup for protecting server clusters.

Zero Trust: Dedicated Servers vs Shared Cloud Systems

A shared cloud system is not suited to the Zero Trust model, because the data and computations for different customers are managed in a shared environment. This means that segmentation isn’t possible, so the potential threats from other customers on shared resources can’t be eliminated. The risks of using a shared cloud server have been well-documented elsewhere. The industry’s shift to Zero Trust Architecture only reinforces the importance of using dedicated server environments.

Compared to cloud environments, dedicated servers are better aligned with Zero Trust Architecture. LuxSci’s dynamic customer micro-segmentation isolates customers from each other, protecting your organization from these additional threats. A second layer of network firewalls only serves to reinforce the separation, making the defenses even more formidable.

Contact our team if you want to learn more about how dedicated servers and Zero Trust Architecture can help to protect your organization from advanced threats.

What Is Zero Trust Architecture?

Tuesday, June 22nd, 2021

In light of the increasingly sophisticated attacks against the US public and private sectors, the Biden Administration announced a push toward Zero Trust Architecture, amid other cybersecurity reforms.

The White House order was issued on May 12, and it included a host of measures aimed at improving the country’s resilience against cyberthreats. The announcement contained plans to remove barriers that block the sharing of threat information, as well as actions to modernize the Federal Government cybersecurity environment.

A key part of the order was a requirement for each agency head to develop a plan for Zero Trust Architecture implementation within 60 days of the announcement. This plan must incorporate the migration steps set out in the National Institute of Standards and Technology’s (NIST) guidelines. The White House order also stipulates that migrations to cloud technology “shall also adopt Zero Trust Architecture, as practicable.”

This announcement is likely to have major implications in the cybersecurity world. With the federal government moving to adopt Zero Trust Architecture, it’s likely that other industries will soon follow suit. It’s worth asking what this framework is and what it means in the context of your own security stance.

what is zero trust architecture

What Is Zero Trust Architecture?

Simply put, Zero Trust Architecture is a security model that assumes no place is safe from cyberthreats, even an organization’s own network. Let’s explain it by contrasting Zero Trust Architecture with other security models.

Under other designs, an organization’s network has a perimeter, and the entities inside it are considered secure. It’s much like the terminal at an airport. Once you have gone through the security checkpoint, you are presumed free from any weaponry that could endanger others or the facility. After going through the security, you can enter the food court, the gift shops, or the bathroom without having to verify your identity or go through a metal detector.

Under this type of security model, systems can communicate with each other within the network relatively freely. Users are deemed safe and given special privileges, because they are on the “secure” side of the firewall.

In contrast, Zero Trust Architecture accepts that bad actors may be inside the perimeter of the “secure” network. Recognizing this possibility, the Zero Trust security model involves making the secure perimeter as small as possible to minimize the potential for compromise. It also takes steps to continually evaluate actors that are inside the network for possible threats.

Overall, the goal of Zero Trust Architecture is to protect devices and data from malicious actors. It improves on other security models by enforcing more granular access controls, which helps limit the potential for unauthorized access.

Trust Zones

In Zero Trust Architecture, a trust zone is an area where those granted access are also granted access to other parts of the network. Returning to our airport analogy, everywhere beyond the security gates is a shared trust zone where you can move relatively freely.

When you go to board your plane, you must go through another security checkpoint into a smaller trust zone. The smaller a trust zone is, the less data and access to assets that it has. This helps to limit the potential damage that a bad actor can cause.

If a bad actor gained access to the terminal, they could harm everyone within the secure perimeter of the terminal. If the bad actor only had access to the plane, the potential harm would be much more limited (the analogy breaks down a little here, because someone with access to a plane would also have had access to the terminal, but you get the picture).

The Core Tenets of Zero Trust Architecture

In order to build a more secure environment while still offering usable services, Zero Trust Architecture focuses on:

  • Authorization: Only granting users access to the minimum level of data and services that are required to fulfill their role.
  • Authentication: Verifying the identity of authorized users through logins, keys, certificates, multi-factor authentication and other measures. This helps to protect from unauthorized access.
  • Limited trust zones: Making trust zones as small as possible to reduce potential impacts if compromised.
  • Availability: The above security measures are critical, but they need to be designed in a way that maintains availability. A service is useless if it is incredibly secure, but unavailable much of the time.
  • Minimized delays: The vetting processes are important, but authentication should be implemented in a way that doesn’t slow down access.

LuxSci and Zero Trust Alignment

LuxSci has long aligned its services with Zero Trust principles. Our Zero Trust-aligned features include:

  • Dedicated servers with virtualized sandboxing and dynamic per-customer micro-segmentation. We put each dedicated customer in its own trust zone.
  • Dynamic network and user access monitoring that can block suspected threats.
  • Granular access controls for users and systems that access customer data.
  • Encrypted email.

The Biden Administration’s push toward Zero Trust Architecture shows just how critical it is for protection in the current environment. Secure your organization by contacting us now to find out how it can get onboard with LuxSci’s Zero Trust-aligned services.

Are you Prepared for Disaster? Business Continuity Planning for Email Outages

Friday, February 9th, 2018

Unexpected email outages happen to every email user. It is not a big deal if it is just for a few minutes or some scheduled time at night. However, if it is in the middle of a workday and employees rely on email, it may be a big problem.

planning for email outages

What do you do if your email stays offline for five minutes, ten minutes, or an hour, and you don’t know when it is coming back?

Read the rest of this post »