In the previous article, we introduced the relationship between the concept of zero trust and identity management — identity management is a constant core requirement for the construction of zero trust security architecture. This article continues to discuss the challenges and architectural essentials of building a mature zero-trust identity management model in the domestic market.
First, identity management landing challenges
Due to the particularity of the technical basis, business form and market policy environment of domestic enterprises, the implementation of identity management system under the zero-trust framework faces many challenges:
1. Identity data connection
Dynamic identity control needs to be supported by rich identity data. Chinese enterprises have many pain points in the management of identity data, such as the inability to uniformly manage and analyze the identity data scattered in various systems, and the difficulty in getting through the identity data between application systems. Among them, the most complicated problem is data heterogeneity between systems.
A simple example, the enterprise WeChat and other identity in the docking of the source system, the personnel in the enterprise WeChat system information has a business field is called “enable/disable”, and identity in the source system there may be more a state: “induction”, “left”, etc., that how to put these information one-to-one correspondence, is the enterprise often encountered an identity data connection challenges.
2. Rights management
Pricewaterhousecoopers once mentioned the importance of personnel security in the “Global Information security Survey”, leaving and in-service employees, has become an important threat to information security. Application access rights are the first threshold to control application and data security. Incorrect permission allocation, unclosed accounts of outgoing employees, and lack of hierarchical and decentralized management of log audit may bring hidden risks to enterprise security.
Only by establishing reasonable rights allocation and management system, can enterprises effectively prevent information leakage and hacker attacks caused by “man-made disasters”.
3. Compliance audit
Compliance generally falls into three types:
1) Compliance with legal requirements, such as internal control standards of domestic enterprises;
2) Compliance in the commercial field, internal control guidelines in the domestic such as the financial industry;
3) Government compliance, such as the domestic network security law and hierarchical protection.
Therefore, how to meet the requirements of multi-dimensional compliance audit through visual and systematic data analysis and crisis control, such as authority control of outgoing employees and audit of zombie accounts, is also one of the challenges faced by domestic enterprises.
Second, the architecture design and implementation of zero-trust identity management system
The surface layer of a modern zero-trust model is still the user (and device), permission policy engine and enterprise application services, machine resources (IDC/IaaS). This layer is easily perceived by users and is most often discussed, especially the “permission policy engine”. In the new zero-trust environment, we often need to rebuild a high-performance and laterally scalable permission engine to handle more complex and fine-grained access policies.
There are many indispensable modules below the surface, such as enterprise unified Identity Management directory, key Management system KMS (or public key infrastructure), risk assessment, log audit and Security Information and Event Management (SIEM), etc. These are the keys that make borderless, zero-trust access possible. Take the IDaaS identity management system as an example. The relationship between modules is shown in the figure below. Next, we introduce the key modules.
Figure 1 Identity management system architecture
1. Enterprise Unified Identity Management directory
Generally have a certain scale of the business enterprise inside the already exist complex resource type and the corresponding permissions model, such as machine, all kinds of application services, role, there are a lot of application strategy, now we also need to care about many other dimensions (” where “, “what network environment”, “what access device”, etc.), it is no exaggeration to say, The overall enterprise management directory will be two to three orders of magnitude more complex.
We encountered a large enterprises in practice, after modification of directory, only application of access control list (ACL) around 4 million rules, the original catalogue system is unsustainable and handle such data level, using distributed database to design and build a unified directory as the sole way.
2. Key management system KMS
Almost all applications in the enterprise need to manage a variety of private information, from personal login passwords, to production environment keys and database login information, API authentication information, and so on. However, the traditional practice of keeping this secret information in a file has many disadvantages, such as security risks when sharing across teams, file formats are difficult to maintain, and private information is difficult to recover.
As a unified system or tool for enterprises to deal with all aspects of private information, the key management system greatly improves the security of these secret information in zero-trust mode. It should include but not limited to the following designs:
1. Provide stable and mature key management API, so that enterprise developers can easily add and create key information, and applications can obtain and use private information;
2. Support different strategies to update private information and timely recover private information;
3. Provide a basic PKI infrastructure to support 256-bit SSL encryption certificates for all application services in the enterprise. It is better to use mandatory HTTPS connections for all services.
4. Sensitive information in the service is only cached in the Security Barrier, not in any persistent SWAP. Even if hackers break into the file system of the server, they cannot obtain useful information.
3. Risk assessment
Risk assessment is often may be more services, such as artificial intelligence evaluation engine, threat assessment, engine, etc., this kind of service is based on the history and the current access to information, and even from the external data of the enterprise, take the initiative to find out the business enterprise inside potential attacks or loopholes, which marks the high risk population, such as DNS blacklist, real-time detection to have a higher risk of user behavior, Automatically or according to the Settings of user permission level, thereby reducing enterprise losses.
4. Log audit/SIEM system
An enterprise needs to deploy a log audit/SIEM system to permanently store the operation logs of all internal systems to audit the operations of each employee and device.
1. Prevent any sensitive data at run time from being recorded, strictly log specification, and add code review;
2. A unified log system can audit user behaviors in various systems and detect abnormal operations across systems.
3. Strictly restrict the access rights of internal employees and modify the access rights only when they are authorized.
** Everywhere network, everywhere identity. ** At a time when network boundaries are rapidly melting and Identity management is becoming more complex and tricky, enterprises can use the power of Identity as a Service (IDaaS) to build Identity management “backbone system” under zero trust security architecture. Click here to learn more.