Once upon a time, network and endpoint security was a simple matter of us vs. them—and all you had to do is keep unauthorized stuff outside your perimeter from gaining access to devices or data inside your perimeter. It’s not like that anymore, though. BYOD, mobile devices, cloud service, virtual systems and changes in attack techniques combine to create a scenario where it’s virtually impossible to assure security with any degree of confidence. At this point, it’s almost better to assume you’re compromised, and work from there to minimize the potential impact—especially when it comes to DevOps security.
Consider the fact that threats such as Stuxnet and Duqu were found to have been circulating in the wild for years before they were discovered. According to one recent study, it takes organizations an average of 256 days to discover a malicious compromise—in large part because they’re functioning from the semi-delusional mindset that they’re effectively protecting against such attacks. When you believe that your network is secure, you have no reason to dig deeper and scrutinize activity on the network to detect and identify suspicious activity.
Mitchell Hashimoto, co-founder and CEO of HashiCorp, is an evangelist for the idea of a zero-trust data center. Borrowing a page from the Ronald Reagan national security policy, Hashimoto stresses a strategy of trust but verify. He believes in a security mentality in which all resources are assumed to be compromised—particularly in organizations that have embraced DevOps.
DevOps brings much greater flexibility and agility, but with the more rapid pace of development and deployment also comes increased volatility and potential uncertainty when it comes to maintaining accurate visibility of the assets and data in the environment, and the vulnerabilities you’re exposed to. With the unprecedented scale and automation of modern data centers, the zero-trust model keeps infrastructure secure while still enabling automation.
“As the scale of modern computing continues to increase, our security mindset must change. Automation and DevOps help manage this scale, but introduce more change. With change comes vulnerability,” cautions Hashimoto. “The best way to approach this problem is to assume a zero-trust model. With this mindset, all resources are assumed to be compromised and require specific permissions to connect to other resources in the environment. If the permission policy does not match, the resource gets denied.”
The idea behind this zero-trust approach is to greatly reduce the number of opportunities an attacker might have to gain access, and reduce the scope of potential damage in the event of a successful breach of your network. Applying this concept at scale—in a dynamic DevOps environment—can be more of a challenge. So much changes so quickly that you need to have automated tools capable of managing this process. Attempting to do this with any sort of manual system would be lunacy.
If you still think there is an inside and outside to your network, or that it’s possible to win in a battle of us vs. them, you’ve probably already lost. There is no such thing as impenetrable security, and there is simply too much volatility in any network environment—but especially in a dynamic DevOps environment. Trust but verify. Embrace the idea of a zero-trust data center to improve your security and minimize the potential for attackers to access and compromise your network.