Maintaining a Zero-Trust Security Model
This whitepaper describes how Active Cypher implements a Zero Trust security model with Active Cypher File Fortress (ACFF). It is our intention with this document to provide sufficient understanding of ACFF so that you can imagine your own “journey” of implementation. We hope this explanation of the ACFF product and the Active Cypher (AC) Zero Trust security model will provide valuable information and clarification as you consider adoption of ACFF and the Zero Trust security model.
Protecting sensitive data and confidential files from improper or unintentional distribution or modification (including theft or sabotage) is a significant consideration. We advocate the mitigation of this risk via an architecture which integrates innovative, quantum-resilient file-level security with the established and technically mature Microsoft user-management infrastructure which is already in common use. Recent cloud computing advancements in Microsoft Azure have enabled the deployment of this model at scale.
For some time, the security perimeter protecting corporate data and files has been identified by a clearly defined company network, generally as a combination of on-premises infrastructure, extended by Virtual Private Network (VPN) connections. This allowed user authentication, and file and application access authorization, to remain within a known physical and logical territory.
Control over files just meant building a strong enough perimeter to keep the bad actors out, while letting the good actors keep working unimpeded and unaffected by those outside the walls. Over time, we have witnessed how poorly this method of building an ever more defensive primary perimeter plays out.
The mobile workforce and cloud applications have fundamentally redefined the security perimeter. As employees work remotely or bring their own devices with them to the company, data and files are commonly accessed through an increasingly porous network border, many times via web browser. Outside the company, files are frequently shared with external agents such as partners, consultants, and vendors.
All this convenience for the users has concomitantly led to greater difficulty for information security professionals who are charged with protecting the access to and integrity of data and files. The traditional security perimeter is failing to fulfill the demands of the new environment. That security problem is compounded by business data and applications which are moving from on-premises infrastructure, to cloud and hybrid environments. A new and different model and way of thinking is called for as the future rushes more quickly toward us. With quantum computing emulators accessible to the lay-person, the security of current AES-256 is nearly in the rearview mirror. Legal, finance, risk, and IT departments must all plan for the decades ahead, not the standards of today.
The Perimeter at the File Level
Today, most companies find themselves unable to retain suitable control over files to prevent them from being improperly emailed, uploaded, synced, stolen, or lost. The fortress you have been building has become expensive, complicated, and more power hungry than imagined just a few years ago. The unfortunate results have included bad actors sitting in network systems every day, exfiltrating files and wreaking havoc with data security. It’s time that we solve this problem offensively and proactively.
The experts propose various solutions. While many of them are valid, most suffer from one or more technical issues. These challenges include:
- The administration is unique to that product, and can be difficult;
- The protection is not laser-specific to the attack surface (including key exchange protection, automatic key expiration, and access to company files by only specific users at the level of the individual file);
- The protection is not under direct administrative control by the party that owns the files;
- File security is compromised when front-line IT personnel do not administrate the system effectively when teams disband, or when users leave the organization.
Without vigilance on the part of leadership, these and other issues can lead to a false sense of security, which is usually worse than having no solution at all.
By moving the security perimeter to the file itself, the reliance on network firewalls and VPNs for this consideration is reduced or even eliminated. The protection of those files is independent of the location of the file, even when it is outside the company network, such as on a laptop or USB drive or attached to an email.
Additionally, with this architecture, the protection of sensitive information can be rapidly validated at any time by manual or automated processes.
This is the essence of the file-level security perimeter, and the Zero Trust model.
What does Active Cypher Zero Trust Security Model mean?
Data is only useful to us when its life cycle includes authorized people accessing and working with it. But we must assume there is no network. There is no firewall. Your company’s files are all on the internet. Your files essentially need to protect themselves.
There needs to be a new way to view your computer systems and data. How can you build a fortress around every one of your firm’s files, when there are so many and they can be anywhere in the world?
Active Cypher believes your company’s files should be able to protect themselves against any threat, no matter where the file resides. By first obfuscating the contents of the file, then building a perimeter of defensive controls around each file, this defensive perimeter becomes part of the file. It travels with the file when stored in Cloud providers like Google Drive, OneDrive, Dropbox, Box, and on any laptop, smartphone, USB drive, or other device, anywhere.
The AC Zero Trust security model acknowledges that people will make unintentional, intentional, and sometimes even malicious errors. The AC Zero Trust model behaves as though each request originates from an uncontrolled network, and therefore verifies the user’s authentication and authorization. Unless secondary anomalies are identified during validation, such as the locale of the user, the verification happens transparently.
The Four Tenets of Active Cypher’s Cybersecurity Philosophy
- Networks are porous. Data must be protected at the file level.
- A holistic and integrated security model is pivotal. Vulnerabilities arise when security options are “bolted” on.
- Cybersecurity must be seamless, simple to administrate, and easy to verify.
- Zero Trust means to assume (default) that each interaction with a person or an endpoint is a potential risk.
The Active Cypher Zero Trust solution across the “digital estate”
A paper from Microsoft refers to the concept of a digital estate: “In an optimal Zero Trust implementation, your digital estate is connected and able to provide the signal needed to make informed access decisions using automated policy enforcement.”
Depending on your particular need, the Active Cypher File Fortress (ACFF) system creates the Zero Trust “digital estate” with Microsoft Azure and Azure Active Directory (AAD) at its center. ACFF can be deployed entirely in Microsoft Azure. ACFF can also be deployed in a hybrid configuration, integrating across your file server(s) and Domain Controller. In either implementation, Azure Active Directory (AAD), your on-premises Active Directory (AD), plus other resources in Microsoft Azure, all work together to deliver end-to end Zero Trust coverage.
Once the file’s defensive perimeter has been created, the variable whereabouts of the file is no longer a risk for your company. It would no longer matter which clouds, datacenters, or devices your files end up on. The defensive perimeter will keep the bad actors out.
Of course, you also need a trustworthy method of allowing or disallowing a person to interact with the deciphered contents of the file. The files protected by ACFF effectively take a Zero Trust position, relying on certified proof of authority from the Microsoft Azure Identity & Access Management Services to determine if the request to enter the perimeter of the file should be granted or denied.
Managing a user’s access to sensitive files and data is just as important as managing their access to enterprise applications, yet these two tasks are traditionally separated and handled by different processes. ACFF recognizes that, just as a user’s identity information is the baseline for accessing enterprise applications, that same identity information can be used to extend access control to the file level to ensure that sensitive data is protected.
While the protected files themselves have no direct ability to authenticate or authorize access to their contents, with ACFF present, you gain the functionality necessary to perform the authorization check on behalf of the file. ACFF checks Microsoft Azure Active Directory policies for specific security and access control information before granting the user access beyond the file perimeter. Only then are the file contents automatically deciphered and displayed to the user.
ACFF creates an identity-centric file encryption solution that prevents unauthorized access to files no matter where they are stored or taken, ensuring that only users with the proper access privileges can open and view sensitive data. The ACFF solution thereby renders leaked, stolen, or misplaced files useless to the wrong persons. This is essential for the enterprise, as users continue to store sensitive corporate files in many different locations, such as their personal devices, OneDrive, Dropbox, or Google Drive to name a few. ACFF protects a company’s most important digital assets by ensuring that critical files are not accidentally or purposely compromised.
The integration between ACFF and the Windows Server operating system centers on the Active Directory Security Groups & Users organizational structure, which is already the accepted standard for protecting corporate assets stored in the file system.
Working in tandem with Active Directory’s access control and auditing features, ACFF operates seamlessly and transparently to both the IT Director and end users. ACFF requires no additional management or programs, nor the knowledge and exchange of keys, certificates, passwords, or secrets. Those limitations imposed by other solutions have always been a roadblock to acceptance by both IT departments and end users alike.
From an end user’s perspective, ACFF is even more transparent and easier to use than it is for the IT Department. The person continues using the corporate assets as they do today, with no additional requirement or burden on them in the encryption and decryption process. When a user attempts to access a protected file, ACFF confirms their identity, membership, and access status via Active Directory Security Groups, and then either allows or denies their ability to access the encrypted corporate files, all without the user’s awareness or effort.
The Implementation of Active Cypher File Fortress (ACFF)
Secure Private Cloud – ACFF creates a secure private cloud for the client. All the resources are located in the client’s Azure tenant. As a result of the secure private cloud, no 3rd party (including Active Cypher) has access to your data.
Key Management – As part of ACFF, we created a multi-layered implementation of AES-256 that is tied to a multi-factored authorization which is based on device, user identity, and thousands of bits of intelligence gathered in Azure Log Analytics and Microsoft Graph Security data. Together, the ACFF API and user validation challenges result in a state-of-the-art secrets information exchange process. This ensures that keys cannot be stolen or compromised and data cannot be accessed by any unauthorized persons or systems.
Microsoft Active Directory – ACFF is deeply integrated with your Active Directory – Security Groups & Users organizational structure which already protects your corporate assets stored in the file system. ACFF allows IT to govern that protection directly and unambiguously through Active Directory Security Groups. Working in tandem with Active Directory’s access control and auditing features, ACFF encrypts files individually as they are stored in the various protected Shared Folders which are shared out to users. The ACFF rules engine connects via an API to assess risk threats whenever a file decryption request is presented.
Compliance and Governance – ACFF creates a Secure Private Cloud inside the Azure ecosystem utilizing the governance and compliance certification and verification of Azure Security Center, Azure Sentinel, and the Azure Security Graph API. Compliance standards and certifications for vertical industries such as legal, finance and healthcare, but also for standards such as:
- NIST 800-173
- Set of computer security policies, procedures and guidelines created by the National Institute of Standards and Technology (NIST). The publications cover all NIST-recommended procedures and criteria for assessing and documenting threats and vulnerabilities and for implementing security measures to minimize the risk of adverse events.
- ISO 27001
- First published in 2013 as part of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27000 family of standards.
- Azure CIS 1.1.0
- Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices.
Coexistence with Windows Virtual Desktop – The design and integration of ACFF with Microsoft Azure enables the software to deliver a file protection solution within the Windows Virtual Desktop (WVD) environment.
WVD is changing the way virtual desktops are provided by delivering multi-session Windows 10 directly from Azure. Additionally, WVD enables IT to provide Windows 7 virtual desktop for users as well as the option to bring existing Remote Desktop Services and Windows Server desktops and applications, all managed from a unified experience on Azure.
When used with Windows Virtual Desktop, ACFF provides additional capabilities to enable accessibility and mobility of user data while preventing inadvertent data loss. With AC, existing group security policies and permissions in Azure Information Protection (AIP) can be leveraged to encrypt user files while using Windows Virtual Desktop. ACFF works inside of AIP to encrypt the files within established security groups in Active Directory.
Integration with Microsoft Teams – ACFF surfaces only the files and folders to which that user has AD Security Group access permission. By segmenting the view so each user sees only what is appropriate for their Security Group membership, ACFF maintains the confidentiality of file names. This principle is extended further by enforcing Read-Only or Read\Write permission for each protected file which is surfaced.
Installation & Deployment
All too often, encryption as a solution is avoided due to complex installation, deployment and administration. Our goal was to create an encryption solution so easy to deploy that files can be encrypted in minutes. Our solution is the easiest way to protect your data from ending up in the wrong hands.
- Microsoft Domain Server 2008 R2 or newer
- Windows 7 or newer client (Windows 10 preferred)
- A Microsoft Azure or Office 365 subscription
Active Cypher’s only requirement of IT is that they continue to perform their regular duties of managing Users, Groups, File Shares, and Permissions within Active Directory as they have always done. ACFF works silently in the background, shadowing and applying those administrative changes instantly limiting the decryption of files to only users that Active Directory has been configured to allow.
To the Cloud and the Zero Trust Security Model
At Active Cypher, we have integrated deeply with the Microsoft technology stack because Microsoft serves individuals, companies, enterprises, organizations, and governments of all sizes.
Referencing the paper mentioned earlier, Microsoft recognizes that a so-called “lift-and-shift” approach is not always proper or even necessary; however, they do endorse the timely implementation of Zero Trust security: ”The majority of companies will benefit greatly from utilizing hybrid infrastructure that helps you use your existing investments and begin to realize the value of Zero Trust initiatives more quickly.”
With Active Cypher File Fortress, the benefits of the Zero Trust security model are not an all-or-nothing proposition; it can begin to be realized immediately and in phases.
Like the sides of a cube, Microsoft recommends that a Zero Trust initiative should address six factors: Adaptive intelligence, Authentication, Automation, Data protection, Policy support, and Segmentation. You’ll find Active Cypher File Fortress to be critical in closing important capability and resources gaps in several of those:
- Authentication: ACFF relies on Active Directory to enforce strong multi-factor authentication.
- Automation: Event driven, rules-based, and AI enhance risk based automated alerting and remediation to reduce your mean time to respond (MTTR) to attacks.
- Data protection: File content obfuscation and a perimeter of defensive controls around each file. This defensive perimeter is part of the file, and it travels with the file while protecting sensitive data to eliminate exposure from malicious or accidental exfiltration.
- Segmentation: Move beyond simple, centralized network-based perimeter to comprehensive and distributed segmentation using Active Directory Security Groups to maintain software-defined micro-perimeters across digital estate.
 Microsoft Zero Trust Maturity Model – https://aka.ms/Zero-Trust-Vision
Department of Defense, The Road to Zero Trust (Security) – https://media.defense.gov/2019/Jul/09/2002155219/-1/-1/0/DIB_THE_ROAD_TO_ZERO_TRUST_(SECURITY)_07.08.2019.PDF
NIST, Zero Trust Architecture – https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft.pdf
NASA, Zero Trust Network Security – https://ntrs.nasa.gov/search.jsp?R=20190027544
Federal News Radio, Adopting a Zero Trust Cyber Model in Government – https://republicans-oversight.house.gov/op-ed/adopting-zero-trust-cyber-model-government/
The American Council for Technology (ACT), Zero Trust Cybersecurity Current Trends – https://www.actiac.org/system/files/ACT-IAC%20Zero%20Trust%20Project%20Report%2004182019.pdf
MIT Sloan Review, Why Businesses and Governments Need to Stop Securing Their Networks, https://sloanreview.mit.edu/article/why-businesses-and-governments-need-to-stop-trying-to-secure-their-networks/
Forrester, Future-proof Your Digital Business With Zero Trust Security, https://www.forrester.com/report/FutureProof+Your+Digital+Business+With+Zero+Trust+Security/-/E-RES137483
Cisco (Duo Security), Zero Trust-Going Beyond the Perimeter, https://duo.com/resources/ebooks/zero-trust-going-beyond-the-perimeter
451 Research, Beyond the Perimeter – From ‘Zero Trust’ to ‘Unified Access Control’, https://go.451research.com/TBI-Beyond-Perimeter-Zero-Trust-to-Unified-Access-Control.html
Gartner, Market Guide For Zero Trust Network Access, https://www.gartner.com/en/documents/3912802/market-guide-for-zero-trust-network-access