Developing a Zero-Trust Model to Secure Cloud-Native Applications

The global pandemic that began two years ago accelerated a worldwide shift in how entire workforces operate. Organizations were forced to quickly adjust to new business models by migrating applications and services to the cloud to enable remote work. However, these same digital enhancements also expanded attack surfaces and created new opportunities for cyber-criminals to exploit. With organizations embracing remote work due to the COVID-19 pandemic, the need to secure data and systems has become more critical than ever before.

Organizations are also rapidly embracing cloud-native applications to modernize their business operations and improve delivery times. This approach to application development and deployment takes full advantage of the cloud computing environment, which uses technologies like microservices, containers, automated CI/CD pipelines, container orchestration, and cloud infrastructure to leverage the runtime and services provided by the cloud platform. A cloud-native development strategy leads to resilient, agile, and scalable solutions. Enterprises use container technologies, like Docker, to simplify the packaging and deployment of their cloud-native applications. Kubernetes is a popular container orchestration system for automating containerized application deployment, scaling, and management.

However, modern-day cloud services face security risks like data breaches, application vulnerabilities, account hijacking, and insufficient credential management. To protect against these threats, organizations must adopt a zero-trust model for their data and services and embrace the DevSecOps movement to integrate security practices throughout their software development lifecycle.

A zero-trust security model can improve an organization’s overall security position, especially when dealing with mobile workforces or hybrid workspace environments. The basic principle of a zero-trust security model is to avoid blindly trusting every element within the corporate network. Organizations should always authenticate users, applications, and devices that try to access the network, whether internal or external to the organization.

Some of the key principles for building a zero-trust-based architecture are:

• Multi-factor authentication
• Identity and access management
• Data classification and encryption
• Least privileged access

Introducing the New CSP Authenticator +

Cloud-Native Application

CSP Authenticator+® provides multi-factor authentication for NonStop servers and supports various authentication methods. It can be used as a Safeguard SEEP or with Pathway and non-Pathway applications. Almost any application, including TACL, can now easily support multi-factor authentication.

The new CSP Authenticator + cloud-native application was developed using a modern cloud-based framework. This redesign focuses on providing security, flexibility, and scalability.

Multiple authentication methods such as RADIUS, Active Directory, RSA, and Open LDAP are supported. Additional authentication methods include Email, Text Message, and Google Authenticator.

New features:

• New cloud-based framework – A new cloud native application built using modern technologies
• Support for Kubernetes Helm deployments – easy to deploy in cloud environments using Kubernetes framework
• Support for High Availability environments – Create highly available Kubernetes clusters for resiliency
• No differentiation between Primary and Secondary authentication – users can choose any mix of available authentication methods, and even choose more than 2 authentication methods
• Application based authentication methods are now supported, and more authentication methods are being added. Authentication methods currently supported include RSA, LDAP, Active Directory, RADIUS, Google and Microsoft authenticator, OTP via Email, and OTP via SMS
• Set different authentication methods for different user groups and privileged groups
• Redesigned user-interface makes it more intuitive and user friendly
• Maintain a matrix of authentication profiles, policies (authentication methods), and users
• Support for various databases, including Amazon S3, Atlas Cloud service, MongoDB, etc.

Benefits:

• Protect valuable resources & data.
• Add layers of authentication for secure access to systems and critical applications.
• Address PCI compliance requirement 8.3 which requiring multi-factor authentication for all personnel with remote access, and non-console administrative access to the cardholder data environment.
• Integrate with centralized ID management systems to effectively manage users.

CSP Authenticator+ Key Features:

• Support for multiple authentication factors including RSA, RADIUS, Active Directory, and LDAP, Microsoft, Google, OTP
• Create various profiles and policies for different set of users, and applications
• Ability to use more than two authentication methods
• Provides standardized authentication across platforms
• Configure for all or only selected/privileged users
• Fully encrypted communications with cloud native application
• Supports various databases
• Support for new authentications methods
• Supports TACL, Pathway and Non-Pathway applications

CSP – Compliance at your Fingertips™

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

The CSP Team 

+1(905) 568 –8900