{"id":39757,"date":"2022-02-16T17:11:03","date_gmt":"2022-02-16T17:11:03","guid":{"rendered":"https:\/\/www.vmengine.net\/2022\/02\/16\/never-trust-always-verify-zero-trust-on-aws-when-security-is-a-must\/"},"modified":"2025-05-23T17:32:53","modified_gmt":"2025-05-23T17:32:53","slug":"never-trust-always-verify-zero-trust-on-aws-when-security-is-a-must","status":"publish","type":"post","link":"http:\/\/temp_new.vmenginelab.com\/en\/2022\/02\/16\/never-trust-always-verify-zero-trust-on-aws-when-security-is-a-must\/","title":{"rendered":"“Never Trust, Always Verify”: Zero Trust on AWS, When Security Is a Must"},"content":{"rendered":"
\n
\n
\n
\n
\n

It is the contemporary era, the post-pandemic era, the one that has enticed companies to migrate more and more towards “Cloud oriented<\/strong>” business models to take advantage of all the advantages of scalability<\/strong>, efficiency<\/strong>, cost reduction<\/strong>and above all security<\/strong>. Suffice it to say that in 2020, external attacks on Cloud accounts increased by 630%.<\/strong> And theincreasing use of remote work expands the traditional attack perimeter and threat landscape<\/strong>.<\/p>\n<\/div><\/div>\n

\n
<\/div>\n
What are the strategic technologies of 2022? How Cloud Computing Drives Growth<\/a><\/div>\n<\/p><\/div>\n
\n

\t\t\t\t\"\"<\/span>\n\t\t\t<\/div>\n

\n
\n

Zero Trust Security <\/h2>\n

<\/h2>\n<\/div><\/div>\n
\n
\n

Securing the corporate network is no longer enough. An area must be delineated through the implementation of identity solutions<\/strong> to provide the right access to IT people and devices<\/strong>, optimizing controls based on the risk profiles of the entities accessing various resources. Zero Trust<\/strong> <\/a>is just that, a security model centered on the idea that data shouldn’t be accessed solely based on network location<\/strong>. It requires users and systems to prove their identity and trustworthiness, and enforces “fine-grained” identity-based authorization rules before allowing them to access applications, data, and other systems. In essence, the zero-trust model is based on the principle of “never trust, always verify<\/strong>“.<\/p>\n<\/div><\/div>\n

\n
\n

Traditional security models<\/strong>, in fact, aim to enclose an organization within a perimeter designed to block threats that come from the outside. This is a seemingly reasonable concept, except for the fact that all threats come from outside<\/strong> and that administrators must necessarily trust<\/strong> people and devices<\/strong> within the network. It is therefore based on the assumption that no user in the organization has been compromised previously and that they always act in good faith and in a reliable manner. Clearly today this is no longer the case since the perimeters of an organization have melted like snow in the sun from the use of smart working.<\/strong> And for the increasing number of personal devices, from smartphones to notebooks that are used for work.<\/p>\n<\/div><\/div>\n

\n
\n

In essence, zero-trust security<\/strong> has replaced the old assumptions that resources within the perimeter of the corporate network must be trusted, and considers trust as a vulnerability, since users of a “trusted” network could move within the network or cause the takeover of all data to which they legitimately had access.<\/p>\n<\/div><\/div>\n

\n
<\/div>\n
Cloud & Security, Manage Vulnerabilities Automatically with AWS<\/a><\/div>\n<\/p><\/div>\n
\n
\n

But what happens in AWS?<\/h2>\n

<\/h2>\n<\/div><\/div>\n
\n
\n

The mission at
\n Amazon Web Services<\/strong>
\n<\/a> is, as is now known, to innovate on behalf of customers so that they have less and less work to do when building, deploying, and rapidly iterating on secure systems. From a security perspective, customers are looking for answers to a question: What are the optimal models to ensure the right level of confidentiality<\/strong>, integrity<\/strong> and availability<\/strong> of systems and data, while increasing speed<\/strong> and agility<\/strong>? The most obvious example of Zero Trust on AWS<\/strong> is how millions of customers typically interact with AWS every day using the management console or securely calling AWS APIs over a diverse set of public and private networks.<\/p>\n<\/div><\/div>\n

\n
<\/div>\n
Learn more about Zero Trust<\/a><\/div>\n<\/p><\/div>\n
\n
\n

Whether they are called through the console, the AWS Command Line Interface (AWS CLI),<\/strong> or software written in AWS APIs<\/strong>, ultimately all of these interaction methods reach a set of web services with endpoints that are reachable from the internet<\/strong>. There is absolutely nothing about the security of the AWS API infrastructure<\/strong> that depends on the reachability of the network. Each of these signed API requests is authenticated and authorized each time at a rate of millions and millions of requests per second globally. Customers, therefore, do it safely; knowing that the cryptographic strength of the underlying Transport Layer Security (TLS)<\/strong> protocol, enhanced by the AWS Signature v4<\/strong> signing process, adequately protects these requests without any regard for the reliability of the underlying network<\/strong>. Interestingly, the use of cloud-based APIs is rarely mentioned in Zero Trust discussions. Perhaps this is because AWS has led the way with this approach to API protection<\/strong> from the beginning, so much so that it is now assumed to be a critical part of every cloud security story.<\/p>\n<\/div><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Zero trust replaced the old assumptions that resources within the corporate network perimeter must be trusted<\/p>\n","protected":false},"author":3,"featured_media":34613,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[97,3574,2297],"tags":[132,133,4394,1270,4206,4812],"class_list":["post-39757","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en","category-in-evidence","category-news-en","tag-amazon-web-services-en","tag-aws-en","tag-safety","tag-security-en","tag-security-in-the-aws-cloud","tag-zerotrust-en"],"aioseo_notices":[],"jetpack_featured_media_url":"http:\/\/temp_new.vmenginelab.com\/wp-content\/uploads\/2022\/02\/What_is_Zero_Trust-1.jpg","amp_enabled":true,"_links":{"self":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/39757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/comments?post=39757"}],"version-history":[{"count":1,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/39757\/revisions"}],"predecessor-version":[{"id":41694,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/39757\/revisions\/41694"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/media\/34613"}],"wp:attachment":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/media?parent=39757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/categories?post=39757"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/tags?post=39757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}