Authenticating the Authenticators: A Zero Trust Thought Experiment

Quis custodiet ipsos custodes?

This first-century Latin phrase translates as “Who watches the watchmen?”, and has made its way through classical philosophy and into popular culture. (Fellow Watchmen fans, I’m thinking of you). Fast-forwarding 2,000 years into our familiar domain of information security, this question remains relevant to our modern authentication best practices and Zero Trust.

To put this in perspective, let’s look at the recent (and unfortunately successful) attack at Microsoft. Now, I’m not here to pick on Microsoft–as a major identity provider and cloud platform, they are clearly under constant and sophisticated attack, and I give them a lot of credit for their transparency and responsiveness around this incident.

This attack is an example of a malicious actor compromising one of the foundational elements of security–the authentication system. In this case, the malicious actor obtained a signing key, and used that key to generate valid access tokens. Because the remainder of the system had cryptographic (i.e., mathematical) proof that the tokens were valid, the malicious actor was able to access private data.

This brings us to our thought experiment, and the relevance of taking a context-based approach. Centralizing identity management and authentication is recommended as best practices–see, for example, the CISA Zero Trust Maturity Model. There are many benefits of doing so, but it does increase the impact of an identity system compromise.

Think about your enterprise systems and the different types of identities–both human and non-person–which are authenticated and granted access. What would happen if all your credentials were stolen or compromised? What other types of controls, processes, monitoring and response systems would apply? What additional context does your security ecosystem rely on beyond credential-based authentication, or possession of a valid cryptographic token?

Zero Trust is centered on taking a contextual approach toward making access decisions, and today’s capable Zero Trust platforms and architectures support the use of MFA, and the creation of adaptive access policies. Such systems provide us with the backstops we need to authenticate our authenticators.

When an identity attempts to access a resource, even if it has valid credentials or a valid token, our Zero Trust system needs to look at all available contextual information to make a just-in-time access decision, and ideally include aspects across all Zero Trust pillars – Identity, Device, Network, Applications, and Data.

I posit that a well-rounded Zero Trust system will be resilient to a compromised authenticator, through effective and thoughtful use of contextual information, processes, monitoring, and other mechanisms. The good news is that current Zero Trust platforms are capable of this. Enterprise security teams can have confidence that they will be able to deploy and operate these systems, add security and business value quickly.

Not every enterprise is targeted with the same attack frequency or sophistication that Microsoft faces. But every enterprise is a target to some degree, and every enterprise should begin adopting Zero Trust in order to build up their resilience to a compromise of their security infrastructure.

Develop and demonstrate an in-depth understanding of Zero Trust with CSA’s Certificate of Competence in Zero Trust (CCZT). Learn more here.