Posted By: Matt Bull
Following a successful IPO, Elanco IT is in a unique position to rebuild IT from ground up. As a technologist, this is a once in a lifetime opportunity, where the weight of legacy architecture and technical debt is lifted, presenting a clean start to build a modern IT ecosystem.
For more information and additional framing, please refer to the article: The Elanco Modern IT Ecosystem.
Within this article, I will highlight our proposed Device-as-a-Service (endpoint) architecture, describing our philosophy, key technology decisions, and positioning.
Within Elanco, we plan to implement a Zero Trust IT security model.
Zero Trust is a holistic approach to IT security, which goes beyond the traditional “trust but verify” and “moat/castle” strategies. Although these traditional strategies are still common within enterprise businesses, they primarily target environments where the business has end-to-end ownership, management, and control of all IT services.
In a modern IT ecosystem, it is very common for IT services to be dispersed (e.g., SaaS Services, Cloud Hosting. etc.) Therefore, the users, services, and data could be anywhere and everywhere, making the task of IT security increasingly complex.
The answer to this challenge is not to perpetuate the inadequate strategies (e.g., moat/castle), but instead look to implement a new strategy, where the network is always assumed to be hostile, meaning internal and external threats always exist.
Zero Trust implements new principles, techniques, and technologies to help localise and isolate threats. For example, the following principles provide the foundation for a Zero Trust architecture.
- Architecture and Asset Transparency: Situational Awareness is an important part of any strategy; therefore, it is critical to understand the end-to-end architecture and assets across the business, covering the users and their devices, through to the services and data they are accessing. Without this basic insight, it becomes very difficult to identify the risks and dependencies that allow for data-driven decisions. In the context of Zero Trust, focus on assets that interact with a network (specifically important within a microservice architecture), leveraging automated discovery tools to reduce the burden of ongoing maintenance.
- Prioritise Identity Access Management: In a Zero Trust architecture, identity becomes the new perimeter, it is important to have a single source of identity for all users, services, machines, and devices, ideally managed via a central control pane and complimented by Privileged Access Management (PAM). These identities must be continuously maintained, modified, and monitored throughout their access lifecycle, requiring a robust governance model, mature processes, and discipline (e.g., Joiners-Movers-Leavers, etc.)
- Authenticate Everything: Every network flow from a user, service, machine, or device must be authenticated, preferably leveraging a modern authentication protocol (e.g., SAML, Oauth2, OpenID Connect, etc.) User authentication must include Multi-Factor Authentication (MFA), alongside the use of Secure Cryptoprocessor technologies (e.g., HSM, TPM, etc.)
- Authorise Everything: The Principle of Least Privilege (PoLP) must be established, where all service and data access requests are only granted if required (need-to-know basis). Ideally, every request to access a service or data must be checked by a central policy engine, which should be dynamic and calculated from as many sources of data as possible, enabling conditional access.
- Log Everything: Given that users, services, machines, and devices are increasingly network connected, it is important that comprehensive logging and monitoring is maintained to provide visibility. The output can be used to help identify gaps and opportunities, as well as verify that all policies are being enforced appropriately. Any identified issue can be automatically flagged and remediated following an event-driven architecture.
- Hostile Network: Recognising that all networks are considered hostile, all users, services, machines, and devices must be secured at source and in transit. Network locality is not sufficient for defining trust, however, network segmentation concepts to create secure enclaves which limit network and application flows between workloads can form effective mitigation when looking to reduce the “blast radius” of a breach.
- Health Confidence: The health of services, machines and devices are important signals that should be used as part of the conditional access policies. Health should be established based on standard control policies, which stipulate the minimum required criteria for access (e.g., hardening controls, patching levels, etc.) NCSC or CIS standards/benchmarks can be utilised to provide a robust foundation.
- Automation: IT Security is a dynamically evolving and often volatile space, with new exploits and threat actors being identified regularly. It is unrealistic to rely upon reactive, manual interventions to protect an enterprise ecosystem. Investment in automation across the ecosystem can mitigate this challenge, promoting agility, whilst ensuring the consistent adoption of security controls that can be proactively and immediately applied based on specific criteria or events.
These principles are enabled through key technologies, such as Identity Access Management, Microcore, Segmentation, and Deep Visibility, which provide a structured approach to identify threats and limit the impact of any breach.
At the foundation, a Zero Trust architecture must be able to complete strict identity verification for every user and device trying to access a business resource, regardless of whether they are within or outside of the network perimeter.
Therefore, from an IT security perspective, Identity Access Management (IAM) becomes one of the most important and powerful technologies used to protect the business.
Architecture
Identity Access Management (IAM) aims to define and manage the roles and access privileges of users (e.g., employees, contractors, customers) and the circumstances in which they are granted (or denied) specific privileges.
The primary goal of Identity Access Management (IAM) is to create a single digital identity per user. Once that digital identity has been established, it must be maintained, modified, and monitored throughout the user’s access lifecycle.
The diagram below outlines our high-level Identity Access Management (IAM) provisioning flows.
Authentication Patterns
The diagram below outlines our approved/preferred authentication patterns.
As you can see from the diagram, the user will have a single digital identity, with application/service owners targeting modern authentication.
Our vision of the future is to enable a password-less ecosystem, where modern authentication patterns are used by all applications, services, and endpoints.
Additionally, our entire endpoint architecture (Laptops/Mobiles) will be password-less enabled by default, leveraging technologies such as Windows Hello and Apple Face ID/Touch ID.
Windows Hello is compatible with any service that supports Fast Identity Online (FIDO). Therefore, as Windows Hello matures, the use of password-less should organically increase.
Conclusion
In conclusion, we are in a fortunate position to be able to target a Zero Trust security model, enabled by our Identity Access Management (IAM) architecture.
This approach will help to ensure our ecosystem is protected, without limiting our ability to innovate and leverage cutting-edge technologies. Knowing that we will also enable password-less authentication for all users is an exciting prospect. Rarely can IT improve security and the user experience simultaneously!
In short, as the industry and our ecosystem mature, we will be in a strong position to fully embrace a password-less future across all applications, service, and endpoints.
