Why Least Functionality Must be a Core Tenet of Zero Trust Architectures

In the last year and a half, business models have shifted significantly as remote work and cloud migration have changed the security landscape. Identity and access management are perhaps the most crucial components of producing the cybersecurity policies and practices required to provide authorized users with a secure way to access their data, applications and systems. The White House has made a concerted effort to improve the nation’s cybersecurity with an executive order focused on the federal government’s advancement toward zero trust (ZT) architecture among other initiatives.

As the world continues to adapt to the changes brought about by the pandemic; the advent of 5G, the continued proliferation of devices, information density, and connectivity are all major technology developments that make the work of cybersecurity practitioners far more challenging. Traditionally, typical responses to offset these challenges include adding more layers of abstraction, sensors, algorithms (AI and ML) to monitor and detect threats, which leaves organizations inundated with the data. Many of these approaches rely on what we know and new ways to learn and sort through the data, but the key challenge has always been, and continues to be the “unknown unknowns” that present themselves on the zero day. The NIST Cybersecurity Framework (CSF) features five core functions: Identify, Protect, Detect, Respond, and Recover.

Now, it is time for more focus on a sixth function: prevention mechanisms to counter the risk of zero-day exploits. The concept of least functionality does this on a broader basis, as a key characteristic of this mitigation strategy’s approach to zero trust is preventing actions before they execute.

Defining Zero Trust

It’s time for IT leaders to evolve their approach to cybersecurity, away from the defense-in-depth mindset to the zero trust model. As the American Council for Technology-Industry Advisory Council defines it, zero trust provides a security strategy for users to access data and assumes a “never trust and always verify” stance to require continuous authorization, thereby increasing visibility and analytics across a network.

Simply stated, zero trust is an approach in which no user, device or application is implicitly trusted on the network, and whereby each network connection is a resource to be validated on acase-by-case basis. This continuous authentication and validation means users only obtain access to what they need to do their job, and nothing more – a concept known as “least privilege.”

As an example, in many traditional cybersecurity architectures, role-based access controls are widely accepted. This allows adversaries to take advantage of a larger domain of access once they are in a system as they can navigate within the architecture to escalate privilege and obtain additional credentials to exploit access control. With a zero trust mindset, access control is defined down to a specific individual and their specific request (based on least privilege) to the network at the time they are connecting. By narrowly defining identity and ensuring tasks are constrained to least privilege, a zero trust approach enables the continuous monitoring of access based on identity and authorization.

Expanding Least Privilege to Include Least Functionality

Least functionality is similar to the concept of least privilege, but with a focus on functionality (or constraining in a similar way what a device or application is allowed to do). Most architectures contain operating systems, applications, and processors that are designed for general purpose computing to promote interoperability and large market access. For least functionality, architectures would need to be intelligent enough to execute only the tasks or work flows necessary to perform a specific function or set of functions required that satisfy and reinforce the least privilege of a user, and nothing more. Many operating systems and applications have much more capability than is necessary, which is inherently a cybersecurity concern, so further restricting and containing what an OS or application or piece of hardware can provide the defender with an extra tool in the ZT toolbox to further reduce and microsegment the attack surface, making it much more difficult for an adversary to exploit such ZT solutions.

Organizations leveraging BedRock System’s trusted virtualization platform with Active Security™ can isolate, secure, and implement least functionality through Virtual Machines (VMs) that run on a formal method of proven trusted computing base. Leveraging a capabilities- based model, each VM operates with an independent and isolated Virtual Machine Manager (VMM) that implements policies to constrain the VM functionality. This fined-tuned control of VMs to constrain access to the exact resources necessary to execute tasks specifically defined in the system’s design is unique. Using this approach, organizations can establish both least privilege and least functionality policies that strip out all unnecessary functionality that an adversary can target and manipulate. Previously, organizations were forced to rewrite operating systems or redesign specific applications–both at great expense and business risk. Embracing this new approach would allow the implementation of least functionality for users running modern software and applications completely unmodified on top of BedRock’s trusted virtualization and integration framework.

Least functionality should become a basic core tenet of modern zero trust architectures, particularly as technology innovation advances. Contact us to learn more about BedRock System’s unbreakable foundation for secure computing and how we can help you and your organization to implement least functionality for an even more secure zero trust solution to best protect your data.

John Walsh, SVP Business Development and Strategy at BedRock Systems

Share This Post