The Realpolitik of Zero Trust

ZERO TRUST: AN ARCHITECTURAL IDEAL
Zero Trust is an aspirational security architecture meant to redesign computer networks with the express goal of limiting the inherent trust between systems, applications, people and data owners, network segments and transactions. The concept is meant to address the failings of conventional perimeter security paradigms by redefining the trust posture, security controls and monitoring technology in such a way as to do away with border centric control. The goal is to distribute that control in a more pervasive fabric throughout the enterprise that minimizes single points of failure and maximizes resiliency and survivability in the face of cyber threats. In essence, Zero Trust is a natural evolution of the networking model due to society’s movement from a high trust (low surveillance scenario) to a lower trust (high surveillance) environment.

Zero Trust is an architectural ideal. Similar to how structures are designed to withstand earthquakes, Zero Trust provides a model for network resiliency in the face of the improbable. Where Earthquake Engineering (a best practice) provides guidance and standards for building in seismically active areas, architects and engineers must adhere to these ideal practices when building in tectonically active arenas. However, these seismic standards are realistically not held as a baseline for all of architecture and are chosen only when appropriate. Zero trust should be leveraged in the same capacity, as a scenario-based best practice.

Why is this an issue? Because network security often lacks the ability to provide a measurable ROI. Making Zero Trust re-architecting a dubious proposition in environments with low security risk, or where perimeter security capabilities are effectively inhibiting damaging incidents. Couple this with the pressure on network professionals to meet cloud macro transformation demands, while also micro-segmenting the remainder of the infrastructure. Network engineers are expected to expand purview outward and inward simultaneously. Imagine being asked to design a way to securely lose control outward, while at the same time gain further control over the wire, the transaction and trust. This conundrum points to a need for a pragmatic, systematic approach to determining what level of effort should be allocated to idealistic goals such as Zero Trust.

REALPOLITIK: RESPONSIBILITY AND CONVICTION
Realpolitik is a system of principles and methods based on practical rather than moral or ideological considerations. It is a political and tactical stratagem designed to penetrate the idealistic dependencies of social and political problems and to efficiently reach solutions. We strive to understand the most basic building blocks of specific security technologies, standards, initiatives, trends, etc. More importantly, we strive to comprehend the phenomenology behind certain market movements. We had to go backward in time to find practicable Realpolitik approaches to technical change, and to appropriately frame modern technical ideals that fall within contemporary information security.

In the late 1800s, Max Weber spearheaded the political philosophy behind Realpolitik by outlining two ethics: responsibility and conviction. The ethic of responsibility states that an action is given meaning only as a cause of an effect in the empirical world. The ethic of conviction suggests that an agent should be able to choose autonomously not only the means, but also the end of the challenge faced. Both ethics were imperative to Weber.

Accordingly, he said in order to find an optimal solution to technical challenges (and challenges in general) we must strive to force the two ethics together to form a solution portfolio. His combinatory ethic states that we should pursue a passionate conviction to the ideals that politics has to serve while pursuing a sober rational calculation of its achievability in the world sphere. This is the Realpolitik needed to drive Zero Trust from an oft unachievable aspiration, to a realistic achievable goal.

Realpolitik may be used to analyze aspirational technical challenges and idealistic design trends. A realistic dual ethic of analysis would help us make sense of Zero Trust while our defenses are simultaneously being exposed outward into cloud environments. In addition to Zero Trust; mixing solutions rooted in both realism and idealism would facilitate solutions to persistent comparable challenges such as CASB (while already owning effective egress proxies, certificate management, application aware Firewalls, and IDS/IPS), to DLP (where we already have MDR, UEBA, Firewalls, IDS/IPS, proxies and SSL-Strip capabilities).

REALPOLITIK AS A SOLUTION TO TRENDS
Is Zero Trust a trend or fad? Yes. And it’s an aspirational trend rooted in sound secure design principles. It is a collection of valid architectural security engineering principles and achieved by utilizing existing strengths, by focusing on program maturity, by emphasizing proper design and by automating and orchestrating where possible. Success cases in the security field almost always slow roll changes and perform risk-reducing actions incrementally. If we involve security teams and set realistic goals while seeking the best-fit balance against other sizeable security challenges (Cloud, Sec-Dev-Ops, CASB, DLP, UEBA/MDR, etc.) then we’re using a Realpolitik approach. Aside from using analytical ethics to produce pragmatic solutions to aspirational challenges, isn’t it self-evident that applying security strictures closer and closer to the endpoint, to the person, to the identity, is what we strive for in an ideal security design?

It is our challenge as security professionals to identify a number of these factors prevalent in today’s environment, and to make the best sense of them when we can. We must develop analytical frameworks equivalent to the political science of the past, which allowed thinkers, practitioners and workers to identify the differences between aspirational goals and realistic solutions. Not only to identify these differences between ideals and pragmatic reality, but to identify when security concepts become part of marketing buzzwords and promotion, particularly when they are unsolvable challenges. Armed with a method composed of responsibility and conviction ethics, the security industry may be able to see beyond marketing hype to view the substandard yet promising infrastructure behind the facade. And to construct a realistic solution set to these idealistic goals, thus executing decision making and growth using a Realpolitik of Information Security.

Erik's article was featured in the September 2020 Feats of Strength magazine. Read the magazine here.