The Covid19 crisis and its corollary, the brutal confinement of companies, have led many CIOs to urgently deploy security solutions to allow employees to work from their own computer terminals at home.
Faced with the need to secure company data, IT managers have generally relied on virtual private networks or VPNs.
But in a world where telecommuting is becoming the norm and the IT environment is undergoing a revolution, the network protection security model and its Internet corollary, the VPN, the alpha and omega of the traditional enterprise data security model, are becoming the object of all evil. In conclusion, we outline some possible solutions according to the needs of the company.
What is a VPN?
Let's go back to the Wikipedia definition: " A virtual private network, abbreviated VPN, is a system for creating a direct link between remote computers that isolates their exchanges from the rest of the traffic taking place on public telecommunications networks. The term is used in particular in remote working, as well as in cloud computing. »
The VPN in the wrong way
First of all, it is necessary to clear up a first confusion when talking about VPN. One of its uses is to surf the Internet from an internal network with the IP address of someone else, a way to remove responsibility for the activities of its employees. Taking a subscription of this type with a VPN provider does not protect the internal data of the company which is even exposed to the Internet. With the exception of hotels, train stations, or public services, the use of a VPN is rarely professional.
The VPN: the drawbridge of a moated castle
On the contrary, an SME is looking to reconnect its employees accessing its protected internal network from the Internet, and wants to give them access to all the company's services as if they were on its premises. The analogy of a castle surrounded by a moat and accessed by a drawbridge is then obvious.
The traditional security model remains unchanged: those outside the protected network are the enemy and those inside are the trusted perimeter. The internal network is the fortress, the bastion and firewalls are the moat and the VPN is the drawbridge.
In summary, the "on-premises" VPN is a feature on the enterprise router that bridges the gap between an enterprise's private network, the LAN (Local Area Network)
and the outside world, the WAN (Wide Area Network)
. It allows access from the Internet to machines that are only present on the LAN.
The VPN perimeter security model is reaching its limits
The press regularly reports cases of companies whose important data has been breached because an employee or contractor was tricked by phishing; because a spy managed to tap into the company's internal network; or because a hacker managed to control sensitive data servers remotely.
With the rise of mobile devices and working outside the physical walls of the company through telecommuting, it is becoming impossible to have employees connect from a limited number of central VPN servers.
In such a centralized organization, the VPN, the only gateway to corporate data, becomes a bottleneck for the employee; because in this telecommuting situation where more and more autonomy is required, he is encouraged to use his own computing machines, even when traveling for his business needs. This situation of latency and very slow or unstable VPN connections generates a lot of frustration and complaints to IT departments. Users who can no longer tolerate these constraints inevitably set up their own workarounds: unsecured drawbridges over the moat to provide hidden access to the fortress. One of the least paradoxes is that excessive security becomes the main vector of the feared risk: the insecurity of sensitive company data.
Finally, the channel of online VPNs generally passing through the ears of States and their extraterritorial laws such as the American Cloud Act, expose companies to legal insecurity and potential regulatory problems.
The teleworking environment is undergoing a revolution
The physical distance changes permanently the organization of work
- Teleworking is becoming the norm; the open space and the office building are becoming the exception.
- The personal physical workstation ( " Bring Your Own Devices " or BYOD) becomes the default tool for accessing corporate IT, and the old business desktop joins the typewriter in the museum of tools of the past.
- Internet access is becoming the norm when intranets and private networks are becoming a mobility handicap.
- The Public Cloud and SaaS applications, "L ow Cost ", by their agility and scalability, are becoming the norm, provided that the security of the data exchanged is controlled, as situations of adaptation in mobility are less and less predictable. They allow you to adapt very quickly to changes. On Premise" or dedicated infrastructures will become the exception.
- The new secure collaboration ecosystem must do better for less while providing ergonomics and simplicity of use: security must not be paid for at the price of increased complexity of use, otherwise it will be immediately rejected by the average user.
This new organization of human relations via the Internet increases the scope of threats. Data security in this new ecosystem must be built on the principle of " Confidence Nil
" or " Zero Trust
" with a micro-perimeter protection approach. The RGPD further strengthens this requirement.
In addition, extraterritoriality laws threaten state sovereignty and create legal insecurity for executives. Sensitive exchanges must now be done with a paradigm of " Confidence Nil
"on potentially hostile networks and servers and on the public cloud.
Finally, we don't know who we will have to work with tomorrow. Exchanges of sensitive data must be structured like resistance networks during the war: we must banish all centralized data management and compartmentalize Groups of people and Organizations. At the extreme, the directory becomes invisible.
Zero Trust Security" or trusting only yourself
Since the VPN is no longer the Alpha and Omega of data security for SMBs, since the security model is no longer based on the perimeter protection of a fortified network, and since the threat is both inside and outside the network, and is present everywhere on the public cloud and at the outsourcers, what are the alternatives available to SMBs for sharing sensitive data from any terminal with Internet access?
The concept has a name: " Zero Confidence Security
" or " Zero-Trust Security
». It is now a matter of reducing as much as possible its exposure to trusted actors such as public cloud, administrators and networks while using their services for what they bring in terms of efficiency and economy.
The triple trust paradigm
First, and regardless of the choice of security architecture, it must be understood that data security requires a triple trust:
1) Trust in the security that guarantees that the person accessing a service is the person he/she claims to be. There are several answers to this problem well solved on the technical and functional
- Identity federation with a two-factor authentication mechanism meets this need; it must itself be based on a secure directory, generally coupled with a key management infrastructure adapted to the company's security needs. This type of service meets the needs of organizations wishing to centralize their IT and have full control over their data. It is not adapted to a "multi-organization" architecture where people are not supposed to know each other.
- The self-generation of keys on the work terminal coupled with a trusted enrolment mechanism responds to a much more fragmented organization of the "resistance network" type. It does not require a central directory. This is the concept of CCYOK or " Create and Control Your Own Key ".
2) Confidence in the security of the network and the transport that guarantees that a third party is not able to intercept the data flow. There are also several answers to this problem, the main ones being VPN, dedicated or proprietary network, and HTTPS:
- The VPN meets this need in part because, as we have seen, states have the ability to intercept.
- HTTPS is used universally on the Internet: it is the most efficient and least expensive way to secure a transport.
3) Confidence in the security of sharing guarantees that between several regularly authenticated people, exchanges will remain honest and confidential with respect to IT providers, administrators, hosts, clouds, networks and even foreign states.
Data security requires a delegation of trust
Security is the reduction of identified risks by relying on a trusted third party that is commensurate with the identified threat.
- If I don't trust my machine and its operating system, I will reduce my exchanges to a tight network without communication with the outside world;
- If I don't trust Amazon Web Services, Microsoft Azure or Google because of the CLOUD Act, I will organize myself on an infrastructure labeled SecNumCloud by the ANSSI;
- If I don't trust anyone but I am obliged for material or economic reasons to access my services from the Internet, I will have to encrypt all my exchanges point to point while remaining under the threat of a compromise of my machine by a "Zero Day" flaw
A first candidate solution: The dedicated or delegated "Zero Trust" physical network
Some service providers that are candidates for the status of trusted provider offer access to the company's internal infrastructure from any point in the world connected to the Internet, using their proprietary physical network that is independent of the Internet. The client company brings its internally hosted applications and its identity federation system.
The service provider provides its proprietary physical networks, its Internet access points and its application security system. This is undoubtedly a good "network zero-trust" solution for securely operating a legacy application infrastructure; it requires trusting a new player who may also be subject to the CLOUD Act. This solution does not provide a satisfactory response to our security problem.
A second solution: "Zero Trust" and "Zero Knowledge" software security by design
Zero Knowledge" is a basic building block used in cryptology for authentication and identification. By extension, PARSEC is "Zero Knowledge" because everything that comes out of the terminal is totally unusable for a third party.
PARSEC, Trust the cloud
PARSEC allows sharing and partitioning sensitive documents securely in private or public clouds. It is a set of open source software components, available as desktop software, for collaborative file management.
"PARSEC offers an original concept of a "Zero Trust" and "Zero Knowledge" software solution by design that only requires trusting one's terminal to the exclusion of any other trusted actor. »
How does it work?
Secure sharing is done by mount point or via a dedicated user interface. PARSEC secures sensitive data before it is stored on public clouds; ensuring:
- Access control,
- Authenticity and
- Management of concurrent transactions.
Documents are encrypted end-to-end using personal keys that are auto-generated by the user's terminal.
allows micro-peripheral control of data and multi-organizational data sharing even with organizations outside our trusted perimeter.
PARSEC is an Open Source high security component, under AGPL license, developed with the support of the French Ministry of the Army and in partnership with the research community.
Scilla is a company specialized in digital transformation of large accounts and in sharing sensitive data on the cloud.