Virtual Application Delivery must start with a Zero Trust model

 

Brad Rowland, Partner and GM, Emergent Campus
December 11th, 2020

 

Long before Covid and the rush to remote work, employers and employees have been bending the boundaries of a traditional perimeter, keeping security pros in constant catchup mode. It is not new to see everyone from individual consultants to F100 workers checking email at the coffee shop, the airport, or from a client’s site. While smartphone adoption was one of the first technologies to break free of the boundaries of a secure office network, trends like BYOD (Bring Your Own Device), running business-critical SaaS applications in the public cloud, and massive access to metro co-working have helped to altogether erode the practical nature of perimeter security, leading computing giants like Microsoft to declare it obsolete

In fact, the transition from rigidly established IT system perimeters (de-perimeterisation) was highlighted as early as 2003, at a CISO (Chief Information Security Officers) group meeting hosted by Cisco, which later became the Jericho Forum. The group went on to define and publish such works as the Collaboration Oriented Architecture (COA) paper, COA Framework paper, and other cornerstone security research, culminating in 2011 with their publication of the Identity, Entitlement & Access Management Commandments.

Moats and Castles
Traditional perimeter security has developed around an ancient concept, seeing the organization as a castle, and surrounding it with a moat. Routers, Firewalls, and intrusion detection systems are analogs for tunnels, walls, lights, doors, and surveillance towers. In plain terms, Barracuda Networks defines a Network Perimeter as, “the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the Internet.” For many organizations, this approach has changed little, while the technology landscape has completely evolved. 

There are many design limitations with the Moat and Castle approach that prevent it from keeping pace with modern infrastructure. The main problem is that in the best-case scenario, it works the way it was designed to work. For instance, the VPN firewall model starts with the assumption that you can create a secure perimeter and trust that internal activities are safe. But just like the story of the Trojan Horse, once a bad actor has gotten inside the castle, they are free to attack and plunder the Crown Jewels. 

Applications themselves can create an open door for attackers, and nearly “80% of apps contain at least one critical or high vulnerability.” A Verizon Data Breach Investigation Report from 2020 cited phishing and the use of stolen credentials as the most common threat actions leading to a breach, and the average cost of a breach rising to nearly $4,000,000. Citing a report from Google, PC Magazine showed phishing attacks have increased an astounding 350 percent during the Covid-19 quarantine. Once an attacker compromises a system inside your network, exclusive reliance on perimeter security has failed and your company assets are largely exposed. Worse still, perimeter security offers little protection against one of the largest and growing sources of security breaches, employees.

“With the rapid adoption of virtualization technologies and the move to BYOD (bring your own device) the attack surface has become extensive and the majority of solutions available to security professionals just does not address the breadth of ways into your environment. Security has to be a core design principal for access solutions, not something that’s added in after the fact.“ – Eddie Satterly, DataNexus Co-Founder and CEO.

In the old kingdom of moats and castles there was a clear distinction between corporate and personal. Corporate devices, corporate email, corporate data, corporate network. In the modern era the lines are continually blurred between personal and corporate devices, data, and networks. With the design principal of any app, to any device, in any location, there is no longer a traditional perimeter, which is why Cameyo is designed with a Zero Trust framework rather than a traditional perimeter-based security approach.

Trust No One
Traditional network security breaks networks into zones, with each zone granted a distinct level of trust. When it comes to modern cyber-attacks, this approach fails. To be clear, perimeter solutions still play a large part of the overall security equation, but there is no longer a trusted zone or “safe place” on the network. Adding more features like application awareness to firewall products adds complexity and cost and doesn’t fix the problem. Instead, it must be assumed that every part of your network is potentially hostile, and every access request should be treated as if it occurred directly on the public internet.

Due to the continuous stream of technology innovations that by their nature invaded the perimeter, in 2009 Forrester alum John Kindervag coined the concept of Zero Trust, asserting that trust is a vulnerability; security must be designed with the strategy, “Never trust, always verify.”

According to the O’Reilly online library, a zero trust network is built upon five fundamental assertions:

  • The network is always assumed to be hostile.
  • External and internal threats exist on the network at all times.
  • Network locality is not sufficient for deciding trust in a network.
  • Every device, user, and network flow is authenticated and authorized.
  • Policies must be dynamic and calculated from as many sources of data as possible.

Zero Trust with Unmanaged Devices
While Cameyo can certainly be used in a traditional security model, it is important to note that it is designed to be highly secure even with unmanaged devices in untrusted public networks. Any app, to any device, in any location, assumes the need for Zero Trust as a starting point.

“Resilience in the new ‘no perimeter’ enterprise topography still requires adherence to basic rules that serve to secure the Confidentiality, Integrity and Availability of diverse endpoints and data that is stored and processed within the enterprise and in the cloud. Necessity, as always, will drive the creation of new means to address the challenges faced by modern enterprises that function beyond the boundaries of the classic perimeter topography. Resilience requires adaptation to function and thrive when new variables are introduced into the environment. Enterprises that know where their security gaps exist and that deploy technologies that mitigate threats and vulnerabilities posed by new environmental variables position themselves as more resilient and adaptive than those enterprises that do not take such measures. Survival is adaptation. Adaptation is survival.” – Juan Reyes, AT&T Senior Security Consultant. 

With that in mind, let’s review four key security elements built into the Cameyo solution:

Cameyo NoVPN
The Cameyo solution effectively provides a secure digital workspace environment without the need for VPN.  Organizations have traditionally used VPN technology for decades to allow remote workers to connect to corporate resources that are located in the on-premises corporate data center.  However, VPN has become a legacy technology that is less than desirable and even opens your organization up to security risks.

There are many challenges and concerns to consider with traditional VPN connections.  VPNs do not scale very well across a large client base and performance can quickly become an issue with many users aggregated to a VPN concentrator.  There are also management challenges to overcome with VPN such as client VPN software that must be installed, provisioned, configured and managed throughout the lifecycle of the solution.   Aside from the management and performance challenges with VPN, there are security risks involved as well.

When remote clients are connected via a VPN tunnel, the remote client device essentially becomes part of the corporate network, much the same way as if you simply plugged a network cable into a network switch in the corporate office.  With this behavior as part of VPN solutions, any unwanted or potentially malicious software loaded on the remote client is brought into the corporate network by way of the VPN connection.  This means there is the potential for extremely dangerous malicious code such as ransomware to have unfettered access to the corporate network by means of the VPN connection.

In addition to the risk of malicious software by way of VPN connectivity, VPN provides the possibility for easy data exfiltration from the corporate network.  When a remote user is connected via VPN, data can easily be copied from corporate network resources to the remote end user client or even a personal cloud environment.

With Cameyo’s NoVPN functionality there is no requirement for VPN connectivity for remote workers to access business-critical applications.  This provides many benefits, including: 

  • The client stays outside the corporate network with no direct connection
  • Connectivity to applications is made possible through a secure browser connection
  • SSL encryption protects communication between client and application
  • There are very simple requirements including a browser, and HTTPS egress traffic only
  • Unlike VPN, there is no end user client software that is required besides a browser 

Port Shield
During the initial surge in remote work, some cyber-security firms were tracking an astonishing 127% increase per day in publicly exposed RDPs, the protocol most used for virtual desktops. 

  • RDP port 3389 – Used for administrative tasks and installing applications on the Cameyo server
  • HTTPS 443 (configurable) – Used for end-user connectivity to published applications

Cameyo Port Shield provides additional security by automatically closing external access to the specified ports unless needed.  “When an end user or administrator connects to the Cameyo portal and is authenticated, Port Shield dynamically orchestrates firewall rules on the Cameyo server to allow the specific IP address for an end user or administrator who has been granted access. Once the end user or administrator logs out, the firewall exception, even for the once authenticated session IP, is removed.”

With this approach, no ports stay open for any period of time. This results in a solution that, by default, is hardened from brute force attacks or zero-day vulnerabilities that an attacker may attempt to capitalize on with systems that are exposed to the outside world using a persistent open port or range of ports.

Layered Revert
For organizations who have supported Terminal Servers and the newer Remote Desktop Services servers, the server essentially becomes a “glorified workstation” for your end users who use it to login and launch applications.  With this approach IT must manage not only the applications, but also the user profile and session data, which can be problematic for IT support.  It can also introduce the possibility for security issues since the user profile data generally persists after logoff and can often be a hiding place for unwanted or outright malicious software.

To solve for this, Cameyo developed its Layered Revert technology. With Layered Revert, Cameyo employs a volatile layer on which users work that is not attached to any specific user profile.  Session data is redirected to on-premises or cloud storage through a patent-pending I/O virtualization technology.  While the volatile layer with other changes are discarded, application data does persist.  When a new session is started, an empty layer is provided for the user session to take place.

How the Layered Revert process works is very similar in concept to reverting a VM back to a particular snapshot point in time.  The changes that have happened since the snapshot was taken are discarded.  On the session’s end, the volatile layer employed by Cameyo is discarded while the important application data persists.  The entire workflow and underlying process is transparent to the end user working with published applications. 

Session Sync

Rounding out the Cameyo solution to provide a secure digital workspace to end users is a technology called Session Sync.  Cameyo’s Session Sync technology allows end users to have access to specific configuration settings and user files that will follow them between sessions.  Session Sync works in harmony with Layered Revert to ensure user data is persistent, while ensuring the session layer is pristine and secure upon each new connection.  With Cameyo’s Session Sync, user files and data are synced to Google Cloud Storage or Microsoft OneDrive.  This means that users are able to see and access data such as auto-saved files, stored data, and their settings.

Another great feature of Session Sync is that it provides the ability for organizations to turn off the downloading of files by end users.  This can protect against data exfiltration concerns for sensitive data as well as help to ensure regulatory compliance.

Conclusion

As your organization transitions to a more permanent remote work strategy or as you’re looking for a long-term digital workspace solution, make sure the solution you choose takes security seriously. As hackers increasingly target remote workers as an entry point into corporate networks, making sure security is built in at the foundation of your digital workspace is critical. Be wary of solutions that require multiple extra layers of “optional” third-party solutions for security, as each new layer adds complexity and can increase your attack surface. 

Cameyo was designed from day one with a Zero Trust security model at the foundation of the platform. With each layer of the platform, security has been given priority in the overall design and execution of the solution. With robust security features such as NoVPN, Port Shield, Layered Revert, and Session Sync, Cameyo helps ensure that your remote workers AND your corporate network & data are secure at all times. 

About Brad Rowland
Since beginning his career in the mid-90s managing a Citrix enterprise site with tens of thousands of users, Rowland has remained focused on desktop virtualization technologies. His experience stretches from managing the product lines at thin client vendor Wyse (Dell), to running global product and marketing at cloud application delivery specialist AppStream (Symantec), to serving as the chief marketing officer at FSLogix, acquired by Microsoft in late 2018 to play a strategic role in the launch of Windows Virtual Desktop. He currently leads Emergent Campus, an innovation catalyst and economic development project in rural Colorado. In July of 2020, Brad joined the advisory board for Cameyo, a Virtual Application Delivery solution in the Digital Workspace market.