As countries around the world work to overcome the COVID-19 pandemic and restart their economies, they all face the challenge of how to reopen their borders and allow travel and commerce to resume while protecting their populations’ health. As they contemplate relaxing border restrictions, quarantine and lock-downs, governments and industry need a more trustworthy model for validating individuals’ health status.
- An organization may combine VPNs and zero-trust capabilities if it pairs SDP and VPN technology together, as SDPs can use zero-trust models to strengthen SDP security by delineating a clear network perimeter and creating secure zones within the network with microsegmentation.
- A trusted network is the network that a company uses to conduct internal business. In many cases, the trusted network is by default defined in the organization as “secure.” The trusted network typically supports the backend systems, internal-only-based web pages, data processing, messaging, and, in some cases, internal instant messaging.
The Challenge
At present, COVID-19 test results are frequently presented on printed paper - or photos of the paper - from unknown labs, often written in languages foreign to those inspecting them. There is no standard format or certification system for lab results. Similarly, vaccination records are still generally shared on easily-forged paper cards.
Over a series of three blogs (of which this is the first), we will take a deeper dive into the aspects of the Networking pillar in the Microsoft Zero Trust security model. We will go through each of the dimensions listed (network segmentation, threat protection, and encryption) and show design patterns and helpful guidance on using Microsoft Azure services to achieve optimali.
The availability of trusted, verifiable health status information, including test results and vaccination records, can help governments implement more flexible, risk-based policies and develop a more reliable assessment of individuals’ health status as a part of a multi-layered risk management approach. Several countries have implemented digital platforms for travellers to submit their health information prior to departure. However, given the interconnectedness of global travel and the global economy, it is not practical for each country or jurisdiction to implement its own independent methods for verifying the health information of incoming travellers from every other country or region. Such an approach would impose an overwhelming burden of complexity on governments, industries and individuals alike.
Common Trust Network
To address this challenge, The Commons Project Foundation and the World Economic Forum have launched the Common Trust Network in collaboration with a broad voluntary network of public and private stakeholders to help ensure that only verifiable lab results and vaccination records from trusted sources are presented for the purposes of cross-border travel and commerce.
The Common Trust Network is designed to:
Drivers fedict. As a third party administrative service, DriverFacts delivers a fully automated system for your Human Resources and Safety departments that securely processes all past and current driver history reports for prospective employers carriers. We create an electronic record and archive of every transaction documenting who, what, and when, per DOT mandated compliance.
- Empower individuals with digital access to their health information so they can demonstrate their health status while protecting their data privacy.
- Provide governments a trustworthy model for verification and acceptance of foreign lab tests and vaccination records, whether digital or paper-based.
- Support airlines, airports, cruises, hotels, employers and venues to rely on a trusted health certificate without having to verify it themselves or hold any data.
- Enable a clearer understanding of health entry requirements for destinations for all stakeholders involved
The Common Trust Registry
The Common Trust Network is enabled by a global registry of trusted laboratory and vaccination data sources, standard formats for lab results and vaccination records, and standard tools to make those results and records digitally accessible. The Registry is operated on a not-for-profit basis as an open, shared service for the common good.
The Common Trust Network is also enabled by a common global registry for governments and other destinations to publish their health screening entry rules in a common format, making it easier for travellers and the travel industry to understand and comply with each destination’s requirements. The Registry is composed of:
● CommonTrust Data Sources. Participating health organizations, including labs and vaccination sites, agree to provide individuals with digital access to their health information using open, globally-interoperable standards (e.g. HL7 FHIR, W3C verifiable credentials). Data Sources agree to provide individuals with access to their information via one or more of the following:
- Apple Health (iOS) / CommonHealth (Android)
- Other digital wallet apps
- Paper printed with QR codes containing W3C verifiable credentials.
These Data Sources also agree to be listed as issuers on the CommonTrust Registry. Participating governments are invited to designate Data Sources in their jurisdictions as Approved Sources.
● CommonTrust Destination Rules. Participating countries, jurisdictions and other destinations (airlines, ships, public transport, hotels, venues, events, offices, schools..) agree to publish and maintain their health entry requirements using a standard machine-readable format in the CommonTrust Registry.
CommonTrust Network Principles
The Common Trust Network is vendor and technology agnostic and is guided by a commitment to the following core design principles:
Openness & Interoperability: based on international standards and open technologies and interoperable across countries and regions.
Transparency: operated in an open and transparent manner
Neutrality: operated as a common shared service for the benefit of all stakeholders
Sustainability: operated on a sustainable not-for-profit basis.
Privacy by Design: upholds and protects the privacy of individual health data and designed to comply with applicable data privacy regulations.
Flexibility: designed to adapt over time as the pandemic and science evolve.
Inclusivity: accessible and usable by all people and countries regardless of level of wealth and economic development.
The Forum supports the emerging ecosystem of solutions, providers, and travel/health passes all aiming to restore cross-border mobility. The two registries can be leveraged by any other stakeholders committed to openness, interoperability and global standards.
The traditional model of network security relies on the establishment of a secure boundary, or perimeter. This not only keeps unwanted “visitors” or attackers out but also assumes that those who remain within the boundary are only authorized users of the system. These authorized users may then be trusted only to access the network resources that have been allocated to them, and perform only those actions which have been prescribed or permitted by the network’s security policy.
When you consider what might be at stake within a corporate network (intellectual property, customer information, mission-critical software and processes, money), that’s a lot to simply rely for protection on the trust placed in your authorized users.
And in the multi-part corporate networks of today which themselves rely on chains of interconnected servers, wireless networks, and other third-party points of connection, it’s increasingly difficult to ensure that no network resources or information won’t leak out to unauthorized entities through these potentially vulnerable points.
Equally, the increased complexity of today’s network infrastructures allows greater opportunities for external agencies (including hackers and cyber-criminals) to find ways of gaining unauthorized access and finding a way in.
Barricading the fortress and assuming that nothing unwanted can get in or out simply isn’t enough.
The Zero Trust Principle
The age-old perimeter defense approach to network security adopts a “trust, but verify” attitude towards its authorized users. Various methods may be employed to authenticate members of a closed system and provide access control – but once they’ve passed the gatekeepers, authorized users are free to exercise whatever network rights and privileges have been assigned to them.
The “Zero Trust” principle assumes that there’s no such thing as a trusted insider (authorized user), and requires anyone wishing to gain access to a network – or to use any of the resources associated with it – to jump through hoops in order to establish their right to do so.
This requires separate access controls, authentication, and validation procedures to be implemented at various points within and around the network, safeguarding accounts, applications, processes, and other network elements.
“Trust no-one. Verify everything”, is more the philosophy here.
A Zero Trust Network in Practice
In the ecosystem of a Zero Trust network, users and data traffic are assumed to be operating in an open and unsecured environment, such as the public internet. Attempts to intercept, hack, or eavesdrop could be occurring at any point, so all network traffic is encrypted to reduce these risks.
Users are required to log in at every session (no cookies, or “Keep me logged in” option), and login procedures often involve multi-factor authentication (e.g., password, plus biometrics or PIN code sent to mobile phone). Network privileges and powers are assigned to authorized users on a restrictive basis, limiting them only to those rights and access strictly necessary for doing their jobs.
Network segmentation is a standard practice in Zero Trust, with systems sub-divided into as many unique and separate sections (representing business units, workflows, application sets, etc.) as deemed necessary. At all times, any attempts at accessing a sensitive division of the network from another area (by a person, application, or process) are treated as unauthorized or hostile – and screening is put in place to ensure that these attempts require proper validation, in order to succeed.
Encryption and the secure transmission of data across a Zero Trust network is typically achieved through software-defined wide area network (SD-WAN) techniques. Careful network design and virtualization technologies may be used to achieve network segmentation, and to create access control mechanisms which are based on trust.
An in-house or proprietary network security solution, dedicated security devices, and the services of a cloud access security broker (CASB) are some of the options available for discovering, inspecting, blocking, and handling attempts at network intrusion or attack.
Zero Trust Network – A Practical Example
In 2009, Google and a number of other large corporate entities were targeted in a highly sophisticated attack, dubbed Operation Aurora, which was alleged to have been sanctioned by the Chinese government.
While most of the companies responded by beefing up their perimeter defenses, Google developed a security architecture known as the BeyondCorp framework – a Zero Trust system which runs on the assumption that anyone inside the corporate firewall is just as suspicious as anyone outside, requesting access to the network.
Now a commercial offering, BeyondCorp has given birth to a new market which includes a growing number of off-the-shelf and bespoke (tailor-made) solutions for Zero Trust security.
Zero Trust Network Best Practices
Though it may seem a daunting task to switch gears into Zero Trust, for an organization that has been fully reliant on traditional firewalls and perimeter defenses, there are some recommendations which can make this transition much easier. These include the following:
- Identify the data you most need to protect: This requires a comprehensive inventory of all your data assets – what you have, where it resides, who’s using it, and how sensitive it may be.
- Map out how sensitive data moves across your network: This is essential in understanding how information flows between users, applications, and resources across the entire system.
- Design for Zero Trust, based on how data flows across the network, and how users and applications currently access sensitive information: This will assist in determining how the network should be segmented, and where protection and access controls should be positioned using virtual mechanisms and/or physical devices between the borders of different network segments.
- Create a body of rules for governing access between segments: This should be done on a “least privilege” or “need to know” basis, restricting access based on the job requirements or clearance levels of each user.
- Keep monitoring and reviewing: All network traffic should be logged and inspected, to check for suspicious activity – and to highlight areas of improvement. In addition, user rights should be regularly updated to reflect changes within the organization, the effects of regulatory compliance regime changes, and other relevant factors.