Smart contracts, security-at-edge, and distributed ledger technology (DLT) are accelerating the implementation of Trust Architectures & Frameworks such as Zero Trust Architecture, which are becoming the security standard despite the implementation challenges.
As the pandemic continues to impact work models (in-office, WFH, and hybrid) and digital attacks continue to increase, the need to build better security ecosystems is vital and urgent.
Encora’s Innovation Leaders have selected 10 emerging technology trends for 2022 from a software engineering perspective. Among these trends are the technologies, tools, and frameworks expected to offer organizations enhanced cybersecurity.
We spoke with Axel Monroy, DevOps Cloud Engineer & Innovation Leader at Encora Mexico, about 1 of the 10 trends: the rise and benefits of Trust Architectures & Frameworks.
What are Trust Architectures and what is a Zero Trust Architecture?
Trust architecture is a security framework that focuses on trust and security. For example, when you try to design an application or an infrastructure, what you are trying to always do is think about security and authentication.
Zero Trust is a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organization's network architecture. It’s rooted in the principle of "never trust, always verify".
Zero Trust is a security framework requiring all users, whether inside or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted access to applications and data.
What factors have contributed to the acceleration of this trend?
There are three important reasons why this is becoming a trend. The first one, and I believe this will be the biggest reason in the years to come, is COVID-19. In the past, most companies didn’t have to work remotely. The second one is because of cryptocurrency. Cryptocurrency is creating new points of vulnerability and the need for everyone to adopt a zero-trust strategy to protect their data. And the third one is that most banks and government systems plan to modernize, and they need to implement trust.
Where do you see this trend in the next few years?
I believe it will become a minimum-security standard for some businesses and a must-have for most products.
How do Trust Architectures protect data from cyberattacks?
When you implement a trust architecture, most of the data that the cyber attacker collected will have expired and the attacker will not be able to exploit the information.
If there is an attack, you will be able to minimize the impact or even prevent it from happening again.
How does service oriented-development benefit from Trust Architectures?
With trust architectures and service-oriented development, you will be able to decouple responsibilities, capabilities, and security. For example, if you have a single application that does all the backend and frontend, you will need to provide access to all the resources and data, and there will be no way to manage the security between components of the applications.
In service-oriented development, you can provide just the right access to each service, implement changes to a single service, and not compromise the whole application. You will be able to scale the services, each service will be independent, and the communication between them will be protected.
Why are Trust Architectures important to use in cloud-based services?
In the past, we had data centers, and to access those data centers you had to get into a building of a company with an access card and then access the network. It was a long process which was also a form of protection. But now, with cloud-based services, you set up your cloud on the internet, which makes every service or any application a target for a cyberattack.
Where do Trust Frameworks fit in the development cycle?
There’s more than one way to implement trust frameworks in the development process to protect your devices and the internal application that you are using for development.
A good example of this is Google or Facebook. When you try to log in on a new device, they send you an authorization message saying that a new device just tried to log in. And you can’t log in if you don’t approve access on your phone or via email, first.
How do organizations benefit from Applied Trust Frameworks today?
If trust architectures are implemented and your data is protected, you are going to reduce the risk of data leaks.
Trust architectures tackle critical vulnerabilities in confidential and sensitive data, such as personal information, payment information, passwords, etc.
When we implement a trust architecture for our clients and they see, for the first time, that they suddenly have more than one user-password authorization or verification during access, they immediately recognize that the company and their products are more reliable than other companies who don’t have this kind of process in place.
The organizations that have implemented a trust architecture have better-protected employees, more security for their clients, more secure data, and reliable applications.
What are the challenges of adopting Trust Architectures?
Adopting a new process takes time and effort. This should be a unified experience and should not stop people from working. For example, imagine you create a new process to access the system of a bank. You enable the feature, and more than half of the organization is unable to work until they request the new, secret access code.
Will Smart Contracts influence the future of Trust Architectures?
Smart contracts are programs stored on a blockchain that facilitates, verifies, or enforces the negotiation or performance of a contract, after the pre-specified conditions have been met.
In Smart Contracts, there is no third party involved. The records are encrypted and the transactions or conditions are shared with multiple participants. That way, everyone has a copy of the contract and there is no way to modify or alter information therein because all parties can verify and corroborate the information.
Trust architectures can be applied on Smart Contracts because they follow the principle of “never trust, always verify”.
How will Security-at-edge impact Trust Architectures?
Each day we care more about security-at-edge because we keep adding newer edges and additional devices to the edges. That means implementing trust architectures will become even more important. When we add a new edge, it should be verified against the official one and be encrypted to be added to the system. It is important to recognize that it is not enough to build a secure application. Security has to be built into the underlying hardware chips, operating systems, communication protocols and any other abstraction layers as well.
How do you expect Distributed Ledger Technology (DLT) to influence the adoption of Trust Architectures?
With DLT, you can verify information with all the participants’ information instead of using a centralized database. You can corroborate the information across all the participants. In the near future, there will likely be more implementation of authorization and verification using DLT.
To implement Trust Architectures, how can an organization get started?
There are many ways to get started:
- Use HMTL5 and HTTPS
- Implement secure connections between services using HTTPS
- Enable 2FA for the employee’s services
- Apply network security, data security, application security, device security, infrastructure security, and identity security
- Try to simulate what would happen if someone wanted access to internal services
- Simulate a breach
- Use a tool like AWS Shield
- Monitor and add alerts based on the metrics
- Rotate passwords and certificates
How can Encora help clients through the evolution?
At Encora, we have experts with experience and deep knowledge in securing applications, infrastructure, and data. They have experience running Chaos Monkey (designed by Netflix) to test system stability by enforcing failures via the pseudo-random termination of instances and services. We also receive constant training in security, encryption, and good practices.
A special thanks to Axel Monroy, Innovation Leader at Encora Mexico, for the interview and expert point of view on the rising Trust Architecture trend.
To read more interviews, visit Encora’s 2022 Technology Trends.
“Digitization and rapid cloud adoption have resulted in a remote working style. This demands real-time security across all security domains. With a Zero Trust Architecture, you can put identity at the center of security and lower your reliance on traditional endpoint protection solutions.” -Axel Monroy
Strong authentication and validation of Zero Trust make it possible to ensure data privacy and in turn, build customer trust.” -Axel Monroy
Encora is a digital engineering services company specializing in next-generation software and digital product development. Fast-Growing Tech organizations trust Encora to lead the full Product Development Lifecycle because of our expertise in translating our clients’ strategic innovation roadmap into differentiated capabilities and accelerated bottom-line impacts.
Please let us know if you would ever like to have a conversation with a client partner and/or one of our Innovation Leaders about accelerating next-generation product engineering within your organization.