This slide deck served as presentation material for the talk with the same name at the 2021 COSAC security architecture conference. It provides an architecture for applying zero trust networking on Amazon Web Services (AWS). We take a pragmatic approach to ensure that we link the theoretical components to implementation candidates. This relies on application of graph theory to establish traceability, which we can subsequently use to verify the logical integrity of the architecture. Our literature review indicates that the first imperative is to establish a reference model that describes zero-trust networking. The zero-trust reference model is subsequently mapped to relevant AWS services that realizes the components. This establishes traceability in terms of implementation requirements for each service. We see as part of this review that AWS is mature in its ability to support zero trust capabilities and that we can realize many aspects of zero trust using off-the-shelf AWS services. The correct configuration of these services however is crucial. The research is useful in providing solution architects with the logical components that can drive further stages in architecture development to support zero trust initiatives on AWS tenants.

1. Application of zero trust security
architecture on Amazon Web
Services
Frans Sauermann & Ernest Ketcha

2. Agenda
• Introduction
• Problem Statement
• Zero Trust Architecture
• Analysis
• Results
• Conclusion and Outlook

3. Introduction & Motivation
• Perimeter is Disappearing
• Enterprise users are no longer in office
• Work from home is the norm for organizations post COVID
• Cloud adoption is on the rise
• Moving data to Edge through Edge computing is becoming crucial
• Enterprises are now adopting a multi-cloud strategy to support their digital transformation
strategy
• On-premise data centers are also accessed by third parties
• Cloud Migration
• Workload migration to the cloud to reduce operational cost
• Requirement to ensure the same level of security pre and post migration should be
maintained

4. The Problem
• Two main drivers motivate for the application of zero trust security on Amazon web services:
Migration of traditional IT to cloud services; and the inversion of security architecture approaches
towards zero-trust security architecture and Continuous Adaptive Risk and Trust Assessment
(CARTA).
• An architecture in this space will assist Solution architects and developers to realize zero-trust on
customer AWS tenants.
• This paper discusses the Zero Trust reference model and indicates how it can be achieved using
AWS services.

5. Zero Trust Architecture
• Zero trust (ZT) provides a collection of concepts and ideas designed to minimize uncertainty in enforcing
accurate, least privilege per-request access decisions in information systems and services in the face of a
network viewed as compromised.
• Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and
encompasses component relationships, workflow planning, and access policies.
• A zero-trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in
place for an enterprise as a product of a zero-trust architecture plan.
Untrusted zone Contextual trust zone
Policy Decision/
Enforcement Point
Target Resource/
System/
Data/Application

6. Zero Trust Architecture – Principles
• All data sources and computing services are considered resources.
• All communication is secured regardless of network location.
• Access to individual enterprise resources is granted on a per-session basis.
• Access to resources is determined by dynamic policy—including the observable state of client identity,
application/service, and the requesting asset—and may include other behavioral and environmental
attributes.
• The enterprise monitors and measures the integrity and security posture of all owned and associated
assets.
• All resource authentication and authorization is dynamic and strictly enforced before access is allowed.
• The enterprise collects as much information as possible about the current state of assets, network
infrastructure and communications and uses it to improve its security posture.
Untrusted zone Contextual trust zone
Policy Decision/
Enforcement Point
Target Resource/
System/
Data/Application

7. Logical Components of a ZTA (NIST model)
Untrusted zone Contextual trust zone
Policy Enforcement
Point
Enterprise
Resources
Policy decision point
Policy Engine
Policy
Administrator
3rd parties
capabilities
Internal
capabilities and
policies
Control pane
Data pane
ZTA Variations:
• ZTA Using Enhanced Identity
Governance
• ZTA Using Micro-Segmentation
• ZTA Using Network Infrastructure and
Software Defined Perimeters
Zero Trust: Network View
• The entire enterprise private network is not considered an implicit trust zone.
• Devices on the network may not be owned or configurable by the enterprise.
• No resource is inherently trusted.
• Not all enterprise resources are on enterprise-owned infrastructure.
• Remote enterprise subjects and assets cannot fully trust their local network
connection.
• Assets and workflows moving between enterprise and non-enterprise infrastructure
should have a consistent security policy and posture.

8. Analysis – Business & Application Layers

9. Analysis – Application and Network Layers

10. Results and Findings
AWS Model
AWS GuardDuty
AWS IAM
AWS Inspector

11. Logical Overview

12. Conclusion and outlook
• NIST Zero Trust model outlines components to be considered for
alignment in a ZTA.
• ZTA model and principles need to be mapped to its realization.
• Services need to be aligned to match overall ZTA overlay
• AWS services can support the realization of ZTA.

13. The End
Thank You!