How Appian scales Zero Trust adoption through first-class platform services.
The term “Zero Trust” has become one of the most important concepts in the information security industry. An all-encompassing phrase for many modern security best practices, Zero Trust is a conceptual design philosophy focused on continuous authentication and authorization for each action a user takes within a session rather than verification that only occurs at the start of a session. Zero Trust is a paradigm shift that supports each user or technical component receiving a dynamic and precise set of permissions around what they need and nothing more.
Historically, network reachability was often sufficient for an application to authenticate a user or device because it was assumed the entity had previously successfully authenticated to some perimeter layer. This notion led to environments that relied on an authentication-protected perimeter surrounding critical information technology assets and no further authentication or authorization requirements inside that perimeter.
In concert with the “assume breach” concept, Zero Trust declares this inner trusted zone insufficient. It asserts that applications and users need to assume even internal networks may be hostile and authenticate and encrypt communications with other components they interact with. It’s time to move past an era of implicit trust, where authenticating to a VPN or workstation and performing no additional authentication or authorization checks is deemed acceptable.
How does Appian think about Zero Trust?
Appian’s platform Zero Trust implementation methodology is based on a synthesis of many industry sources. We’ve done this to ensure that the unique nuances of best practice authorities across our global customer base are incorporated. The most influential are:
- US NIST 800-207 - Zero Trust Architecture
- UK NCSC - Zero Trust Architecture Design Principles
- AU ACSC - Cloud Security Guidance
- Zero Trust Security by Garbis and Chapman
- Zero Trust Networks by Gilman and Barth
Appian’s Zero Trust strategy isn’t a static process. As industries globally race to adopt Zero Trust tenets, Appian recognizes that protection mechanisms will evolve as we adapt to new emerging threats and refine our strategy based on industry trends.
Additionally, the trust Appian customers place in us is earned. We have a responsibility to act as stewards of that trust. We’re approaching Zero Trust as a first-class tenet of a larger strategic investment in the foundational infrastructure of our unified process automation platform. The following sections describe how we’ve internally broken down key Zero Trust tenets into three pragmatic foundational segments that are easy for Appian engineers to leverage when building features.
Identity backbone.
A prerequisite for Zero Trust is the ability to accurately identify and authenticate humans and machines. Appian ensures humans have a digital identity through an identity provider and machines through a workload identity service. This foundational capability allows for centralized governance and security visibility. It facilitates things like authentication protocols and highly immutable audit trails that give us high confidence in our ability to know who did what and when. It’s also the foundation of progressive authentication patterns, like dynamic step-up authentication, that allow us to proactively prompt for authentication based on session behavior. Appian engineering teams need not implement their own identity or authentication solution because of the high bar set by foundational components like this one. This is one of a set of foundational building blocks we provide engineers at Appian to guarantee they will consistently use strong security practices. Foundational capabilities like these offer a great example of a mantra that we aspire toward: Build fewer things, better.
Continuous authentication.
Interactions in a Zero Trust environment should be continuously authenticated throughout the lifecycle of the interaction as opposed to only occasionally or once at initial setup or the beginning of a session. There are a lot of incremental improvements to be leveraged here that really add up over time. The two primary metrics Appian uses to track progression on this segment are the average length of time an authentication grant lives before expiration and the quality and quantity of the factors or mechanisms used to perform authentication.
Two-factor authentication is a common phrase today, but why not four- or six-factor? We’re aiming for a future where many authentication factors are available concurrently to dynamically leverage based on a risk evaluation of each requested action. Authenticating the user so much more often, perhaps on each request or action, means the concept of a user session erodes away and thus malicious hijacking of a session as well.
Hyper-least privilege.
Appian’s strong identity authentication capabilities allow us to spend more time improving our least privilege authorization capability. We achieve this by implementing a simple four-step cycle:
- Identify authorized actions in use.
- Identify the delta between actions in use and authorizations granted.
- Trim away the delta.
- Rebaseline and repeat.
Machine or service accounts have their expected communication patterns in version control, and so it is theoretically possible to achieve what we refer to as “perfect least privilege.” This means giving a machine or user access to exactly everything it needs for a given job function at a point in time and nothing else. Taking this further, it should also be possible to maintain this maturity level upon new code changes to system components. While this sort of “perfect least privilege” is difficult to achieve and maintain right now, we anticipate that the industry will continue to make it increasingly feasible and eventually commonplace.
On the human side, much of the same maturity vision applies, with some additional measures. Namely, we’re significantly lowering the volume of human activity the Appian environment requires. Processes like routine maintenance, troubleshooting, or security investigation should not require humans to log in to an environment, and so implementing automation workflows reduces the human-based attack surface.
A second benefit of reducing the amount of human activity in an environment is that when a machine does work, it’s easier to identify patterns in its actions and write rules to flag deviations from the established baseline. This results in a much more actionable, enhanced security and monitoring capability.
Get started with Zero Trust adoption today.
Breaking down Zero Trust principles into these three digestible segments enables Appian developers to build the principles into the features they develop. The industry has been told for years to adopt an “assume breach” mindset. Zero Trust codifies a set of design principles that aims not only to lower the probability of a security breach but to drastically lower the impact of a single defense layer failing.
For more information on Appian’s commitment to responsible stewardship of our customers’ data, please see our Trust Center. If you have specific questions or feedback related to this post, please contact us!
