Protecting Hybrid Environments with AWS Zero Trust Security and F5

While the idea of perimeter-less security goes back to the mid-1990s, the modern zero trust concept traces its roots to Forrester Research analyst John Kindervag in 2010. Despite sometimes sounding like a specific technology, the National Institute of Standards and Technology (NIST) defines zero trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”¹

There’s no single right way to implement zero trust, which is both good and bad. It offers the flexibility to be applied in a manner that works for your organization, but it can also require considerable planning and tools to cover your bases. While the specific details may vary, your zero trust architecture should consider several key principles:

1. Verify and authenticate all users, machines, and devices continuously.
2. Provide least privilege access—the minimum level needed to perform required tasks.
3. Use micro-segmentation for isolation and access control.
4. Collect, analyze, and correlate security events and data continuously.
5. Employ automation and orchestration for faster response and fewer errors.
6. Authorize each request using context for better accuracy.

To begin planning your zero trust strategy, first evaluate your workload portfolio. Identify areas to consider adding identity and security tools, as well as ways to monitor health, so you can start to align with a zero trust strategy.

For workloads in the cloud, AWS offers identity and networking services to provide the building blocks for zero trust. Identity-centric controls in AWS uniquely authenticate and authorize each and every signed API request and provide fine-grained access controls. Network-centric tools in AWS filter unnecessary noise out of the system, providing guardrails for identity-centric controls. Both types of controls work together for greater effectiveness. 

Service-to-service interactions within AWS also rely on zero trust principles to remain secure. Calls are authenticated and authorized by AWS Identity and Access Management. These same tools are also used to secure user access.

If you operate in a hybrid environment or multiple clouds, as most organizations do, you must extend your zero trust architecture to those environments. This is where things can get complicated. Many environments have their own proprietary tools, which require more time to manage and make it difficult to see the complete picture.

Zero trust security is required for containerized apps, too. In the most recent Gartner Hype Cycle for Zero Trust Networking,² Kubernetes networking was considered an early mainstream technology category that addresses the shortfalls of native Kubernetes capabilities. A zero trust Kubernetes networking solution provides security and scale for pod-to-pod communication, north-south traffic, and east-west traffic.

F5 solutions, including F5 Distributed Cloud Services, F5 BIG-IP Access Policy Manager, and F5 NGINX, fit natively into a zero trust architecture and strengthen security through least privilege access, explicit verification, continuous assessment, and risk-aware remediation for apps and containerized microservices. These solutions also operate anywhere your apps run: in the cloud, on-premises, or at the edge. Consistent security tools and policies across environments make it easier to employ an effective zero trust strategy.

Together, F5 and AWS offer the tools you need to simplify zero trust security in a hybrid environment. Safeguard your apps, APIs, and users everywhere with consistent policies, granular controls, and accurate authentication.

Learn more about how F5 and AWS come together to deliver zero trust security at f5.com/aws.