Zero-Trust Architecture For Coding And Data Science Processes

Why Zero-Trust Architecture Design Principles Are Needed

A zero-trust architecture implements security principles that protects data throughout the business operations of a global company. In many business scenarios around code development and Data Science activities, a nagging challenge for companies of any size -and often a significant cost for companies with outsourcing experience- is securing the business processes against data leaks.

The security challenge at stake here is mainly the control and protection of company IP assets such as source code and data throughout the process. This is ideally done via the implementation of an IT infrastructure that securely enables remote work locations, accommodates temporary workers cost-efficiently, and prevents data leaks during ephemeral collaborations, whether between companies or even during innovation tournaments.

The zero-trust approach prescribes design principles to create an infrastructure that focuses on resource protection by narrowing its scope in terms of access control (using micro-segmentation) and enabling continuous security assessment. In effect, the key benefit of a Zero-Trust approach is the ability for a company to implement granular and dynamic security policies acting on a set of entities such as users, resources and applications. The Virtual Workspace Infrastructure (VWI) implements the design principles of the Zero-Trust Architecture by focusing on resource protection (see Screenshot below).

How The VWI Implements Zero-Trust Architecture Principles

Basic elements of a Zero-Trust architecture's implementation can be explained simply. A thorough explanation is available in the NIST Special Publication 800–207 specification document. The VWI platform implements a Zero-Trust design principles by starting from the business needs, i.e. set-up up a global process for coding and Data Science.

Hence, users perform their activities with workspaces with access to resources such as code repositories, data buckets and external services. Any of these resources can be deployed on-premise or in the Cloud. Then, the platform lets process owners set up dynamic security policies. Security policies are based on attributes that are continuously assessed during operations. The platform implements security controls of ISO 27001 that are relevant to the business needs, i.e. the scope of applicability of the standard. For example, when importing a new code repository, the resource can be classified such that dynamic policies can be defined to enforce security access policies to it.

Screenshot: The selection of attributes for security policies when connecting an asset to the VWI platform (Workspaces Dashboard.)

User Experience and Interoperability of the Virtual Workspace Infrastructure

When considering a security solution, companies have to make sure that it does not hinder productivity. Beside offering a great deal of collaboration features, the VWI platform implements the Zero-Trust Architecture principles in the most transparent manner.

At first, a process based on Zero-Trust Architecture design principles requires more authentication and authorization activities than a classic IT infrastructure. This need is made transparent by enabling the use of Identity Providers such as Google Identify and Azure Active Directory, and the use of Single Sign-On. Open standards such as OAuth, OpenID Connect and SAML are used by the platform to enable the implementation of a mostly transparent authentication and authorization mechanism. In addition, the platform automates the management of cryptographic keys to help manage identities across connected tools, e.g. external services, code repositories, data bucket providers, etc. on behalf of users.

Interoperability issues are greatly mitigated because the VWI platform implementation is based on open standards. Needs for interoperability stemming from the business process to support can easily accomodated such that the VWI connects to additional services.