Thoughts on the Spectre of Zero Trust
The threat model has changed. Data breaches have traditionally required execution of some manner of code on a system to access data and a network connection to exfiltrate the data off the system. This is no longer the case, as Spectre reduces the requirement for code execution to anywhere on a device as opposed to requiring specific system access. This means that any system of a given classification/sensitivity that is hosted on the same hardware as a system of higher sensitivity breaks the Bell-LaPadula requirement of no read up.
Zero Trust must now be implemented as device segmentation.
For private cloud environments, you need to ensure your systems are being allocated with other systems of similar sensitivity. The consequences for the public cloud are that sensitive data can’t be stored in these environments, as there’s no guarantee who you’re sharing bare metal with.
It will be interesting to see how this impacts FedRAMP over the coming year.