Zero Trust for Legacy Apps: Load Balancer Layer Can Be a Solution
When most security and platform teams think about implementing zero trust, they tend to focus on the identity and access management layer and, in Kubernetes, on the service mesh. These are fine approaches, but they can cause challenges for constellations of legacy internal apps designed to run with zero exposure to outside connections. One solution to this problem is to leverage the load balancer as the primary implementation component for zero trust architectures covering legacy apps.
True Story: A Large Bank, Load Balancers and Legacy Code
This is a true story: A large bank has thousands of legacy web apps running on dedicated infrastructure. In the past, it could rely on a “hard perimeter defense” for protection with very brittle access control in front of the web app tier. That approach no longer works. Zero trust mandates that even internal applications maintain a stronger security posture. And for the legacy apps to remain useful, they must connect with newer apps and partner APIs. This means exposure to the public internet or broadly inside the data center via East-West traffic — something that these legacy apps were never designed for.
Still, facing government regulatory pressure to enhance security, the bank CIO decided to move all of its applications to zero trust, including the legacy apps. Unfortunately, implementing zero trust security models in environments laden with legacy applications and outdated infrastructure presents a multitude of challenges, including the lack of native support for modern authentication methods and protocols and difficulties in patching vulnerabilities and ensuring data encryption.
Additionally, the heterogeneous nature of such environments often leads to a fragmented security landscape, making it challenging to enforce uniform policies. Bringing in new pieces of infrastructure to apply zero trust would entail an extended period of configuration and tuning to get the system properly running on the myriad legacy applications. Updating all these apps to modern distributed security standards, some of which might be written in ancient languages like Cobol, would be extremely expensive and, in some cases, nearly impossible. The engineers who designed these apps may have left the company over a decade ago, if not longer.
Looking for a Common Zero Trust Layer
The bank’s security team looked for a common piece of existing infrastructure as the jumping-off point for zero trust, and they settled on the load balancer. This might seem counterintuitive because the load balancer is among the oldest infrastructure constructs in the stack. But load balancers are curiously well-positioned to be a Switzerland-like neutral mechanism for zero trust implementation on applications of any type, in any environment, located anywhere in the infrastructure.
Although it’s an older protocol based on XML, Security Assertion Markup Language (SAML) continues to be the most widely used open standard for exchanging authentication and authorization data between parties. More specifically, SAML is the critical link between identity providers that authenticate a user and service providers that rely on identity providers to provide useful information on user privilege and role.
Traditionally, SAML has been located in its own architectural component, separate from load balancing. At the same time, an entire industry has emerged around specialized zero trust implementation systems, both hardware and software, residing at different points in the infrastructure stack.
SAML was also compatible with legacy apps, most of which were constructed during the history of SAML and supported it. Because SAML is designed to work for older systems but has adapted well to newer systems and stood the test of time, it is a particularly strong choice as a linchpin for zero trust. To be effective, zero trust must be nearly system agnostic.
The potential benefits to such a setup are considerable. By moving SAML and the identity server into the load balancer, the bank was able to deploy zero trust in a way that is more scalable, more efficient and more agile than with most existing paradigms.
The Strengths of SAML at the Load Balancer Layer
There are a number of specific strengths inherent to deploying zero trust at the load balancer layer via SAML. Implementing zero trust at the load balancer layer allows organizations to enforce a unified access control mechanism for all applications. This ensures consistent security enforcement across diverse technological platforms, and extends to internal nodes policing East-West traffic or externally to cloud native service networking and partner APIs.
Certificate management and rotation is a considerable pain point for cloud native applications, let alone for hybrid constellations of applications that might range from a few months old to 30 years old. Load balancers natively manage TLS certificates, offering a centralized point for efficient certificate management that is relatively application agnostic. This centralization not only eases the administrative burden but also enhances security by ensuring timely certificate renewal and efficient handling of encryption/decryption processes.
By moving zero trust into an infrastructure point that is already integrated with all other parts of your infrastructure, this approach significantly reduces the complexity associated with modifying each application individually to align with zero trust principles. At high volumes, the encryption and other loads required for continuous authentication that is inherent to zero trust can cause serious latency.
Load balancers are designed to efficiently handle large volumes of traffic and can more easily be tuned to handle continuous authentication. In addition, using load balancers eliminates the need for additional and sometimes expensive security controls to enforce zero trust
Making Zero Trust Part of the Networking Stack
The journey toward a comprehensive zero trust architecture, especially for organizations with extensive legacy infrastructure, is not trivial. Because zero trust must be all things to all users and systems — ubiquitous, interoperable, reliable and fast — it makes sense to attach it to known parts of the infrastructure that already deal with these requirements.
A load balancer with inline SAML and certificate authority fits this bill. To boot, this approach minimizes disruption, leverages existing infrastructure and provides a solid foundation for enhancing organizational security posture. By focusing on this layer, organizations can ensure a strategic, efficient and effective transition to a zero trust model with minimal toil and maximum coverage using trusted components that teams have decades of experience operating.
The goal is to make zero trust fade into the background and just become part of the stack — and reduce the operational load for everyone while improving security even in the most diverse application environments. As a universally deployed piece of infrastructure familiar to both application developers and network and security operations teams, the load balancer can be used to fulfill these criteria with less disruption, toil and cost.
