When it comes to security, practitioners have to keep a lot they need to keep top of mind. The Open Systems Interconnection (OSI) model provides the fundamentals needed to organize both technical issues and threats within a networking stack. Although information security is shifting to a cloud-first world, the OSI model still continues to prove its relevance. We’ll cover four key reasons why the OSI model still matters and how you can operationalize it in today’s world.
What is the OSI model?
It’s worth giving a brief overview of the OSI model before we go over why it’s still valuable today. The Open Systems Interconnection model is a conceptual seven layer model of computer networking. Today, the model is used as a theoretical conception designed to segment communications between networks, but when it was created in the early 1980s it was one of the candidates for a common vendor agnostic networking standard. The TCP/IP model eventually assumed this role, but the OSI model is no less important, as the layers of the model map neatly to the protocols used at various stages of networking today. This is why the model remains a fundamental framework for network engineers and infosec practitioners.
The 7 layers of the OSI model include:
Layer 7: ApplicationInvolves access to the network services that support applications directlyLayer 6: PresentationInvolves the translation of data between a networking service and an applicationLayer 5: SessionInvolves establishing a client host connection for a continuous exchange of dataLayer 4: TransportInvolves the transmission of data segments between points on a networkLayer 3: NetworkInvolves the managing of a multi-node networkLayer 2: Data linkInvolves the transmission of data between nodes connected by a physical layerLayer 1: PhysicalInvolves the transfer and reception of data across a physical medium
How the OSI model is still relevant today
1. The OSI allows you to identify threats across your entire tech stack
The OSI model has been used for decades to help IT experts understand networking and troubleshoot issues that may arise at any stage in the networking process. As such, it’s still valuable today for infosec practitioners looking to conduct an asset inventory. Using the various layers to categorize your physical assets, any data you might have within your organization's networks (and how it’s protected), and an inventory of what applications used by your employees have access to your organization’s data and resources. The model will also help you to address vulnerabilities and security incidents based on the layers they affect.
2. The OSI model will help you maintain a data-centric security posture
With the OSI model providing a framework for conducting an inventory of your organization’s assets, it’s also useful in helping you understand where the biggest data security risks lie within your organization. Knowing where the lion’s share of your organization’s data is stored, be that on prem or within cloud services, will go a long way in informing your information security policies. With this knowledge, you can invest in the right tools that give you data visibility within the appropriate OSI layers. For example, if you know that a lot of your sensitive data lives within SaaS services, an API driven data discovery tool like Nightfall (as opposed to an endpoint manager) would be needed to monitor and protect data at that layer. Having this data-centric perspective is essential for not only security but compliance as well, given that many data compliance regimes require you to demonstrate that your controls are sufficiently tailored to the environments where your data lives.
3. The OSI model is essential for developing a security-first mindset for cloud adoption
Given that the OSI model can be indispensable for conducting an inventory of your security resources and assets, it’s no surprise that keeping the OSI model in mind when migrating to the cloud can also be useful. This is because the OSI model will help you understand the specific types of data security risks that cloud adoption might bring for your organization. This allows you to be more strategic about the types of cloud systems you adopt.
4. The OSI model can be modified to aid you in securing your cloud infrastructure
A number of practitioners have created “updated” OSI models that capture operational layers within IaaS systems and cloud infrastructure (featured as images below). While there are different ways to apply the OSI system layers to cloud infrastructure, it’s clear that the model is conceptually versatile. With this in mind, it might make sense to take a look at your own cloud infrastructure and see if tailoring a modified OSI model for your environments is something that would benefit your security program.
Source Tom Geraghty. See: https://tomgeraghty.co.uk/index.php/osiforcloud/
Source: Cloud Security Essentials Pt. 2: The OSI Model and the Cloud