Phased Approach to Zero Trust Architecture
The traditional model of network-perimeter centered security is outdated and can leave your organization open to potential attackers. Picture today’s workforce where employees are on the go using multiple devices from various locations, all while needing instant access to the cloud. The modern working environment has created a new perimeter based on people, and when people are your perimeter, identity becomes the single point of control. The Zero Trust Security Model recognizes this by focusing on the security of identities.
Combining usability and access for employees, as well as consumers, without compromising on security is a difficult task. However, using the Zero Trust principles encompassed by the phrase “Never Trust. Always Verify.” and the stages outlined below will make the transition from network to identity perimeter security more digestible. The Zero Trust security model means trusting no one and verifying everyone, so that the right people have the right access to the right resources at the right time all while maintaining security with as little friction as possible.
The following is a 3 Stage Process that can help identify your organization's current security posture and explain how to progress towards a more mature, Zero Trust driven, security infrastructure.
Stage 0 – Fragmented Identity: Systems, services, applications, directories, and/or databases are disparate, with users having multiple, fragmented sets of potentially compromised credentials.
Stage 0 → Stage 1 Steps: Consolidate all identity data under one Identity & Access Management (IAM) system.
Stage 1 – Unified IAM: Single Sign-On (SSO) implemented for all user types (e.g. employees, contractors, customers, affiliates and partners), modern Multi-Factor Authentication (MFA) implemented to minimize credential targeted attacks, and centralized policies implemented across applications and servers.
Stage 1 → Stage 2 Steps: Implement contextual access based on rich user data, apply access policies that increase or decrease friction according to these signals, and implement automatic provisioning to and from applications for joiners, movers, and leavers.
Stage 2 – Contextual Access: User’s roles per application, device locations and network contexts are gathered and used to determine risk for applying access entitlements. Permissions are adjusted or removed when a user changes roles or leaves the organization.
Stage 2 → Stage 3 Steps: Implement an intelligent risk-based engine, with a risk tolerance based on gathered context and adaptive authentication, that is continuously updated and monitored.
Stage 3 – Adaptive Workforce: Continuous authentication throughout the user experience, not just at the front gates, via adaptive risk-based assessment. Users are re-prompted based on context changes that increase security, reducing friction for end users, producing high confidence in user identity results.
Many organizations may be in the early stages on the road to a mature Zero Trust Architecture (ZTA). Identity And Access Solutions can help at any step in the journey to implement, manage, and/or adjust your security posture.
Have question or comment? Feel free to post below or send to firstname.lastname@example.org.