Zero trust has become a key factor in the world of security. With virtually every organization being online, there are many risks they may face. This is why zero trust has become a golden rule. Its meaning in simple – don’t trust anyone!
Bahaa Abdul Hadi said, “When zero trust is used in architecture, it calls for a decision on whether to allow, deny, or revoke access to a resource. This is a critical decision to be taken and calls for a calibrated approach.”
Access to the network, access to applications, and access to inter-application assets need to be considered for zero trust.
Zero trust technologies
As per Mr. Bahaa Abdul Hadi, this is the best strategy if rightly executed.
Implementing zero trust poses many challenges for organizations. Thankfully, there are various technologies on offer that help in this. The use of these technologies help in managing network access control and advanced authentication. The problem though is that only network access control is addresses. Access to and within applications is not supported.
Dynamic authorization has emerged as a very powerful technology that makes zero trust possible. It is an advanced technique that allows dynamic access to application resources, data assets, any other applicable assets. The biggest benefit of dynamic authorization is its dynamic nature where access is granted at real-time at the time of access.
Dynamic authorization ensures zero trust through:
- Runtime authorization enforcement, and
- High levels of granularity.
Let’s understand how this works:
- A user attempts to access either a network, an application, or intra-application assets.
- Evaluation is then initiated where the following is examined:
- User level attributes are checked to find out their current roles, responsibilities, and authorizations. Most importantly, it is verified if they have access to confidential and personally identifiable information.
- Asset attributes like location assignment, classification of data, and metadata are checked.
- Location from where authentication is sought is checked.
- Whether single or two-factor authentication is being used is verified.
- Other attributes like date and time of authentication and risk level of system are verified.
- A policy engine carried out the authorization verification. It makes a decision on a real-time basis.
- Every time a user attempts to access anything, a real-time authorization is given. This dynamic authorization is driven based on the high levels of granularity.
Thanks to this technology, zero trust can now be used to help organizations reduce security risks. It is important that security administrators ensure all three levels of zero trust access control are managed. This can ensure a robust and secure system.
Thank you for your interest in Bahaa Abdul Hadi blogs. For more information, please visit www.bahaaabdulhadi.com