October 15, 2020
In a previous blog, I provided a general introduction to zero trust and explained why so many organizations are moving to this new security paradigm. As a follow-up, I’ll offer a deeper dive into some of the main components that make up a zero trust solution.
There are a number of zero trust methodologies on the market. But whether you choose Cisco, Microsoft or one of the others, they all employ three core components:
User Identity Verification — Verifying the identity of each user beyond just a username and password. For example, this may involve receiving a code via email or text that’s then entered in the system to gain access.
Endpoint Management — Otherwise known as mobile device management (MDM) or enterprise mobility management (EMM), this safeguard involves installing an application right on the endpoint—such as a mobile phone or work-issued laptop—that helps the system identify the device and ensure it’s managed.
Endpoint Security — This component is managed by the organization and involves installing additional safeguards on the endpoint. These could be as simple as anti-virus software and personal firewalls, or more advanced such as installing intrusion detection and behavior-blocking components that identify and block malicious behavior.
How It Works
When a user attempts to log into an application or technology environment, the zero trust network of solutions immediately initiates a series of complex decisions based on who, what, when, where and why. Depending on the answers to those questions and the data that the user is trying to access, the system will either grant access, ask for additional authentication or deny access. This entire decision tree process takes place in a matter of milliseconds, establishing a risk profile for the user.
For example, Azure ID uses a feature called conditional access that identifies the login and user name, and then determines where the user is coming from and if the user has come from that location before. It also determines what device the individual is using, if they’ve used that device before and if the device has been safeguarded with endpoint management and other security software. Another consideration may be the time of day and if it’s a typical time to be logging in. One of the most important questions the system asks is what data the user is trying to access. If it’s a low-risk application or data, the user may only need to meet one or two of the conditions. However, if the user is attempting to access “the crown jewels” of the organization, the system will require the user to meet the highest level of requirements, which is more likely to include multi-factor authentication.
Marco's Role In The Process
When we meet with clients, we assess their technology environment and create a security ecosystem that includes all three of the components listed above. The details and expansiveness of the design may vary depending on client needs and manufacturer methodologies, but these three core components are always included in the framework.
Marco also ensures that these components are integrated and talk to each other. Too often organizations focus only on choosing top-ranked products and they don’t give enough consideration to compatibility within the technology stack. The reality is, a product that ranks number one this year might not be number one next year. That’s why it’s more important to choose products in the top five ranking that work together.
The easier these components talk to each other, the more operationally efficient the zero trust system is and the more it reduces end user management. It also reduces provisioning times on set up and enrollment of a user. But, most important, deep integration makes the entire system more intelligent. The goal of zero trust is for security decisioning to be automatic. We want the system to make these decisions instantaneously. If a live person has to intervene and make security decisions, we’ve lost.
Marco provides our clients with a compatibility matrix that will help them choose the best mix of zero trust tools to work safer, smarter and more secure.
