Today’s security must rely on verification at every access point, not trust.
zero trust enables
Digital business is dissolving the traditional network perimeter, creating opportunities for business growth through the creation of new value chains and partnerships. Adopting a Zero Trust security strategy allows you to open your applications and data to anyone, anywhere with minimal friction and maximum connectivity. This helps today’s mobile users consume resources hosted in private datacenters and public clouds from corporate and personal devices. It also enhances security.
Security is improved where network perimeters shift and shrink to become resource perimeters (micro-perimeters or micro-segments), and where network-based trust is replaced by confidence from verifying the risk profile of users, devices, applications and data flows. The guiding principle behind Zero Trust is a methodology where this confidence is used to improve access decisions.
moving beyond the network perimeter
You’ve been here before. The current business environment is already pushing corporate resources outside of your existing network perimeter.
But to fully move beyond the perimeter, we need to answer a few basic questions:
1 - What security controls (e.g., NAC) are provided by your network perimeter?
2 - Which of those controls are necessary for which resources?
3 - What alternate technologies can apply these controls to individual resources?
Ultimately, intelligent authentication and authorization controls will become central tenets of your new security methodology. Why? Because an emphasis on multi-cloud deployment and SaaS adoption means the range of controls available for microsegmentation will always vary. This contrasts identity-based controls, which can and should be applied to all resources, enabling a more granular level of control for resources deployed anywhere.
the zero trust ecosystem
From network, device and application security to analytics, automation and orchestration, achieving Zero Trust security can incorporate numerous technologies to address a wide range of enterprise requirements. At Ping Identity, we work with diverse organizations to provide a complete solution for Zero Trust.
our formula for zero trust access
The Zero Trust ecosystem relies on verifying users, applications, devices and data flows. To make Zero Trust access possible, we provide critical controls for intelligent authentication and authorization.
Zero Trust requires all access to be authenticated to ensure security. An authentication authority continuously validates and provides user identity, device and context data across a broad range of SaaS, on-prem and cloud resources via open standards and proprietary adaptors.
A shift from network-based trust to confidence means enabling increased granularity for access control decisions. Resource-level authorization enables you to dynamically restrict web application URL paths or HTTP methods used with APIs based on user identity, device and context data provided by an authentication authority.
To govern access to user data, the perimeter needs to combine user identity, device and context data with fine-grained consent mechanisms. Today, consent is provided by proxy to apps and APIs to view and use data on behalf of a user. Zero Trust data security combines identity assurance with affirmation that the accessing party has permission to view or use the data in the first place.
Changes in user and device context should alter the confidence level established at session creation. Continuous and adaptive controls enable you to guide users through self remediation paths like reauthentication, reauthorization or step-up authentication following a meaningful change in risk from the user or their device. The UX friction in these actions should be minimized with biometrics and other user friendly authentication factors.
Rogue insiders and sophisticated bad actors project the right static and dynamic attributes to gain trust and access to resources. Despite meticulous web application and API security practices, attack vectors like end users and client-side applications are also targeted, resulting in stolen or compromised tokens. Behavioral security uses AI to enable continuous monitoring of key resources like APIs, providing better ways to establish confidence and secure your organization even if you can’t fully trust your own tokens.
the road to zero trust
Security methodologies provide guidance to navigate the evolving landscape of digital business opportunities—and risks. Zero Trust recognizes the opportunities and the obstacles that prevent organizations from achieving better security. To take first steps down the road to Zero Trust, organizations often have to get cross-functional support and buy-in from senior leadership. But to get that support, you first need a detailed plan of how Zero Trust security will be achieved. Identity and access management (IAM) solutions provide core capabilities on which the Zero Trust methodology is built, which is a great place to start your journey. To see the key areas you can focus to guide you on your Zero Trust journey, read our Five Steps to Zero Trust Access.
the modern security paradigm
The Zero Trust security methodology was invented at Forrester Research in 2010. It’s since taken on a life of its own. Broad support from vendors and industry analysts, as well as reference implementations such as Google’s BeyondCorp, have brought this next-generation approach forward as an aspirational security model. See how 451 Research recommends you can get started with this modern security paradigm.