zero trust

Today’s security must rely on verification at every access point, not trust.

the opportunity

zero trust enables

digital transformation

Digital business is dissolving the traditional network perimeter, creating opportunities for business growth through the creation of new value chains and partnerships. Adopting a Zero Trust security strategy allows you to open your applications and data to anyone, anywhere with minimal friction and maximum connectivity. This helps today’s mobile users consume resources hosted in private datacenters and  public clouds from corporate and personal devices. It also enhances security.

 

Security is improved where network perimeters shift and shrink to become resource perimeters (micro-perimeters or micro-segments), and where network-based trust is replaced by confidence from verifying the risk profile of users, devices, applications and data flows. The guiding principle behind Zero Trust is a methodology where this confidence is used to improve access decisions.

 

the challenge

moving beyond the network perimeter

You’ve been here before. The current business environment is already pushing corporate resources outside of your existing network perimeter.
But to fully move beyond the perimeter, we need to answer a few basic questions:

 

1 - What security controls (e.g., NAC) are provided by your network perimeter?

2 - Which of those controls are necessary for which resources?

3 - What alternate technologies can apply these controls to individual resources?

 

Ultimately, intelligent authentication and authorization controls will become central tenets of your new security methodology. Why? Because an emphasis on multi-cloud deployment and SaaS adoption means the range of controls available for microsegmentation will always vary. This contrasts identity-based controls, which can and should be applied to all resources, enabling a more granular level of control for resources deployed anywhere.

 

the solution

the zero trust ecosystem

From network, device and application security to analytics, automation and orchestration, achieving Zero Trust security can incorporate numerous technologies to address a wide range of enterprise requirements. At Ping Identity, we work with diverse organizations to provide a complete solution for Zero Trust.  

the solution

our formula for zero trust access

The Zero Trust ecosystem relies on verifying users, applications, devices and data flows. To make Zero Trust access possible, we provide critical controls for intelligent authentication and authorization.

  • Authentication Authority

     

    Zero Trust requires all access to be authenticated to ensure security. An authentication authority continuously validates and provides user identity, device and context data across a broad range of SaaS, on-prem and cloud resources via open standards and proprietary adaptors.

     

  • Granular Authorization

    A shift from network-based trust to confidence means enabling increased granularity for access control decisions. Resource-level authorization enables you to dynamically restrict web application URL paths or HTTP methods used with APIs based on user identity, device and context data provided by an authentication authority.

  • Data Access Governance

    To govern access to user data, the perimeter needs to combine user identity, device and context data with fine-grained consent mechanisms. Today, consent is provided by proxy to apps and APIs to view and use data on behalf of a user. Zero Trust data security combines identity assurance with affirmation that the accessing party has permission to view or use the data in the first place.

  • Continuous Adaptive Controls

    Changes in user and device context should alter the confidence level established at session creation. Continuous and adaptive controls enable you to guide users through self remediation paths like reauthentication, reauthorization or step-up authentication following a meaningful change in risk from the user or their device. The UX friction in these actions should be minimized with biometrics and other user friendly authentication factors.

  • Behavioral Security

    Rogue insiders and sophisticated bad actors project the right static and dynamic attributes to gain trust and access to resources. Despite meticulous web application and API security practices, attack vectors like end users and client-side applications are also targeted, resulting in stolen or compromised tokens. Behavioral security uses AI to enable continuous monitoring of key resources like APIs, providing better ways to establish confidence and secure your organization even if you can’t fully trust your own tokens.

the solution

always verify.

never trust.

Trust is binary. Confidence lives on a spectrum of risk. User attributes such as role, group membership, time and country of access are key risk factors. Device attributes are another. Whether devices are rooted or jailbroken, have outdated operating systems or are unmanaged, that should all feed into an assessment of confidence. In-session behavior that’s baselined against normal usage patterns must also play a role to adjust the level of confidence established at session creation, and it should be used to validate transactions. Logging these attributes in the name of Zero Trust has the added benefit of shortening SOC response times, ultimately minimizing the impact of a breach.

the solution

zero trust enforcement

In the Zero Trust security methodology, the principle of least privilege is enforced everywhere an access control decision is made. Zero Trust augments least privilege with the enforcement of even more precise access control based on real-time evaluation of risk. Applications, APIs, data stores and devices are each gateways to sensitive data, which means Zero Trust enforcement through a diverse set of micro-perimeters and access proxies is needed to secure your organization. We help you enforce Zero Trust with the support of an authentication authority, resource-level authorization, data access governance, behavioral security and continuous and adaptive security controls. This ensures that users, devices, applications and transactions are always authenticated and authorized, no matter which network hosts them.

the solution

the road to zero trust

Security methodologies provide guidance to navigate the evolving landscape of digital business opportunities—and risks. Zero Trust recognizes the opportunities and the obstacles that prevent organizations from achieving better security. To take first steps down the road to Zero Trust, organizations often have to get cross-functional support and buy-in from senior leadership. But to get that support, you first need a detailed plan of how Zero Trust security will be achieved. Identity and access management (IAM) solutions provide core capabilities on which the Zero Trust methodology is built, which is a great place to start your journey. To see the key areas you can focus to guide you on your Zero Trust journey, read our Five Steps to Zero Trust Access.

read the list
the proof

researchers recognize

the modern security paradigm

The Zero Trust security methodology was invented at Forrester Research in 2010. It’s since taken on a life of its own. Broad support from vendors and industry analysts, as well as reference implementations such as Google’s BeyondCorp, have brought this next-generation approach forward as an aspirational security model. See how 451 Research recommends you can get started with this modern security paradigm.

 

read the blog