Zero Trust
Building a Zero Trust environment
Adaptive Access Management is core to Zero Trust, with no-friction authentication that makes it valuable for enabling workforces and satisfying customers.
Methods for Managing Identity
There are multiple ways to manage identity. For example, in a multi-cloud environment, these mature solutions are the most common methods:
single sign-on and federation
legacy solutions
centrally managed identities
Organizations have an opportunity to implement and improve identity management through these newer methods, which have lower rates of use:
adaptive access management
privacy enabling data subject rights management
dynamic user recertification
Source: Cloud Security Alliance “Technology and Cloud Security Maturity” Report, 2022
What Does Zero Trust Mean?
Zero trust’s initial focus was to apply tighter controls for each network segment and resource endpoints. This is like putting a security guard at every door, hallway, and elevator—and even at each office entry. But despite zero trust’s network origins, it’s important to point out that today these same concepts have moved up the stack to the services and applications layer.
This approach means that IT can use zero trust methodologies to control responses to access of their protected resources directly. While it does provide far more flexibility than the network approach for cloud-based services, this granular level of control will likely create scenarios where static authentication policies degrade the user’s experience. Referring back to the security guard at every door metaphor, imagine having to authenticate before entering every room in the office building. Instead, zero trust security needs a dynamic authentication model that is far more flexible and less intrusive than today’s static implementations.
“Because of its control across each session, continuous authentication enables adaptive access management and helps to achieve zero trust security.”
Adaptive Access Management for Your Business
Usability is one of the key challenges of expanding user access with continuous authentication. Invariably, there will be policies or behavioral security events that will interrupt legitimate users. So, while a higher level of contextual intelligence is the lifeblood of adaptive access management, no-friction authentication is what makes it valuable. Reducing requests for strong authentication when a risk event is triggered will keep users productive and help eliminate undesirable workarounds.
Adaptive Access Management Is Core to Zero Trust
Organizations need new access management approaches in order to reach a zero trust level of security—one where the default security behavior assumes a hostile environment. This continuous authentication creates true adaptive access by:
- Extending monitoring and control throughout the session
- Detecting when the risk level has changed since the start of the session and then initiating an authentication request
- Tuning (reducing or increasing) the authorization level based on the identified risk and available identity verification
Today’s organizations need risk detection that goes beyond defined policies to include behavioral analytics. The only way to achieve metrics with the needed depth is to gather richer context metrics and apply machine learning to them. No-friction or low-friction authentication is essential to adaptive access. If user disruption isn’t minimized, then continuous authentication isn’t viable to the business. While the level of acceptable user disruption varies with each organization, the closer it is to zero, the more flexibility you will have to safely deliver access to sensitive information.