WHAT IS ZERO TRUST?
Based on the philosophy of "never trust, always verify," Zero Trust is an approach to IT security that employs the concept of least privileged access – giving an entity only the necessary permissions required to fulfill their role or function. As well, adaptive risk-based authentication is central to realizing a Zero Trust framework by providing continual contextual awareness of user and device behavior.
What is a Zero Trust framework?
Zero Trust is a security framework for setting up authentication and authorization and for the continual validation of users, assets and devices. In a Zero Trust framework, a protect surface made up of critical data assets and applications needs to be identified. Securing this protected surface requires restrictive access controls and monitoring for continuous verification of users and devices.
What are the steps to deploying Zero Trust?
Zero Trust can be built upon your existing architecture and does not require you to rip and replace existing technologies. In general, the steps to deploying Zero Trust are:
- Identify the protect surface
- Map traffic flows
- Invest in the right identity and access management (IAM) technologies
- Monitor, maintain, improve
What are Zero Trust solutions?
There is no such thing as a “Zero Trust solution,” however, there are several identity and access management (IAM) capabilities that can support a Zero Trust framework. Capabilities that support a Zero Trust environment include:
- Multi-factor authentication (MFA)
- Contextual awareness
- Network security
- Identity orchestration
- Single sign-on
- Passwordless login
- Authorization and access controls
What is continuous authentication?
Continuous authentication is a means of granting access to users based on acceptable levels of risk. User and device risk profile is evaluated by checking contextual information like geolocation, velocity, user behavior, device reputation, and evasion detection among others prior to granting access. After this contextual analysis, the user can either be simply allowed or prompted to provide additional information via another authentication challenge, or if the risk is very high, they are blocked.
How does Entrust approach Zero Trust?
Entrust's Zero Trust philosophy is to design an ecosystem approach to security and ensure your users and their devices are verified securely and seamlessly whether they are within or beyond the perimeter. Security and enablement in this new context requires an identity-centric solution that allows you to deploy the practice of "never trust, always verify" from the beginning to the end of every session.