Companies are under siege from a virtually endless onslaught of malware attacks, exploits, and other attempts to compromise servers, applications or data—and most are not doing very well at defending against it. A scan of news headlines from the past couple years will illustrate the fact that the traditional approach to security is not sufficient. There are major malware infections and data breaches on a frequent basis. Organizations can take a more proactive stance and improve their overall security posture by adopting a zero trust model.
What is Zero Trust?
The traditional security model operates on more of a “trust but verify” philosophy. Devices and individuals are typically authenticated when they first connect, but once the initial validation is complete it is just assumed that the subsequent activity is legitimate and should be trusted. Obviously, that is not really the case—and that trust has been betrayed time and time again in successful attacks.
The problem with the traditional approach is that it is reactive by default. Files are assumed good until they do something malicious. Users are considered to be trustworthy until they access or exfiltrate data they shouldn’t. It relies on constant monitoring to detect and identify suspicious or malicious behavior to react after something nefarious has already happened.
Zero trust means exactly what it sounds like. Don’t inherently trust any device, service, or individual. Never trust, always verify. The zero trust approach prevents suspicious or malicious activity in the first place.
The concept is not necessarily new. The debate of blacklisting vs. whitelisting has gone on for years. The zero trust model concept is similar to the security model that has been used for proxy firewalls and application whitelisting solutions. In a nutshell, you deny all access by default, and only allow those users and devices that are expressly permitted by policy.
Zero Trust and Next-Gen Access
A new report from 451 Research explains, “Centrify is one of the vendors that was early to embrace the zero-trust concept, with a new offering that it refers to as its Next-Gen Access platform. In addition to tying together Centrify’s existing offerings for identity as a service (IDaaS), multi-factor authentication (MFA), enterprise mobility management (EMM) and privileged access management (PAM), Centrify has delivered enhanced analytics to help organizations make better access decisions, along with an app gateway that can provide remote access to on-premises applications without requiring a VPN.”
The 451 Research report goes on to describe how Centrify pulls together a diverse array of technologies to provide a comprehensive platform for zero trust security. “Centrify has long sought a marketing framework that, optimally, ties together its various offerings in PAM, MFA, IDaaS and MDM. While ‘unified identity’ was a step in the right direction, zero trust allowed Centrify to go to market with a unifying theme and approach, tying together each of its product areas more clearly, and broadening Centrify’s appeal beyond identity management to being more of a strategic security provider.”
The Challenge of Zero Trust Security
There are some potential challenges when it comes to zero trust security. In order to implement zero trust effectively, you need to have a comprehensive collection of tools and technologies working together. 451 Research points out that Centrify has many of the foundational pieces in place to proactively verify users and devices and restrict access to systems, applications and data based on a least-privileged approach.
*** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Tony Bradley. Read the original post at: https://techspective.net/2018/06/05/the-zero-trust-model-provides-a-more-proactive-approach-to-security/