Over the past several weeks, I’ve explained how to verify every user and then validate their devices as part of a Zero Trust approach to cybersecurity. Now, it’s time to tie everything together with the final ingredient of the Zero Trust formula: intelligently limiting user access.
What do we mean by “intelligently limiting access”? Well, not all people need the same access to the same systems and applications. Some people (like HR or Finance) handle sensitive, private data, others don’t. Some people travel a lot with their job, some almost never. You get the gist. When you intelligently limit access to an organization’s systems and applications, you’re making it easy for each person — whether employee, partner, customer, etc. — to access what they need, when they need it, wherever they are, and on the device of their choosing.
Rise of the Machines
Modern machine learning and user based analytics can transform how you intelligently limit access, ultimately helping strike a balance between security and productivity.
Information about the user, endpoint, application or server, policies, and all activities related to them can be collected and fed into a data pool that fuels machine learning. This system can then automatically recognize out-of-the-ordinary behaviors, such as a user trying to access resources from an unusual location, which immediately raises a red flag requiring additional authentication or blocked access.
By feeding every access attempt back into an analytics platform, you can apply modern machine learning to build individual profiles for every user. Picture this: a user logs into her laptop using Multi-factor Authentication (MFA), while working from the corporate network, on a registered device she always uses, accessing the same apps she always does, at the same time of day as always. Great! You can confidently provide her easy access through single sign-on to her app instead of prompting her for additional verification.
Machine learning can greatly reduce the complexity of analysis that needs to be performed by IT responsible for overseeing access controls. Instead of writing complicated rules, IT can decide how to respond to the risk level of an access attempt, saving a great deal of time and frustration.
Steps to Zero Trust
Now that we have the three pillars of a Zero Trust approach down, how do we go about piecemealing together a solution with products from various vendors all purporting to solve a piece of the puzzle? Next up, we explore the steps to executing a Zero Trust approach. See how Idaptive Secures Access Everywhere.
Read the Zero Trust series here:
Zero Trust Series – 1 What Is Zero Trust and Why Is it So Important?
Zero Trust Series – 3 Imposter Syndrome: Why You Can’t Separate the “Good Guys” from the “Bad Guys”
Zero Trust Series – 4 Passwords are Just one Piece of the Cybersecurity Puzzle
Zero Trust Series – 6 Protect, Detect, Deter, Respond is Not a Security Strategy.
Zero Trust Series – 7 Upping the Security Ante: How to Get Teams’ Buy-in for Zero Trust
Zero Trust Series – 8 Next-Gen Access and Zero Trust are the PB&J of Security
Zero Trust Series – 9 Passwords Need Fixing. Zero Trust is the Solution.
Zero Trust Series – 10 The One-Two Punch of Zero Trust. Verify Every User, Validate Every Device.
Zero Trust Series – 12 Grow Up! Plotting Your Path Along the Zero Trust Maturity Model