CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | December 20199CIOReviewIn our BYOD intensive environment the combination of a context aware zero trust model is complementary to a cloud-based architecture.activity is logged and monitored. In a zero trust environment successful authentication is not enough.Each time there is a request for access, primary user credentials and if used, a secondary factor authentication are re-evaluated. A device certificate can be used to differentiate between a managed device or user owned. The IP address can be used for geolocation or to see whether an anonymizer or other VPN is used. This evaluation is used to determine whether certain high risk applications can be accessed or whether any additional restrictions will be imposed to this specific session. Each subsequent request is re-evaluated and uniquely handled depending on the context of the specific request. Using this approach we can reduce the pathways available to gain unauthorized access.Zero-trust allows companies to integrate IoT within their network. Adding a TV, a video conference component or other similar devices can still utilize some of the authentication and validation components despite the absence of user credentials.A zero trust security model redefines the architecture of a trusted network inside a defined corporate perimeter. While the zero-trust model is beneficial it also has certain challenges. The success of the model relies on an organization's ability to establish zones and segmentation to control resources. It is essential that there is technology in place to monitor and manage data between zones, and more importantly, user interactions within a zone. This is relevant today since technologies and processes like the Cloud, DevOps, and IoT have either blurred, or dissolved the idea of a traditional perimeter.A second challenge is that legacy systems cannot easily fit in such a model. Redesigning applications to use zero-trust can be very costly. Legacy applications can potentially use an authentication abstraction service. Such applications pose additional concerns in terms of monitoring capabilities and their ability to handle encryption and other zero-trust requirements and can be the most significant hindrance in the adoption of such a model.Identity abstraction as a service is quite popular with IoT and legacy applications. Enabling device identification and authentication as a cloud-based service, allows IoT systems to integrate within an organization's security.Finally, The use of cloud based collaboration applications and peer-to-peer networks pose problems as they allow for users to bypass zero trust controls and risk based access. While in certain cases cloud based collaboration and P2P can be blocked, their use cannot be totally monitored and they typically operate in conflict to the zero trust model.In our BYOD intensive environment the combination of a context aware zero trust model is complementary to a cloud-based architecture. With this model we are able to embrace the reality of our business and allow our users to access applications from anywhere, using any device, with secure, and simple access.Stephen G. Fridakis
< Page 8 | Page 10 >