Multiple Forces are Driving the Adoption of Zero Trust Security
The Covid-19 pandemic created the compulsory need for organizations to quickly shift from a primarily business workplace environment to a mostly working from anywhere. VPN quickly became the go-to solution for securing remote workers and third-parties to corporate networks. Unfortunately, many companies found that while VPN protected user connections outside the network, it also gave them complete access to their IT assets inside the corporate network.
Providing unlimited access to internal digital resources violates the fundamental principles of a zero-trust model. It enables greater exposure of enterprise vulnerabilities to hackers, giving them free rein throughout the corporate network. In contrast, zero trust is a journey that allows organizations to begin with small steps, identifying a business function or small user population, enabling access, monitoring use, and growing the deployment from there.
Zero trust provides flexible authentication models, and control over user access to applications. A zero trust cybersecurity model eliminates implicit trust and replaces it with explicit, real-time adaptive trust levels for just-in-time, just enough access to digital resources. The “explicit trust zone” is between the policy decision and enforcement point, and the applications, servers, systems, services, and data.
Protecting against malware and exploits, complying with growing regulatory privacy requirements, and avoiding financial and other business losses due to cyber breaches are just a few of the many reasons to adopt a zero trust model.
Securing today’s expanding network perimeter of on-premises, remote workers, multi-clouds, IoT devices and mobile users requires zero trust networking with identity-based privileged access management, or PAM. Combining PAM with Zero trust network access (ZTNA) provides secure remote access that enables organizations to clearly define access control policies for their business-critical IT resources.
RevBits ZTN enables an explicit zero trust security posture
RevBits ZTN allows enterprises to grant user access based upon their identity and device attributes, with context like roles and responsibilities, time and date, location and more. Identity-related device data includes operating systems, browser versions, disk encryption and security software update status. RevBits ZTN combines policies for applications, users, devices, IP addresses, locations, workloads and risk, and utilizes identity data to define and enforce access control policies.
To ensure the identity, integrity and authorization of all users and devices, access is provided only after verification is completed, regardless of location or network connection. No access is allowed before establishing a ZTN-brokered session between a user or IoT device, and an IT asset. And when access is granted, users have least privileges to complete a task.
A major flaw with VPNs is the enterprise-wide access to internal resources for external users. RevBits ZTN confines access to internal resources, limiting access to one resource at a time. This eliminates the opportunity for bad actors using stolen credentials to laterally move across the network.
Authenticating access for the expanding network perimeter
RevBits ZTN’s user-to-resource access approach is a completely different model than a network-centric methodology. Encryption, authentication, and secure connections for remote employees and third-parties is conducted over SSL/TLS.
To ease management, admins can easily group resources like servers, databases, applications, services, users (internal and external) and projects, like pen testing and product development. Automating the onboarding of users and endpoints to on-premises assets is easily accomplished with Active Directory, and in the cloud through Azure AD.
Built upon the zero-trust principle of least privilege, when users have been authenticated and authorized, their resource access is granted on a one-to-one basis. Granular, per-session access is granted based on verified user and risk profiles, with two-factor authentication enforcement. Corporate resources are further protected with identity-based authentication, single sign-on (SSO), end-to-end encryption, session recording and more.
Mapping users to digital resources, RevBits ZTN allows IT, security and risk teams to understand application nuances and data usage across the enterprise. This helps to govern and enforce a robust policy-based security posture, while eliminating user friction to ensure a positive experience.
Combining strict access policies with privileged access limitations
RevBits ZTN includes integrated PAM. Remote access authentication and authorization protect resources inside the network, and encrypted tunnels secure connections for outside network traffic. Companies that already have a PAM solution will benefit from RevBits ZTN’s granular access protection for remote employees and third-parties.
Integrated identity-based privileged access management provides granular control to limit resource access, restricting what users can do with a resource and locking-down access beyond that resource. By leveraging identity data with context, RevBits ZTN automatically assesses risk and trust, and applies continuous adjustments that are explicit. Users have secure connectivity and access to corporate IT resources without exposing a resource’s IP address, protecting them from direct Internet access. Additionally, RevBits ZTN conducts session recording (video, keystroke and query) through our optional jump server architecture.
Originally published at https://www.revbits.com.