How Does Identity Impact the Six Pillars of Zero Trust?

Mike Engle

What Is Zero Trust?

Zero Trust is a proactive security approach that continuously verifies users, devices, and services before trusting them. This approach is commonly summarized as “never trust, always verify”. Essentially, ZT assumes that anything connecting to a system is a potential threat that should be verified before earning trust.

Least Privilege and Zero Trust

A core principle of Zero Trust is least privilege. This means that users should only have access to as much information as they need. For example, managers should have more privileges in an HR application than regular employees. Because employees don’t have access to this information, it can’t be accessed in case of a credential compromise or data breach.

I will be diving deeper into these topics in my upcoming webinar, “Digital Identity, Passwordless Authentication and the Path to a Frictionless Zero Trust Architecture” with Sean Ryan, Senior Analyst at Forrester and Sam Tang, Managing Director of Cybersecurity at E&Y. I’ll be discussing why the user’s identity is the most important aspect to focus on when moving toward a Zero Trust architecture.

Identity and Zero Trust Architecture

What does identity have to do with Zero Trust architecture? When you verify user identity at each point of access, you are proactively checking security before a breach can happen. This is in line with the “never trust, always verify” core principle of Zero Trust. To authenticate a user, one must first implement an indisputable identity proofing process. Indisputable ID proofing must involve the triangulation of a user claim with biometrics.

A claim can be many things – proof of an existing account (Active Directory, a Banking Login) or another proof of identity such as citizen documents (such as a driver’s license or passport).  These are verified, matched, and a digital certificate is issued for the user to keep and manage.   Government-issued documents, sources of truth and advanced biometrics operate a series of data checks and verifications to prove an individual’s identity and leverage this process each time the same individual needs authentication to remotely access a system or a service online.  ZT is impossible to reach without verified identities. Let’s look at how identity plays a role in each pillar of Zero Trust:

Pillar #1: Users

Continuous authentication is a core principle of ZT. This involves using identity and access management (IAM) and multi-factor authentication to continuously verify users at the point of access as required by the organization’s policies. User identification is escalated according to risk profiles of any given activity. Additionally, it’s important to secure user interactions on web gateway solutions and other technologies.

Pillar #2: Devices

The second pillar involves both monitoring and enforcing the health and compliance of devices. Real-time monitoring of device health is a critical component of Zero Trust. “System of record” solutions like Mobile Device Managers can be helpful when assessing the trustworthiness of devices. To be fully Zero Trust compliant, devices should be identified to grant access at every session. This avoids any security threats associated with implied trust.  Similar to proof of identity via a certificate, devices can be given a certificate to prove they are managed by an organization.

Pillar #3: Network

The network pillar is important because it prevents sensitive information from being accessed by unauthorized users. It continuously verifies identities before granting network access. Other key components of this pillar include encrypting end-to-end traffic and using micro-segmentation techniques.

Pillar #4: Applications

ZT adoption requires the proper management of application layers. If one can control the technology stack, they will be able to make more accurate access decisions. This pillar combines data, device, and user elements to ensure access is secured at the application level. If identity is proven at the application level, this will prevent unauthorized access and tampering with sensitive applications.

Pillar #5: Automation

Security automation response tools can help make ZT both cost-effective and harmonious. Security teams use automation tools for a variety of reasons including user behavior analysis and security event management. Security processes like identity verification can be automated to ensure continuous monitoring.

Pillar #6: Analytics

It’s impossible to respond to a threat that you are unaware of or do not completely understand. ZT gives security teams the ability to monitor security threats as they occur and respond quickly and intelligently. Analyzing cyber events is an important element of ZT because this can often lead to the implementation of proactive security measures that can prevent cyber threats before they occur.

To conclude, pertinent user authentication is impossible without indisputably proofing the identity of the user who is authenticating. To achieve ZT, identity is a critical element. As identities access the infrastructure, organizations know they should be there and therefore the remaining 5 pillars work more efficiently at identifying anomalies and stopping a breach in its tracks.

Are you interested in learning more? I will be diving deeper into all six of the ZT pillars during my webinar with Sean Ryan, Forrester Senior Analyst, and Sam Tang, Managing Director of Cybersecurity at E&Y coming up on January 18th. Register today.

FIDO2 Authentication with 1Kosmos
Read More
Meet the Author

Mike Engle

Co-Founder and CSO

Mike is a proven information technology executive, company builder, and entrepreneur. He is an expert in information security, business development, authentication, biometric authentication, and product design/development. His career includes the head of information security at Lehman Brothers and co-founder of Bastille Networks.