The Centrify Zero Trust Security model is effective because it allows organizations to remove trust from the equation entirely. Based on the assumption that untrusted actors already exist inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure. Only after identity is authenticated and the integrity of the device is proven can access to resources be granted--but even then with just enough privilege to perform the task at hand.
Here are five best practices for achieving Zero Trust security:
Always Verify the User with Multi-factor Authentication (MFA)
The days of securely verifying a user’s identity with a password are long gone. Today, user names and passwords can be phished, sniffed by malware, or bought off the Dark Web. That means credentials must be fortified with MFA, which uses something you have, something you know or something you are.
MFA must be applied regardless of the user: end user, privileged user, outsourced IT, partner or customer, and regardless of the resource being accessed: application or infrastructure. Organizations should require additional verification layers to authenticate users attempting to access the most sensitive data or to elevate privilege.
Always Validate the Device
Just like users, devices cannot be trusted without verification. To achieve Zero Trust Security, identity-centric controls must be extended to the endpoint. That means every device used to gain access to corporate resources must first be enrolled so that it can be recognized and verified.
The good news is that device enrollment processes are no longer the cumbersome challenges they once were. Centrify’s mobile device management solution features a self-service enrollment process that requires little to no administrative overhead. It supports all popular mobile devices with automated certificate enrollment that secures access to Exchange, VPN and Wi-Fi, ensuring only assigned users can access information.
Ensure the Device Measures Up to Your Security Standards
Properly verifying a device also means ensuring they stand up to your company’s policies around disk encryption, virus protection, up-to-date patches and other security requirements. For this, you must be able to easily track and enforce the status of all devices across your enterprise.
Organizing users by group or role is highly recommended as it allows you to set up device policies based on business need which helps to ensure only appropriate, authorized applications are installed on devices. Look for a solution with automated de-provisioning when user accounts are disabled or deleted as well as the ability to wipe, lock, and un-enroll lost or stolen devices.
Least Access and Least Privilege for IT and Everybody Else
Anyone with admin privileges is a hot target for criminals looking to access your environment and data. First and foremost, admin privileges should be strictly managed -- movement within the infrastructure should be limited and access should only be granted to resources absolutely necessary to perform job functions.
Use a Solution that Learns and Adapts
Today’s leading identity management solutions are capable of collecting information about the user, endpoint, application, server, policies, and all activities related to them, and feeding that info into a data pool that enables machine learning.
Centrify leverages behavior analytics to recognize unusual behaviors such as accessing resources from unusual locations to assign a risk score that’s used to make adaptive, dynamic decisions about granting access and privileges. The higher the risk that’s calculated, the more factors of authentication will be required from the user, or the more restricted their access may be.
Centrify Zero Trust Security
Centrify provides integrated identity services across apps, endpoints and infrastructure for all users, without sacrificing best-of-breed features. Organizations may consider approaching Zero Trust by implementing IDaaS, MFA, EMM, PAM and User Behavior Analytics (UBA) technologies from separate vendors, but disparate solutions leave gaps and are expensive to implement and maintain.
Centrify’s Identity Services provide all elements of Zero Trust Security and Centrify is the only vendor with leading solutions recognized in:
- The Forrester Wave™: Identity-as-a-Service, Q4 2017 (IDaaS)
- The Forrester Wave™: Enterprise Mobility Management, Q4 2017 (EMM)
- The Forrester Wave™: Privileged Identity Management, Q3 2016 (PAM)
Learn more about Zero Trust Security here.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.