English

Zero Trust Security Model

Rethink Your Approach to Enterprise Security

As traditional network perimeters dissolve, security professionals must discard the old model of “trust but verify”, which relied on well-defined boundaries. Instead, strengthen security levels by implementing a “never trust” approach for everything — including users, endpoints, networks, servers and applications.


Rethink your security by always first verifying identity and endpoint health, then use policies to govern access to corporate resources.

What is Zero Trust Security?

Centrify’s Zero Trust Security model assumes users inside a network are no more trustworthy than those outside the network. It presumes that everything (users, endpoints, resources) is untrusted and must be verified first so that security is not compromised.

Centrify’s Zero Trust Security is based on these core beliefs:

Zero Trust Security Model - diagram - Identity Assurance + Trusted Endpoints = Conditional Access

Identity Assurance

Never trust, always verify. Evaluate the security posture of a user based on location, device and behavior to determine users are who they say they are. Take the appropriate actions (i.e. multi-factor authentication) to ensure user authenticity.

Trusted Endpoint

Whether it’s a corporate owned, BYOD or public desktop, laptop or mobile device, enforce access control policies based on the device identity and security posture. Only allow access to corporate resources from trusted endpoints.

Conditional Access

If Identity Assurance and the Trusted Endpoint conditions are both met, a least privilege, role based access model is enforced at the resource, limiting access to what each user requires for their job, while granting just-in-time access to specific applications and infrastructure for a limited timeframe.

Identity Assurance

Never Trust, Always Verify

Confirm Jane’s identity by asking her to provide something she has, something she knows or something she is. Also leverage user behavior unique to Jane and context such as location, day and time of login as additional factors to ensure authenticity.
zero-trust-model-identity-assurance.png

Trusted Endpoint

Authenticated Endpoints

Make sure Jane is using a trusted endpoint before granting access to resources. If Jane logs into a resource from an untrusted endpoint, challenge Jane with MFA or block her access if the resource should only be accessible from a secure trusted endpoint.
zero-trust-model-identity-endpoint.png

Centrify Zero Trust Security Solutions

trusted_endpoints_thumbnail.jpg

Trusted Endpoints

conditional_access_thumbnail.jpg

Conditional Access

Conditional Access

Access Upon Confirmation

Jane is granted access to resources because she confirmed her identity, is using a trusted endpoint and is logging in from the corporate office.
Jane can access SalesForce,
IF
Jane authenticated by 2FA
AND
Endpoint SecurityPosture = Compliant
AND
Endpoint Authorized = Yes
AND
Location = Santa Clara

Why Zero Trust?

A Zero Trust approach to security assumes that everything is untrusted and must always be verified to decrease the chance of a major breach. The notion of a robust perimeter no longer exists and thus, by combining identity assurance, and endpoint posture to grant access through a least privilege model, lateral movement, phishing attacks, and other common attack vectors are eliminated.

Rethink Security. Things That Were Once Trusted, No Longer Are.