English

Zero Trust Security Model

Rethink Your Approach to Enterprise Security

As traditional network perimeters dissolve, security professionals must discard the old model of “trust but verify”, which relied on well-defined boundaries. Instead, strengthen security levels by implementing a “always verify” approach for everything — including users, endpoints, networks, servers and applications.


Rethink your security by always first verifying identity and endpoint health, then use policies to govern access and privilege to corporate resources.

What is Zero Trust Security?

Centrify’s Zero Trust Security assumes users inside a network are no more trustworthy than those outside the network. It presumes that everything (users, endpoints, networks, resources) is untrusted and must be verified first so that security is not compromised.

Centrify’s Zero Trust Security is based on these core beliefs:

Zero Trust Security Model - Verify User, Verify Device, Limit Access & Privilege = Learn & Adapt

Verify the User

Never trust, always verify. Evaluate the security posture of a user based on location, device and behavior to determine users are who they say they are. Take the appropriate actions (i.e. multi-factor authentication) to ensure user authenticity.

Verify Their Device

Whether it’s a corporate owned, BYOD or public desktop, laptop or mobile device, enforce access control policies based on the device identity and security posture. Only allow access to corporate resources from trusted endpoints.

Limit Access & Privilege

If the user and device are verified, a least privilege, role-based access model is enforced at the resource, limiting access to what each user requires for their job, while granting just-in-time access to specific applications and infrastructure for a limited timeframe.

Learn & Adapt

Information is constantly being generated from various sources (from the user, their devices, and all activities related to them). Leverage machine learning to set contextual access policies as well as adjust and adapt policies automatically.

Verify the User

Never Trust, Always Verify

Confirm Jane’s identity by asking her to provide something she has, something she knows or something she is. Also leverage user behavior unique to Jane and context such as location, day and time of login as additional factors to ensure authenticity.

Learn More
zero-trust-model-identity-assurance.png

Verify Their Device

Authenticated Endpoints

Make sure Jane is using a trusted endpoint before granting access to resources. If Jane logs into a resource from an untrusted endpoint, challenge Jane with MFA or block her access if the resource should only be accessible from a secure trusted endpoint.

Learn More
zero-trust-model-identity-endpoint.png

Limit Access & Privilege

Just Enough Access

Once Jane has confirmed her identity and is using a trusted endpoint at a verified location, Jane is then granted just enough access she needs to perform her job at any given time.

Learn More
conditional-access-privilege-fem-2.png

Learn & Adapt

Machine Learning

Continuously leverage data about Jane, her device(s) and her behavior to allow access, block access or enforce additional authentication. With machine learning, policies can be adjusted automatically and in real-time.

Learn More
conditional-user-behavior-female.png

Why Zero Trust?

A Zero Trust approach to security assumes that everything is untrusted and must always be verified to decrease the chance of a major breach. The notion of a robust perimeter no longer exists and thus, by combining identity assurance, and endpoint posture to grant access through a least privilege model, lateral movement, phishing attacks, and other common attack vectors are eliminated.

Rethink Security. Things That Were Once Trusted, No Longer Are.