Zero-Trust isn’t a product or status; it’s an architecture and a security model. It’s a collection of system design principles, coordinated cyber security, and system operation strategy that helps organizations gain clarity on processing activities, identify sensitive or critical data, and apply an acceptable degree of protective, detective, and reactive security measures.
Generally, zero-trust offers a consistent security policy for users accessing data that exists anywhere, from anywhere, and in any manner.
The core logic of a zero-trust architecture is actually “never trust, always verify” when accessing organizational services or data.
It will verify all the requests and grant or deny access based on the below criteria:
- Geographic location
- Device health
- User application access and privilege
- Operating system and firmware version
- Endpoint hardware type and network-level risk etc.
Zero-trust architecture performs continuous authorization irrespective of where the request has originated from. It no longer distinguishes between “inside” and “outside” the network perimeter like traditional network architecture. It essentially establishes a model of trust, verification, and continuous evaluation of trust for further access and lateral movement.
Unified endpoint management or UEM solutions combine the management of multiple endpoint types in a single centralized console. UEM solutions help configure, manage and monitor endpoints based on various platforms such as Android, iOS, Windows, macOS. This also includes Internet of Things (IoT)-based devices and wearables.
Let’s see how the typical zero-trust security model works.
Zero-trust is an illustration of defense in depth where different user endpoints like BYOD, WFH laptops, mobile and SAAS applications request organizational resources from any (internal and external) network at any time. Such endpoints need to be authenticated and authorized at each and every network segment before they are able to access any resources from the trusted secure environment.
Typical Zero trust flow
To protect sensitive data from all kinds of cyber-attacks, endpoints connecting to enterprise environments (on-premises, cloud critical server, third party application, document resource, etc. ) must be thoroughly authenticated and authorized. This authentication process must be based on the different real-time visibility criteria conducted with the help of a security policy engine. If the device is able to meet all policy criteria, access to the resource can be granted or denied.
Let’s take a look at few examples of policy criteria through which the security policy engine makes the access decision:
- Geographic location: The access decision will be made based on these questions: From where is the user trying to access the resource? Does the user belong to his/her default region or is the user traveling?
- Operating system versions and patch levels: The operating systems and patch levels of all endpoints will be verified before providing access. Even the applications installed on the endpoint will be verified. If any vulnerable application is installed the access will be denied.
- User application access and privilege: User privilege will be verified at the application level. If the user is trying to access a resource for the first time, there should be a prompt shown for a second factor during the authentication flow.
- Endpoint hardware type and network associated risk: If the user is trying to access the resource from a rooted or any non-compliant device, access will be denied. Also, in case any network interception behavior patterns anomaly is detected, the resource request will be denied.
If the user and device meet all the required conditions, access to the organization’s resources will be granted. The successfully granted requests will continuously be reverified.
In case of request denial, the user risk or device risk will be notified to the user with appropriate recommendations. Also, organizations should continuously monitor and validate the right privileges and attributes of all their service and privileged accounts. Organizations must ensure that all access requests are continuously screened prior to allowing access to any of the organizational resources.
How UEM solutions can help in migrating to Zero-trust architecture
While migrating from traditional architecture to a zero-trust architecture at an organizational level, the below-mentioned UEM technologies/features/controls can be considered with respect to the different pillars of zero-trust.
Zero-trust architecture consists of six pillars -trusted identity, device health, network security, application trust, data trust, and monitoring. Users must establish trust with respect to each pillar to access the organizational resources.
Verify Trusted Identity:
Verifying the user identity is very important in the zero-trust model where organizations must use more safe and secure user authentication methods by incorporating password-less authentication using different biometrics, multi-factor authentication to uniquely identify the user. Further, application access can be provided based on the user’s geographic location.
Based on the location and endpoint device used, dynamic risk scoring will be defined and the high-risk scoring endpoint/user will be restricted to access organizational resources. Using a UEM solution at the enterprise level will make it easy to track endpoint locations at regular intervals.
Verify Device Health
Any device which is requesting access to organizational resources must be thoroughly screened. Device inventory plays a major role for any organization to maintain the mass devices in one place. Having a proper inventory or device management solution will help the organizations to impose the organizational or compliance policies on the device. In case, the device health parameters are compromised, the request access will be denied. UEM solutions will help the organizations to impose strict compliance policy on endpoints and also provide timely alerts and analytics on out-of-compliance endpoints.
Verify Network
From all the resource requesting endpoints, the organization should verify the trust of the network and session protection. By using the zero-trust principle, least privilege access should be given to the resources level. Also, organizations should limit access rights by implementing micro-segmentation of the resource. This can help grant the minimum permissions required by users for performing their defined job roles.
Verify Application Trust
Due to the advancement of user/application authentication, organizations can provide improved security and user experience by implementing single sign-on to applications. The applications should be made accessible from the different endpoints with customizable privileged sets. Also, we can add extra protection to applications in the form of isolation. Application-level privileges and security control can be imposed with the help of UEM solutions.
Data Trust
The ultimate goal of data trust is that an organization must make sure that the data stays secure. An organization cannot secure all the data with utmost priority as the organization deals with data from multiple streams. To segregate the important data, data needs to be classified based on business, legal, and regulatory compliance. Based on the classification level, data protection policies should be defined and data should be protected. To protect, control, and ensure the integrity of data, proper DLP (Data Loss Prevention) policies should be implemented.
A zero-trust system should continually and dynamically assess trust each and every time a device or a user requests access to its network.
Monitor and Analytics
By achieving trust across all the pillars of zero-trust architecture, organizations can gain visibility and leverage analytics. This requires a stand-alone system or Security Information and Event Management (SIEM) tool integration through UEM that gives better visibility by logging all traffic. This information can then be used to learn and monitor network patterns. The resulting analytics can assist in making effective dynamic policy and trust decisions.
Conclusion
Zero-trust implies that organizations must not automatically trust any network or any endpoints. Instead, they should first think that any request can potentially be malicious, and only after it is thoroughly verified, access can be granted. So, considering redesigning and rebuilding the security strategy supported by the zero-trust architecture, organizations can reduce the probabilities of breaches and strengthen their defense mechanism. Implementing a robust UEM solution can make zero-touch migration much simpler and offer a range of supporting features to address the requirements of a zero-trust architecture.