The remote work raises security challenges, the cybersecurity attacks increased exponentially, which acquire a new security model to secure endpoints, which allows remote work from anywhere, anytime.
It is an integrated security approach that links to all the components in use device, operating system, network, user, application, and context at any given time.
“never trust, always verify.”
- The Endpoints are always checked against organization security policies.
- The users are granted granular access to applications after proof of identity.
- The users are granted access to what they are exactly working on; to reduce cybersecurity attack services.
- Security Teams plan how security rules and policies are defined, established, deployed, and managed. IT Administrators must align with Security Teams.
The Zero Trust Security Model Structure:
- Device Trust
- User Trust
- Network Trust
- Application Trust
- Data Trust
The following diagram demonstrates the Zero Trust Security Model Structure:
An organization must manage all devices to ensure:
- Which software is installed, which version, and what condition is given to use the application; this requires multiple authentication and authorization techniques to be used.
- The security policies must be updated, deployed, and enforced on all devices by continuously monitoring their state and attributes.
- The organization must catalog all hardware devices to verify that each device is a known secure endpoint.
- You can use inventory access-based control to allow access to devices registered with authenticated users.
- Check device compliance to security policies and continuously monitor compliance. Non-compliant devices are denied access to some company resources.
- Automatically respond and remediate non-compliant devices to bring the devices back into compliance as soon as possible.
A digital certificate is used to secure each device; Certificate Management emphasizes security through the entire device lifecycle.
Determines the identity without requiring the user to enter a password such as:
- Biometric such as Fingerprint.
- Hardware or software security token.
- One-time codes or links are sent to an email address or a mobile phone number.
- Authenticate the user depending on a service that already authenticated the user.
- Certificate-based authentication.
Multifactor authentication (MFA)
Require two different methods to prove user identity which a combination of the following three factors type:
- Something the user knows, such as a password or the answer to a security question.
- Something the user has, such as a physical or software security token or a certificate.
- Something the user is, such as a scan of the users’ fingerprint, iris, or face.
With conditional access, you can chain multiple authentication methods to build a strong trust level in the user based on contextual information about the user, device, location, and other factors and assigning a dynamic risk factor.
IT divides Data Centers into district security segments down to the individual workload level, defines security controls, and delivers services for each unique segment. Microsegementaion prevent cyber attacks it from spreading in the Data Center.
Reduce the users’ exposure to the sensitive part of the network, and prove granular role-based access to sensitive resources.
Using certificate-based encryption is used to avoid data theft during the transition.
A session is a temporary connection between two devices or user and a computer to avoid the session to be hijacked:
- You must have an effective authentication system.
- Communication must be encrypted.
- You must define an expiration period to avoid a long time session that may cause increased highjack attacks.
A user authenticates to a system once and then can access related but not the same separated systems without reauthenticating for the duration of the session.
Application access from any device
By creating a digital workspace and distributed workforce with enforced to Zero trust, applications can accesses applications from anywhere.
Protecting data at rest
Data Access is surrounded by Software-Defined Perimeter, Antimalware Protection, encryption, and firewalls to create a protective casing.
You must make regular data backups to protect data against ransomware.
Data Loss Prevention (DLP)
DLP helps to ensure that sensitive data does not leave the organization, whether accidentally, intentionally, or maliciously.
By never trusting and constantly verifying, the Zero Trust approach protects your data and applications at the start of a session and continuous user verification, endpoints, and networks throughout an application session.