The Zero Trust security model was founded on the principle that organizations should never trust any entity on their network and to always verify before giving it access to anything on that network. Those working with or for an organization should be able to work successfully from an untrusted network without compromising the organization's resources.
There are many approaches to improving the overall security posture of an enterprise. Taking a network-centric approach may involve an enterprise to redesign their network by splitting it into subnetworks in an effort to increase the security level of each network segment based on the sensitivity of resources that a given network segment contains. Although network segmentation is a valid layer of security when achieving defense in depth, it can also be expensive and difficult to justify on its return on investment (ROI). A more data-centric approach may involve data discovery and classification, then securing the data at rest and monitor its usage. This approach is again a good layer of defense in depth but can be costly in time and effort to find and then have the subject matter experts available to property classify all the data. Given that the majority of attack vectors are identity-related and often stem from a weak or stolen password or compromised privileged credentials as examples, a case can be made that an access first approach may be the better first line of defense.
Modern cyber security products have leveraged the power of machine intelligence and data analytics. Although analytics has become a loaded term in that it has come to mean a broad range of things. In its narrowest sense, it is the ability to perform data analysis by examining historical data and uncovering trends or pattern that can be used to improve the decision-making process. Machine intelligence gives the ability to make access decisions that can be acted upon based on the patterns and trends found through data analytics. Together, these technologies become tools to recognize abnormal user patterns that can be acted upon based on access policies.
As IT environments converge on a distributed model – perimeter-less, SaaS as a standard deployment model, external IdPs including social logins - the security model continues to evolve. By joining adaptive, risk-based or context-based capabilities to this distributed model, the combination of these factors begins to form a more distributed kind of trust model.
Core features of a modern distributed-trust solution should include:
- The ability to work across IT boundaries whether on-premises, cloud or hybrid
- The ability to verify users through multi-factor authentication
- The ability to validate a user’s device to ensure that is hasn’t been compromised
- The ability to limit access and privileges to resources through access controls
- The ability to continuously learn and adapt to user access behavior
Centrify is a medium sized company founded in 2004 with headquarters in Santa Clara, California and regional offices in Seattle, Salt Lake City, Hong Kong, London, Munich, Brisbane and São Paulo. Their customers comprise of over 5000 organizations, 53 of which are Fortune 100 companies. Their clientele includes organizations in the financial, pharma, telco, retail and government sectors.