The Role of Identity for Zero Trust
Identity is central to Zero Trust. Zero Trust as the established leading principle for cybersecurity is about continuous verification instead of trust into a one-time proof by a singular system. Verification is about identities, human and non-human, and their access entitlements to devices, networks, systems, applications, and data. Verification requires the availability of consistent, comprehensive, correct, and current identity information at run-time. Identity Data Integration and Identity Information Quality are fundamentals for Zero Trust.
Commissioned by Radiant Logic
1 Executive Summary
Zero Trust has been established as the key concept for modern cybersecurity. Its paradigm of "don't trust, always verify" is the guideline for implementing security solutions with multi-layered security and regular or even continuous verification. Instead of trusting a system such as a network firewall and no further checking access within the perimeter, Zero Trust mandates repeated verifications. This reduces the risk of lateral movement of attackers and increases the level of security.
From its origin as Zero Trust Networks, the concept has evolved over the course of more than a decade into a model that spans multiple areas of IT. These include identities, devices, networks, systems, applications, data, and software. Human or non-human users in their digital identities access services over networks. Services are the combination of systems and applications and work with data. Access happens from devices or things. All is powered by software. There is a broad attack surface, from identity-based attacks to attacks on networks or software supply chain attacks, to name just a few. Continuous verification at multiple levels is needed.
Identities are involved at various levels, because it is about these and their access that needs to be verified. This requires the availability of consistent, comprehensive, correct, and current identity information. Information needs to be consistent, even when it resides in multiple systems or "identity silos". It needs to be comprehensive, delivering the context required for verification. For valid verification, it needs to be correct. And it must be current, to build the verification on the most recent information.
With identity data sprawling across a wide range of systems, providing the data at the right place, on-time, integrated across sources, and in the required quality is still an underestimated challenge in IAM (Identity and Access Management). The effort for integration can't be successfully done per verification system but requires a centralized and specialized approach for unifying identity data and delivering this to the various IAM and cybersecurity tools.
Common IGA solutions fail in the ability to federate information from various sources at real-time, and they commonly lack the depth of data integration and quality capabilities required for the Zero Trust use cases.
Radiant Logic, with their RadiantOne Intelligent Identity Data platform, provides a comprehensive solution that is targeted specifically at identity unification, identity information quality, and identity data integration, for both synchronizing and real-time access to identity data. This makes the solution an interesting option for the central identity platform within a Zero Trust architecture.
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.