Event Recording

Identity Management and its key role in the Zero Trust strategy

Log in and watch the full video!

Since any resource access is subjected to a “Zero Trust enabled” step-by-step process, where  policy engines define and enforce the appropriated access level, apart from device, network, identity systems and resources, we need also a “ZT enabled” identity management where “Identity Proofing” builds its core component.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Thank you much. Thank you very much for also for the chance to share my view with you on how identity management and its key role played in the, your trust strategy of Simmonds welcome to my presentation. I created some slides where I, I would like to, to go through them with you focusing on three different aspects, you can see the detail identities as a fundamental for our zero trust strategy, the implementation, how it comes to, to reality and the continuous control monitoring at which this required since this is not just one run implementation, this is a continuous continued journey. We need to reap concepts. They evaluate the accesses, simplify access of different areas, putting more control and identities. And this is what I would like to go through into the next slide.
What you see here is, is, is summarize. Let's call this, this slide explains in a simplified way, how our sort trust environment is set up moving from left to right. It looks not much challenging and, and complex, but there is a lot of efforts and investment collaboration support in every single step to go through that, that whole journey starting of course, for, for the first part, I'm responsible in the company, which is the identity management where our solutions start with is focusing on a trustworthy while manage improve identity as a prerequisite for the zero. Trust is, is the first essential step to be done in, in our whole chain, continuing with the identity trust. What makes us in the position to enable all the entities to use modern authentications moving from that classic user login and password and using multifactor MFA time, rear time authentication with biometrics.
That is the, the next evolution step. Yeah, continuing with secure device, which is also a very important component where user get access to our systems, applications, and data with that means we need also to secure protect our, our devices within latest, in a different aspects, be quiet, where we will get deeper and more in detail in, into the next slide and moving to the next step, which is the secure access. How we grant that the access is the secure one is that the user is the correct user using the right identity, using the right device from the right network. And there is all the policies and the funny things like the gatekeeper, we call that policy decision point who regulates the control, the, the it analyze and calculates on real time, the how secure and how trustful is the access and provides a grant or, or denied the access.
That's the new component where we put a lot of, of focus on, on, on sign, given the decisions in the Powerment to decide who is, is allowed to get in today, and maybe not tomorrow, depending on the, on the previous steps and what they are accessing our network and the last component, at least the last, but not least is how we secure the app access, thinking on different methods, different technologies we have in, in, in the market, thinking on micro segmentation, on networks base and doing the next step. What is, which is the ring facing policies and enforcement, where we decide on application base, who has to get access, what will, what will reduce the complexity on our network and keep isolate applications or separated from others and prevent later moves. That's also a very, very important key component in our seal trust strategy. And, and the, the way to go there is, is important.
That means let's, let's have a look at deep, deeper look on the identity and access management thinking on the type of identities we have in a company, the purposes for those identities is how they get, identify, thinking on end user scenarios, administration scenarios, machine to machine scenarios, and also legacy systems, which act differently, not based on identity, how to deal with that in bringing all the, all that in a digital data entity, even though to, to seek to that zero trust strategy. And from the other side, all these systems have an influence on that energy, or we have to, to manage the data, the quality, the processes, and rely that the identity is supposed to be used by by person is, is linked to the right one. That is, is the last biggest step in our identity and access management approach, which is the identity proving we supposed to grant it and leverage the trust level of an identity.
If we get that, that proving and this classifies the, how trustful is the identity and how applications will let them get, go in to get access, depending on the classification of the application. That is what we see moving to the next slide that will manage to enable our identities, to use MFA going long path from the implementation of modern technologies, enforcing MFA, replace passwords, replacing, monitoring the access and, and misuse of passwords that allow us to maintain password any longer. As long as the password is, is, is, is high enough and not compromise. We use our multifactor without any, any issues. That's what Microsoft allows with that technology. We implement the, the device basically on, on an Asia joint hybrid object tool, except multifactor using authenticator apps for Microsoft and being included, including all application and the identity in a protection concept where we see and verify whether there is misuse or identity credentials are compromised and take action on that. This is what this whole change represents, managing the identity, how we secure the identity, how can we grant that identity is trustful.
So to the third step is what we call secure device. And you see is our main purpose is grant confident, offer confidentiality on the devices we use, no matter which device is, is, is in use is, is a managed device, a private device, it's a mobile device. And also all the software running in valid patch version of personal systems, antivirus is, is, has a bit longer in activated all these different components. What secure hardware makes us trust work is, is verify, identify on real time. And then we move that leads to have the control of how we evaluate the access from that device and grant the access control by a policy decision point users like as a gatekeeper, getting, getting that, taking that decision and pushing the user right to the application or denying the access from the device secure device. We move to the verification authentication the secure.
That was exactly that, that new component where we decided to build out a kind of policies using the D P D concept policy decision point. I noticed wrong it's PDP, which evaluates the different, the different aspects, calculates the access and take the decision. If the user is trustful using the trustful device, trustful network, trustful identity, is this cumulated a good level of trust and take the decision. This is the main, the brain part of, of our zero trust environment. And the last, the last component is how we secure our applications. And we know that it is a long path till we get our applications still trust manager.
This, this, this view is interesting because we started having everything protected in our network. And every user was, was trust trusted in our application. Once you have access to our internet internet, you could get everywhere. And that is what we started with the journey by saying, we need to move our, our application into the, into the internet to support not only the COVID 19 movement for the new normal, also the cloud applications, which was pushed by, by, by the COVID 19 situation where we get employees not longer in our, in our company, buildings means we need to protect our assets, our applications, our data in, in a single way outside of our Siemens cover network. And it, it was a way identifying this structure. What are the perquisites, how to enable applications still trust, comfortable thinking on different factories and, and, and machines, users, applications, databases, all the artifacts.
We have our company as, as, as a secure structure concept for application onboarding, meaning classifying the assets, how sensitive is the application, which level of, of confidentiality application access. We grant to an application configured that access assurance level in our authentication systems and doing something in, in, in, for the on-prem world as well for the cloud. On the one hand side, all, everything that we cannot protect identity based or application base means legacy assistant robots, machines manufacturers. We need to, to think on a kind of micro segmentation of our network to keep the separated using zero first proxy, which enabled the access to our system, being part of the zero trust strategy and looking forward for the cloud applications with our zero trust enabled. And we use the application protection concepting facing that will decide and allow the access directly to that single application access of data are preventing lateral moves.
And that is the, that is the, the edge of, of that implementation. This was the first step into that, into that change. And, and we now we've had, we have to think about how to maintain our, our security, our concept valid with the velocity of the technology is bringing in day by day. If the concepts are valid, if the device trust still valid, new, different type of devices, operational systems, identity, decentralized identities that will be, will have influenced also in, in the whole process and not managing well managed entities, they, that will be the next step. But what we think about talk about this later in the predictions of what IM will bring in the future and the application itself, the control, the regulation, Pam privilege, access management, because this not only end user scenarios in place and our, how there is also the enterprise where machine learning machine to machine communications and legacy system, we maintain our network, maybe simplifying the concept, the security concepts, because we translate everything to the application in decision points that will be, is currently the next step. We're doing that and keep the strategy up in, in any aspect.
Yeah, I I'm, I'm done with my slides help to get the, the delivery essence of what, what we did, the things we thought or what we can be important to build that a zero trust strategy and a company. And how can we rely on that base that we are building up for the future management.

Stay Connected

KuppingerCole on social media

Related Videos

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00