Zero trust is a regular topic of conversation for most CISO’s today. At its core, zero trust focuses on the principle of maintaining diligent access control for all users of network and systems resources. In itself, that sounds like nothing new, but with it comes a renewed focus understanding and managing that access at a much finer level of detail.
At the center of any question relating to access control is the critical concept of trusted identity and the need to truly understand the access being requested, provisioned, and used over time. This concept then means access control must have strong authentication, fine-grained authorization, good lifecycle administration, and excellent audit and control mechanisms. In short, it means getting IAM right.
What does it mean to have a zero trust security model?
The first principle of zero trust is removing the assumed protection of the“private network” – you will often hear people use the term “assume network compromise” – meaning accept the fact that you no longer have complete control over your network. This concept does not mean opening the door to the bad guys, but accepting the fact that the adversary can and likely will get “network access”to your applications, and data. Today’s network perimeter has expanded way beyond the LAN and now includes remote people, applications and cloud services that spans the globe. Regardless whether someone is accessing IT from their desk, a coffee shop, or Antarctica, nothing should change as far as trust goes.
The role of identity governance in zero trust.
Having a robust identity infrastructure gives organizations the ability to build amore dynamic and identity-aware environment. Strong administration processes and accurate governance are the bedrock of identity and access management. Having a truly trusted source of controls and oversight is required to ensure that stronger authentication and deeper authorization can be delivered promptly. The process of ensuring that the right accounts, entitlements, and attributes are in place is where identity governance and administration come into play; allowing organizations to control the lifecycle of the very policies and data that now drive this ongoing process.
Zero trust truly is a way of thinking; an approach, not a specific product or single solution. The entire concept strives to challenge every organization to think differently about how they build applications, networks, and security controls. It means placing identity at the center of the security architecture and truly understanding who should have access to what and how that access is used. Identity governance plays a central role in delivering on that vision, providing a security architecture that is more real-time, more contextual, and able to predict, understand and manage appropriate access in the new world of zero trust.
SailPoint Predictive Identity™
Digital transformation has introduced the challenge of more users, apps, files, and cloud platforms to manage and protect. Using the power of AI and machine learning, organizations can now effectively take on their zero trust initiatives with confidence. SailPoint Predictive Identity speeds the process of creating access models and policies, helping you keep them up-to-date as your organization changes. It provides peer group analysis to quickly identify risky outliers that possess excessive permissions and offers recommendations when determining if access should be granted or revoked; helping ensure everyone and everything has the exact access they need, exactly when they need it, intuitively and automatically.
You might also be interested in:
Find out how SailPoint can help your organization.