A strong identity helps establish robust security standards for a zero-trust model. It connects legacy and cloud applications with policies applied to manage access risks and secure attack surfaces. The zero-trust model assumes potential breaches in advance and requires each access request to be strongly authenticated, authorized, and evaluated for anomalies.
Identity is the core foundational element of a zero-trust model. Such identities include people, nonhuman (services, bots, etc.), and IoT devices; for instance, employees or external users who connect remotely to enterprise resources using managed or unmanaged devices in the current remote working environment. If such remote access policies allow weak login credentials, attackers can easily gain unauthorized access (e.g., using password sprays, compromised credentials, etc.) to enterprise jewels.
Defining policy-based contextual or adaptive multifactor authentication (MFA) can restrict access to enterprise resources. This is due to integrated risks determined from the convergence of user, device identity, and environmental conditions. This framework for leveraging risk signals to enforce strong authentication minimizes security risks, controls access to privileged accounts, and remediates legacy (weaker) authentication protocols. It improves security posture with a balance of user productivity. It delivers a frictionless login experience, strengthening the fabric of trust while using digital services. Various MFA factors leveraged for stronger authentication include passwordless solutions (e.g., using FIDO2), push notifications (using authenticator smartphone apps, including MS Authenticator and Google Authenticator), one-time password delivery using SMS or email, automated verification call, knowledge-based questions, etc.
A Europe-based postal services major wanted to modernize its access management framework for its enterprise and customer user segments. It worked with Infosys to roll out a strong authentication framework that was integrated with the identity risk model to enable a secure and frictionless login and session management experience for protected applications.
The zero-trust model maintains that all users or devices, irrespective of their access location, are authenticated and authorized to access requested applications or services. It encompasses the following:
When designing a zero-trust model, the principles mentioned above should be considered for securing access to enterprise applications and services, whether they are setup on-premises or in the cloud. Tools such as Microsoft Azure AD, PingID, Okta, and CyberArk can help here.
A U.S.-based food and beverage major modernized its identity management and access governance framework by establishing holistic visibility of “who has access to what” across on-premises and cloud resources. It automated access requests and provisioning processes, life cycle management, setup of business-centric roles, and setup of governance processes. The outcome was a strong policy framework for least-privileged models and the adoption of a zero-trust framework.
To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute's publicationsCount me in!