Search
Close this search box.

Solving zero trust architecture with dynamic authorisation

zero trust

Zero Trust is no longer just another buzzword. As organisations embrace hybrid workforces the need for a zero trust approach is crucial.

Dynamic authorisation is an advanced approach that grants fine-grained access to resources, a must-have element of any complete and successful zero trust (ZT) architecture, and for any business wishing to optimise its security infrastructure.

“At the heart of a zero trust architecture is the ability to make the decision about whether to grant, deny, or revoke access to a resource,” said Gal Helemski, co-founder and CTO of PlainID. “There are numerous ways to introduce zero trust policies but a good starting point is the U.S. National Institute of Standards and Technology (NIST) framework, which also makes it clear that zero trust should never be an exclusive agent of the network alone.

“Instead, zero trust should be applied across three levels of access control if deployed in full. That means access to the network; application access; and access to intra-application assets. This holistic approach, with a view across all organisational resources, assets, applications and networks, makes genuine zero trust protection a reality.”

Risk constantly changes to attack new vulnerabilities. In the modern world, businesses are built on a digital foundation, with complicated, highly distributed environments, and hundreds of applications and systems, as well as hybrid legacy and cloud infrastructures built on microservices. These provide the backbone for perhaps thousands of roles that change constantly – each time requiring the creation of a new access scenario.

There are many well-tested technology solutions which can help security professionals deliver on the fundamental tenets of ZT, particularly when it comes to network access control and advanced authentication. However, these solutions fail to meet the three more advanced levels of zero trust access. Instead, most of these ZT offerings focus principally on the network without sufficient consideration or support for zero trust at the application level or within the application itself.

For example, the solutions most associated with a ZT approach include secure SD-WAN, secure access service edge (SASE) and gateway integration and segregation. However, this is clearly a network-centric approach, vital in and of itself, but lacking the ability to address the three access control levels identified above.

“Dynamic authorisation is a more technically advanced approach to zero trust, which permits real-time, fine-grained access to a variety of resources, such as applications and data as well as any other asset, based on the specific context of each individual session,” Helemski says. “There are two powerful forces, which are fuelled by dynamic authorisation and critical to its complete and successful fulfilment: runtime authorisation enforcement and high level granularity.”

Each time a user tries to access a network, application or assets within an application, dynamic authorisation will start an evaluation and approval process, focused on a wide variety of essential attributes and qualities, including but not limited to: user-level attributes, such as current certification status, role and responsibilities; whether the user is allowed to access confidential and personally identifiable information (PII) and external attributes, such as the system risk level etc.

The dynamic authorisation policy engine assesses each attributes decision in real-time and with a high level of granularity, which compares favourably to a traditional approach that often relies on ‘as-based-on’ attributes which have been predefined by the application.

“Zero trust offers a rigorous, tried and tested approach to minimise the potential for damaging security violations,” Helemski concludes. “For an organisation to be fully confident in their zero trust architecture, they must focus on the three levels of access control using dynamic authorisation: network access, application access and intra-application assets.”

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

UK businesses see boosting connectivity as integral to growth

Study reveals a great opportunity for alternative network providers (AltNets) to meet growing demand for ...
centre

Germany Energy Efficiency Act demonstrates importance of data centre supply chain collaboration

Following the signing into law of Germany’s Energy Efficiency Act (EnEfG), energy solutions specialist Aggreko ...

Systemair look to Infor’s cloud solution to deliver more sustainable products

Systemair is moving its core business system to Infor CloudSuite Manufacturing, aiming at smoother integration ...
Data Centre

Vertiv collaborates with Intel on liquid cooled solution

Vertiv is collaborating with Intel to provide a liquid cooling solution that will support the ...