By George Lattimore Posted June 30, 2018
With so many breaches occurring worldwide and so many organizations and consumers being impacted, IT admins are shifting their attention to a zero trust security model. This concept has been around for a few years, but as digital assets become increasingly difficult to protect, the zero trust security approach is picking up serious traction.
Layered Security is Protection of the Past
Fundamentally, dramatic changes in the IT network are driving this new approach to security. In the past, IT organizations worked with digital assets from the core of their network and then placed rings of security around those assets. This approach was often termed “defense in depth” or “layered security,” and the basic premise was that an attacker would need to penetrate through multiple layers of security—network, application, host, and data for example—in order gain access to the most critical digital assets.
This defense-in-depth approach made sense when the network was on-prem and largely Windows-based. The first ring of defense was a frontline of solutions to control access to the network, such as Microsoft Active Directory® (MAD), firewalls, domain controllers, and more. The second ring of defense restricted access to particular sets of data and applications, and was tightly controlled by the directory service or identity provider. Lastly, if an attacker made it through those, various endpoint management and server management security tools existed to protect the host, operating in tandem with encryption tools for the data. All of these rings worked in concert to create the layered security model.
The Need for a Zero Trust Security Model
Nowadays, networks are no longer on-prem and Windows®-based, and the security model is shifting to reflect this. With the elimination of the network perimeter and critical digital assets living in a wide variety of systems provided by various providers, the concept of security must change. Top that off with the Internet café-style WiFi model and a mobile workforce, and it makes a lot of sense that the zero trust security model is “poised to transform enterprise networking.”
This new approach takes the zero trust model and applies that to all interactions. Applications, systems, data, networks, etc.—no more user access without authentication. Even machine-to-machine communications need to be validated through a trust model, so there’s no need to take it personally. This concept creates a higher likelihood that malicious users are left out in the cold when trying to access critical digital assets.
For ensuring security in the identity management space, this concept is absolutely critical; ensuring secure access is simply fundamental to the zero trust security model. As a result, identity providers, such as JumpCloud® Directory-as-a-Service®, are at the epicenter of this movement by securely managing and controlling access to IT resources, such as systems, applications, file servers, and networks regardless of platform, protocol, provider, and location. Users are required to adhere to strict password complexity policies, leverage SSH keys where possible, and implement multi-factor authentication on critical systems and applications. These steps help to ensure that IT admins can take a zero trust approach and force users to validate their identity before access.
Identity Provider Leveraging Zero Trust Security
Want to know more about how the zero trust security model is harnessed by JumpCloud Directory-as-a-Service to protect core digital assets for enterprises worldwide? You can drop us a note, and one of our product experts will be happy to answer all of your questions. The platform is available to explore for free. Sign up here, and the first 10 users you register are free of charge—forever.