the network , but often contractors , supply chain partners and even customers may need access to data and applications located either onpremises or in the cloud .
For an effective ZTA strategy , it ’ s critical to determine who every user is and what role they play within an organisation . The Zero Trust model focuses on a ‘ least access policy ’ that only grants a user access to the resources that are necessary for their role or job . After a user is identified , access to any other resources is only provided on a case-bycase basis .
This strategy starts with CISOs mandating breach-resistant identification and authentication . User identities can be compromised either through the brute force breaking of weak passwords or by using social engineering tactics such as email phishing . To improve security , many enterprises are adding Multi- Factor Authentication ( MFA ) to their login processes . MFA includes something the user knows , such as a username and password along with something the user has , such as a token device that generates a single-use code or a software-based token generator .
Once the identity of a user is authenticated through user log-in , multi-factor input , or certificates , it ’ s then tied to a role-based access control ( RBAC ) system that matches an authenticated user to specific access rights and services .
CISOs need to make sure that security processes avoid being so complicated or onerous that they hamper productivity or user experiences . ZTA solutions that are fast and support Single Sign-On ( SSO ) can help improve compliance and adoption .
2 . What is on the network Due to the massive increase in applications and devices , the network perimeter is expanding and potentially billions of Edges must now be managed and protected . For an effective ZTA strategy , CISOs need to manage the explosion of devices resulting from the Internet-of-Things ( IoT ) and Bring-Your- Own-Devices ( BYOD ) strategies . These devices might be anything from enduser phones and laptops to servers , printers and IoT devices such as HVAC controllers or security badge readers .
To understand what devices are on the network at any given point in time , CISOs also need to implement network access control ( NAC ) tools that can automatically identify and profile every device as it requests network access , in addition to scanning it for vulnerabilities . To minimise the risk of device
CISOs need to make sure that security processes avoid being so complicated or onerous that they hamper productivity or user experiences . www . intelligentciso . com
75