Zero Trust und Identity Management

What is Zero-Trust?

The term “zero trust” refers to a special security model in which no one is automatically trusted. It is based on the assumption that no device, user or service is trusted. Every access to the company network should be checked several times. Particularly unfounded trust should be avoided with this approach in order to minimize security risks. In view of increasing cyber security threats and hybrid working, this principle is more relevant than ever before. The “zero trust” security model is also known as permiterless security and differs fundamentally from conventional models, which follow the concept of testing and trust. In contrast, the Zero Trust model attempts to offer comprehensive protection by not automatically classifying any request as trustworthy (even if this request is made from within the company network).

Zero-Trust im Identity & Access Management

The zero-trust model is increasingly being implemented in the area of identity and access management in particular, allowing users to access the corporate network from any location while guaranteeing centralized, robust security. Four aspects that are relevant when implementing a zero-trust model in Identity & Access Management are presented below:

1. Identities as a network boundary: Access options outside the firewall and the company network require dynamic and continuous authentication. This ensures that the user is who they claim to be. Such authentication requires a centralized system that selects the appropriate authentication level depending on the risk. Continuous authentication plays a central role here, in which changes in behavior / context are considered to determine whether another user has taken control.
2. Multifactor authentication (MFA): Multifactor authentication is a strong authentication method that requires at least two factors. The factors come from different categories (password, fingerprint, PIN, one-time password, hardware token, etc.). With risk-based authentication, context-related mechanisms (such as geographical location or similar) can also be included in order to detect whether the user deviates from their typical behavior.
3. Least Privilege Ansatz: Das Prinzip des Least Privilege muss so umgesetzt werden, dass Identitäten nur die niedrigste Zugriffsstufe gewährt wird. Dies kann in Kombination mit Netzwerk-Segmentierung sowie adaptivem Zugriff umgesetzt werden.
4. Use of application proxies: Application proxies enable the establishment of a control level on which the access rules for each application are defined. Using a proxy, company resources can be protected by means of centralized rules. Modern identity protocols such as OAuth or OpenID Connect can be used for this purpose.

Zero-Trust @ OCG

The relevance of the “zero trust” approach is more important than ever in the modern working environment. As a company, we also take the approach of implementing our products as securely as possible. Our products can always be used / implemented in combination with an MFA approach. We offer various options for this, both on premises and in combination with Azure AD.

Furthermore, the least privilege approach can be implemented in combination with our Role-Based Access Control extension. Clearly defined role management controls access to the various company resources and is managed centrally in the IAM system. This product can be used both on premises and in the cloud.

We also offer the implementation of an application proxy as a service in order to release local applications in the cloud or restrict their use for certain user groups.

If you would like to find out more about “Zero-Trust” or would like a presentation of one of our products, please contact us – simply send an email to info@ocg.de or use our contact form.