Traditional perimeter-based methods of security are no longer effective in mitigating the risk of insider threats facing businesses today. The Zero Trust framework, first introduced by Forrester Research, changes the way we think about security by removing the notion of a trusted network to protect sensitive resources. Instead, security is enforced via strict access controls that assess the user and connecting device at the time of the request.
Zero Trust Access Management by ScaleFT enables organizations to achieve this type of security architecture much like Google did through their BeyondCorp initiative. Using ScaleFT, you are able to make more intelligent access decisions, where every request is fully authenticated, authorized, and audited in real-time.
Unlike traditional security practices which lean towards adding more controls to the network, a Zero Trust architecture is designed from the inside out, focused on the protected resources themselves.
Ensure all resources are accessed securely regardless of location
By treating every resource as if it were deployed to the public Internet, all network traffic should be treated as untrusted by default. This means all data should be encrypted from end-to-end, and all communication done over secure channels.
Adopt a least privilege strategy and strictly enforce access control
Every request must be authenticated and authorized in real-time, often through a role-based access control system. Access is only granted after verification, where a combination of coarse-grained and fine-grained policies determine trust.
Inspect and log all traffic
Ensure that all traffic is constantly monitored and logged to a central location where further analysis can be performed. Through visibility, patterns can be found that lead to an improved user experience, and any anomalies can be quickly identified.
ScaleFT manages access to protected resources in a Zero Trust fashion by making an intelligent, point-in-time attestation of trust with every login attempt based on dynamic conditions of the user and connecting device.
- ScaleFT integrates with your Identity Provider of choice to authenticate the user attempting to login to a resource through flexible role based access controls.
- When authorized for a specific resource, a Certificate Authority built into the Platform issues a short-lived client certificate used to to initiate a secure session.
- A lightweight Server Agent enrolls resources with ScaleFT to create local accounts in the background and log all user events for audit purposes.
- A Client Application running on the user’s device is used to synchronize certificates with the local operating system to ensure a seamless integrated workflow.