Zero trust has become a key factor in the world of security. With virtually every
organization being online, there are many risks they may face. This is why zero trust
has become a golden rule. Its meaning in simple – don’t trust anyone!
Bahaa Abdul Hadi said, “When zero trust is used in architecture, it calls for a decision
on whether to allow, deny, or revoke access to a resource. This is a critical decision to
be taken and calls for a calibrated approach.”
Access to the network, access to applications, and access to inter-application assets
need to be considered for zero trust.
Dynamic authorization – the key to solving zero trust by Bahaa Abdul Hadi.pdf
1. Dynamic authorization – the key to solving
zero trust by Bahaa Abdul Hadi
Zero trust has become a key factor in the world of security. With virtually every
organization being online, there are many risks they may face. This is why zero trust
has become a golden rule. Its meaning in simple – don’t trust anyone!
Bahaa Abdul Hadi said, “When zero trust is used in architecture, it calls for a decision
on whether to allow, deny, or revoke access to a resource. This is a critical decision to
be taken and calls for a calibrated approach.”
Access to the network, access to applications, and access to inter-application assets
need to be considered for zero trust.
Zero trust technologies
As per Mr. Bahaa Abdul Hadi, this is the best strategy if rightly executed.
Implementing zero trust poses many challenges for organizations. Thankfully, there are
various technologies on offer that help in this. The use of these technologies help in
managing network access control and advanced authentication. The problem though is
that only network access control is addresses. Access to and within applications is not
supported.
Dynamic authorization
Dynamic authorization has emerged as a very powerful technology that makes zero
trust possible. It is an advanced technique that allows dynamic access to application
resources, data assets, any other applicable assets. The biggest benefit of dynamic
authorization is its dynamic nature where access is granted at real-time at the time of
access.
Dynamic authorization ensures zero trust through:
1. Runtime authorization enforcement, and
2. High levels of granularity.
Let’s understand how this works:
● A user attempts to access either a network, an application, or intra-application
assets.
● Evaluation is then initiated where the following is examined:
2. ● User level attributes are checked to find out their current roles, responsibilities,
and authorizations. Most importantly, it is verified if they have access to
confidential and personally identifiable information.
● Asset attributes like location assignment, classification of data, and metadata are
checked.
● Location from where authentication is sought is checked.
● Whether single or two-factor authentication is being used is verified.
● Other attributes like date and time of authentication and risk level of system are
verified.
● A policy engine carried out the authorization verification. It makes a decision on a
real-time basis.
● Every time a user attempts to access anything, a real-time authorization is given.
This dynamic authorization is driven based on the high levels of granularity.
Thanks to this technology, zero trust can now be used to help organizations reduce
security risks. It is important that security administrators ensure all three levels of zero
trust access control are managed. This can ensure a robust and secure system.
Bahaa Abdul Hadi