Today, zero-trust architecture represents a philosophical shift in cybersecurity planning that seeks to address traditional limitations by making trust decisions based on the identity of a user or device rather than the location. The National Institute of Standards and Technology publishes a guide to zero-trust architecture that offers some deployment models as use cases.
1. Protect Connections from Users in Remote Facilities
The modern agency must support remote devices, including those from both individual users and satellite facilities. Secure access service edge approaches to cybersecurity shift the use of traditional perimeter security functions to a decentralized model, allowing direct internet access from a variety of locations. Protect communications through VPNs to deploy consistent security policies that apply to users and devices regardless of their locations.
2. Cloud-to-Cloud and Multicloud Environments
Agencies often operate in a world composed of many cloud services, and each has its own native security capabilities. These capabilities don’t necessarily align neatly with traditional on-premises controls. Cyber-security professionals operating in multicloud environments need to consider carefully the pros and cons of native versus traditional solutions for security and align these controls in a coherent manner.
3. Network Access Control Based on Contextual Information
Employees, contractors and visitors have connectivity needs within enterprise environments, often with devices that aren’t managed by enterprise security controls. Network access control technologies allow organizations to regulate access based on identity as well as contextual information, and limit access appropriately based on the situation. When necessary, devices can be given limited access or quarantined on special-purpose networks.
4. Federated Identity Management Across Enterprise Boundaries
Agencies collaborate constantly, and cybersecurity controls must facilitate this collaboration. The most effective way to achieve this is through federated identity management services that allow users from one organization to use their verified identities across agencies.
RELATED: Find out how Montana is moving to a zero-trust architecture.