Delinea | Privileged Access Management Blog

Five Best Practices for Zero Trust Security

Written by Delinea Team | Feb 14, 2018 5:00:00 AM

The Delinea Zero Trust Security model is effective because it allows organizations to remove trust from the equation entirely. Based on the assumption that untrusted actors already exist inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure. Only after identity is authenticated and the integrity of the device is proven can access to resources be granted--but even then with just enough privilege to perform the task at hand.

Here are five best practices for achieving Zero Trust security:

Always Verify the User with Multi-factor Authentication (MFA)

The days of securely verifying a user’s identity with a password are long gone. Today, user names and passwords can be phished, sniffed by malware, or bought off the Dark Web. That means credentials must be fortified with MFA, which uses something you have, something you know, or something you are.

Multi-factor authentication must be applied regardless of the user: end-user, privileged user, outsourced IT, partner, or customer, and regardless of the resource being accessed: application or infrastructure. Organizations should require additional verification layers to authenticate users attempting to access the most sensitive data or to elevate privilege.

Always Validate the Device

Just like users, devices cannot be trusted without verification. To achieve Zero Trust Security, identity-centric controls must be extended to the endpoint. That means every device used to gain access to corporate resources must first be enrolled so that it can be recognized and verified.

The good news is that device enrollment processes are no longer the cumbersome challenges they once were. Delinea’s mobile device management solution features a self-service enrollment process that requires little to no administrative overhead. It supports all popular mobile devices with automated certificate enrollment that secures access to Exchange, VPN, and Wi-Fi, ensuring only assigned users can access information.

Ensure the Device Measures Up to Your Security Standards

Properly verifying a device also means ensuring they stand up to your company’s policies around disk encryption, virus protection, up-to-date patches, and other security requirements. For this, you must be able to easily track and enforce the status of all devices across your enterprise.

Organizing users by group or role is highly recommended as it allows you to set up device policies based on business needs which helps to ensure only appropriate, authorized applications are installed on devices. Look for a solution with automated de-provisioning when user accounts are disabled or deleted as well as the ability to wipe, lock, and un-enroll lost or stolen devices.

Least Access and Least Privilege for IT and Everybody Else

Anyone with admin privileges is a hot target for criminals looking to access your environment and data. First and foremost, admin privileges should be strictly managed -- movement within the infrastructure should be limited and access should only be granted to resources absolutely necessary to perform job functions.

Use a Solution that Learns and Adapts

Today’s leading identity management solutions are capable of collecting information about the user, endpoint, application, server, policies, and all activities related to them, and feeding that info into a data pool that enables machine learning.

Delinea leverages behavior analytics to recognize unusual behaviors such as accessing resources from unusual locations to assign a risk score that’s used to make adaptive, dynamic decisions about granting access and privileges. The higher the risk that’s calculated, the more factors of authentication will be required from the user or the more restricted their access may be.

Delinea Zero Trust Security

Delinea provides integrated identity services across apps, endpoints, and infrastructure for all users, without sacrificing best-of-breed features. Organizations may consider approaching Zero Trust by implementing IDaaS, MFA, EMM, PAM, and User Behavior Analytics (UBA) technologies from separate vendors, but disparate solutions leave gaps and are expensive to implement and maintain.

Learn more about Zero Trust Security here.