Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Identity. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.
Palo Alto Networks, CrowdStrike, Optiv, Ping Identity, the Cloud Security Alliance, and the FIDO (Fast Identity Online) Alliance are among the organizations supporting Zero Trust Authentication, which has been designed to negate the shortcomings of traditional authentication methods. Beyond Identity said it will be bringing practical Zero Trust Authentication advice to customers and channel partners via international and local events across 2023, while its category-defining book, Zero Trust Authentication, details the specific capabilities, requirements, policies, and best practices.
Authentication remains one of the more painstaking issues faced by CISOs with effective identification and authorization of users/devices often impacted by challenges spanning interoperability, usability, technical limitations, and vulnerabilities.
7 requirements of Zero Trust Authentication
Beyond Identity lists seven requirements for Zero Trust Authentication that differentiate it from traditional authentication. These are:
- Passwordless: No use of passwords or other shared secrets which can easily be obtained from users, captured on networks, or hacked from databases.
- Phishing resistant: No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.
- Capable of validating user devices: Able to ensure that requesting devices are bound to a user and authorized to access information assets and applications.
- Capable of assessing device security posture: Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.
- Capable of analyzing many types of risk signals: Able to ingest and analyze data from endpoints and security and IT management tools allowing policy engines to assess risks based on factors such as user behavior, the security posture of devices, and the status of detection and response tools.
- Continuous risk assessment: Able to evaluate risk throughout a session instead of relying on one-time authentication.
- Integrated with security infrastructure: Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviors, and improve audit and compliance reporting.
Current authentication methods are failing
“Current authentication methods are failing badly,” Jasson Casey, CTO at Beyond Identity, tells CSO. “The traditional approach to security was to establish a perimeter around the network and trust users and devices within that perimeter. However, this approach is no longer sufficient. With a range of cloud-based resources and users working or accessing resources from anywhere, the perimeter-based model failed.”
With a zero-trust approach, there is no network-based perimeter, and no implicit trust is granted, Casey adds. Instead, each user and device need to prove they are trustworthy, therefore, Zero Trust Authentication is a core element of any complete zero-trust strategy, Casey argues. “Simply stated, if an organization implements most of the zero-trust elements perfectly but continues to rely upon failed methods of authentication, their efforts will not yield the intended result — stopping adversaries from breaching systems, taking over accounts, or deploying ransomware.”
Adopting Zero Trust Authentication allows organizations to implement modern, robust security strategies by overcoming the limitations of passwords and legacy multifactor authentication (MFA), assuming the principle of never trusting and consistently verifying, Casey says. “The approach enables several benefits for organizations including a higher level of security by reducing the attack surface and making it more difficult for attackers to move within the network. In addition, it enables more flexible working arrangements as employees can work remotely while maintaining high security. Lastly, it helps organizations to remain compliant with constantly updating regulations by providing a secure, auditable security framework.”
Copyright © 2023 IDG Communications, Inc.
