WHO WE ARE

Article

[wpbread]
Sean Beard Profile Picture
Alan Henson Profile Picture
Sean Beard
Alan Henson
WHAT WE DO

Brand Architecture
Brand Strategy
Employer Branding
Mergers & Acquisitions

We’re passionate about tackling the imperatives of modern leaders

Learn how we deliver on these essential, strategic needs that enable companies to sustain a resilient and impactful business.

HOW WE DO IT
CASE STUDIES
INDUSTRIES
Building better healthcare outcomes, together

At Pariveda, we bring thought leadership to all healthcare industry challenges. Leveraging the benefits of advanced, emerging technologies and fresh perspectives….

INSIGHTS
CAREERS

Choose a career that makes a difference

Perspectives

Trust Comes First in a Zero Trust World

Zero Trust flips traditional enterprise perimeter security. An organization should start the journey by setting clear objectives and direction before heading too far down the path of implementation.
Josh Jones Profile Picutre
Josh Jones

AT A GLANCE

  • Create a clear organizational definition of what “trust” means
  • Answer the key questions: who is the Identify Provider? What are the device and client applications trusted to issue requests?  Where is the network owner allowed to grant access?
  • Composing required trust by flipping from a criteria-first policy to a criteria-last allows the criteria to match and validate access requests to evolve over time
     

Those familiar with the concept of Zero Trust know that it flips traditional enterprise perimeter security on its head. Given that security touches all corners of the enterprise, including physical and digital elements, it is no surprise that moving an organization towards a Zero Trust architecture is a challenging endeavor. Therefore, it is critical to start the Zero Trust journey by setting clear objectives and direction before heading too far down the path of implementation.

A definition-first approach to Zero Trust

Ironically, the key to establishing a Zero Trust environment is clearly defining what “trust” means to the organization. Here are some questions to consider as you develop your definition:

  • Who are the trusted parties?
  • What roles are those parties trusted to play in securing the enterprise?
  • What assets are being protected?
  • What are the protection objectives for those assets?

One cross-cutting challenge organizations will face with Zero Trust, is authenticating access requests to enterprise assets. Enterprise security teams must ensure coverage of all access scenarios, given key aspects of an incoming request, such as Identity, Device, Network, and Target Asset. A popular concept for addressing this concern is “Conditional Access” which is the dynamic decision of whether to grant access to an enterprise asset.

When tackling enterprise authentication scenarios, it is easy for an organization to fall into the trap of allowing implementation to drive design. It is important to keep existing security tools from taking the lead in defining the organizational trust strategy. Instead, organizations should consider leading with a definition-first approach, where leaders define trusted access scenarios across aspects of Identity, Device, and Network:

Identity (the “who”)

  • Is the Identity Provider trusted to verify and authenticate the Identity?
  • Is the Identity Manager trusted to maintain and verify the health of the Identity?
  • Is the Identity human or non-human?

Device (the “what”)

  • Are the Device and Client Application trusted to issue requests?
  • Is the Device Manager trusted to maintain and verify Device health?

Network (the “where”)

  • Is the Network Owner and Network Address (IP) trusted to send traffic?

Take a value-oriented approach to Zero Trust

A strategy-driven approach to Zero Trust

One sign that implementation is driving design is when authentication rules are tightly coupled to existing use cases and do not speak clearly to a broader enterprise security posture. The missed opportunity is to establish a clear, structured definition of trust that outlines the enterprise security posture and illuminates the key security decisions. In the short and long term, a strategy-driven approach to Zero Trust will create confidence in an organization’s ability to be flexible to rapidly changing security requirements. Try explaining planned enterprise security policies to a non-technical executive. If that is challenging, confusing to them, or requires many words to communicate, the enterprise security posture may be too focused on the short term.

Taking the first step in a Zero Trust world

Tactically addressing existing security use cases is important, and it is a good incremental step that can be taken to start securing the enterprise now. But there is a better way to think about access control to enable long-term success for the enterprise.

Quality access control is best initiated by composing required trust – which is the minimum level of trust that an organization requires to grant access to enterprise assets. To compose the required trust, the solution thinking must flip from criteria-first policies to criteria-last. The specific criteria for matching and validating access request scenarios will evolve over time as the enterprise Zero Trust security posture matures. Therefore, it is more important to first define the trust structure, to which specific matching criteria and validation tools can then be assigned.

Consider beginning (or renewing) the enterprise Zero Trust journey by first setting clear objectives and direction through the lens of what “trust” means to your enterprise. Seek to compose required trust in a structure that will be flexible to rapidly changing security criteria and advancements in implementation tools. And, in doing so, establish an enforceable enterprise security posture that better stands the test of time.

New to Zero Trust? Check out the following resources for more information:

Flip the narrative on Zero Trust from fear-based to value-oriented

FEATURED INSIGHTS

Perspectives

[wpbread]

Life at Pariveda

[wpbread]

Perspectives

[wpbread]

Perspectives

[wpbread]

Perspectives

[wpbread]

Perspectives

[wpbread]
Josh Jones Profile Picutre
By Josh Jones
Principal
Mr. Josh Jones has a breadth and depth of experience in the implementation of custom IT solutions across a wide range of industries. Josh’s work experience includes clients from many retail energy providers, oil & gas, construction, and healthcare.

Featured insight

Article

[wpbread]
Unlock generative AI’s creative potential by shifting governance from restrictive controls to enabling frameworks that foster creativity, innovation, and responsible exploration….
Sean Beard Profile Picture
Alan Henson Profile Picture
Sean Beard
Alan Henson

Related insights

Swipe To View

Related specialties

Industry

hide

SERVICE​

Technology & Digital

Let’s create something great together

Looking️ for️ a️ team️ to️ help️ you️ solve️ a️ complex️ problem?️