First coined a decade ago by an analyst at Forrester Research, zero-trust security models assume that all devices and users can’t be trusted. This assumption carries through after a user has initially gained access to the network.
Based on this assumption that a user cannot be trusted, zero-trust models continuously verify and authenticate users no matter where, when and how they access a system. This protects organizations by preventing unauthorized movement within a network’s systems.
As such, zero-trust security is a radical framework designed to protect organizations from the reputational, legal and operational costs associated with large-scale data breaches.
At Keyless we’re helping enterprises transition to zero-trust security architectures with our breakthrough biometric authentication technology.
How zero-trust models work
The seven pillars of zero-trust security
The difference between trust-based and zero-trust security
How to implement zero-trust security
The Keyless solution: zero-knowledge biometrics
This type of architecture employs several security measures, including identity and access management, multi factor authentication, network segmentation, and continuous monitoring of user and device behaviour.
In zero-trust security, users and devices are not granted unrestricted access to network resources, but are granted access only to the resources they need to perform their tasks. This approach reduces the attack surface and limits the damage that can be caused by a breach.
One of the key components of zero-trust security is the use of micro-segmentation, which involves breaking up a network into smaller, isolated segments, each with its own security controls. This limits the ability of an attacker to move laterally across the network and access sensitive resources.
There are seven ‘pillars’ that uphold the framework of zero-trust security and form a comprehensive zero-trust strategy. Here’s a breakdown of the seven steps for a better understanding of its workings:
The first pillar focuses on the need to verify the identity of every user and device trying to access network resources. It involves establishing a secure identity and access management system that includes multifactor authentication and password management.
This step addresses the security of devices that are used to access network resources. It involves implementing measures such as patch management, endpoint security, and encryption to ensure that devices are secure and meet security standards.
The third pillar focuses on securing the network itself by implementing measures such as segmentation, firewalls, and intrusion detection systems. This helps to limit the potential attack surface and prevent lateral movement within the network.
Pillar four addresses the security of applications that are used to access network resources. It involves implementing measures such as access controls, encryption, and vulnerability management to ensure that applications are secure and meet security standards.
The fifth pillar focuses on securing sensitive data by implementing measures such as encryption, data loss prevention, and data classification. This helps to prevent unauthorized access, exfiltration, or modification of sensitive data.
This pillar monitors and analyses user and device behaviour to detect and respond to potential threats. It involves implementing measures such as security information and event management (SIEM) systems, network traffic analysis, and user behaviour analytics.
Finally, this pillar involves automating security processes and responses to improve the speed and efficiency of security operations. It involves implementing measures such as security orchestration, automation, and response (SOAR) systems, and incident response playbooks.
Perimeter-based network security models, like firewalls and VPNs, traditionally trust users who are inside the network.
Unfortunately, this approach leaves organizations susceptible to threats launched from within the network; while also failing to protect against incoming threats when systems are being accessed remotely.
Recent work-from-home orders are highlighting security flaws with the perimeter-based network security approach.
With the rapid rise of users accessing an organization’s systems remotely, (from outside the security perimeters of corporate firewalls), the chances of a successful breach have increased sharply.
Since legacy security systems rely on trust, once a hacker gains access to a network, they’re then able to freely move throughout the network until finding sensitive data.
Malicious attacks aren’t the only issue with legacy security systems. Trust-based models leave organizations susceptible to insider-orchestrated attacks and data leaks.
Thus, the assumption of trust is fundamentally flawed, leaving systems vulnerable to an ever-increasing number of sophisticated attacks. As the classic saying goes, “if it can get hacked, it will”.
With the growing threat of attacks, this is essentially true for all systems that store sensitive data and fail to adequately protect it. Zero-trust models can help organizations restore security and privacy.
As the global workforce moves online, enterprises need authentication solutions that are not only secure, but dynamic and user-friendly at the same time.
We believe that modern access management is about the right people, having the right level of access at the right time, with the least amount of friction possible.
The first step towards implementing a zero-trust security architecture should be to adopt secure passwordless authentication. The second would be to implement access controls at every entry point to an organization’s private systems and databases.
Access controls can be used to prevent lateral movement throughout the network, while ensuring that only privileged users have access to sensitive databases and private resources.
By establishing trust, (via re-authenticating), as the user moves through the network, zero-trust authentication prevents malicious actors from being able to launch large-scale attacks.
The zero-trust model also prevents unauthorized users or employees from accessing data that they shouldn’t have access to.
At Keyless, we combine multi-modal biometrics with privacy-enhancing cryptography and state-of-the-art anti-spoofing technology to enable a passwordless, phishing-proof way to authenticate users, leveraging a zero-trust framework.
In doing so, we are able to offer seamless, ‘onelook’, multi-factor authentication for end-users and employees, across all platforms and devices.
With cyberthreats increasing in sophistication and scale, zero-trust models can help transform security architectures and protect enterprises by offering new levels of protection, helping to ease the transition into a digital future where remote work is commonplace.
Our solution offers strong multi-factor security, by design:
For the first authentication factor, Keyless verifies users who are accessing from a trusted device. If a device is not registered, the user won’t be able to authenticate
For the second authentication factor, we use facial biometrics to verify users across every touchpoint — a universal inherence factor as an added level of security
Soon, Keyless will involve behavioural biometrics, which serves as another, transparent third factor — across platforms and devices
In other words, users seamlessly authenticate simply by looking into the camera of their registered device. Our network verifies users in less than 100 milliseconds, less time than it takes to type out an email address and password.
By providing a secure, frictionless way to establish access controls at multiple entry points, Keyless prevents unauthorized movement through private corporate systems.
This protects organizations from a range of threats inside the network, like malicious takeovers, insider attacks and data leaks.
To protect end-users and organizations from other kinds of malicious attacks, like fraudulent attempts to replicate a user’s biometrics, Keyless uses advanced liveness detection and anti-spoofing techniques to ensure that the user is in fact real.
If you’re interested in how Keyless™ authentication can help deliver secure and seamless digital experiences, or if you’d simply like to learn more about our technology, then please feel free to get in touch with our team.
You can email us at firstname.lastname@example.org
We’re always keen to have a chat about how we can help businesses on their journeys towards a complete zero-trust security model.