The 7 Requirements for Zero Trust Authentication

Logo
Presented by

Joshua Gonzales, Cybersecurity Enthusiast

About this talk

A Zero Trust Authentication solution must focus on seven requirements that ensure your organization is well-equipped for modern threats and risks. 1. Passwordless: Passwords and shared secrets are fundamentally insecure as seen in the cyberattacks happening every day. 2.Phishing-resistant: Phishing-resistant MFA uses factors like cryptographic keys and biometrics, which do not rely on trust because the key is tied to the device. 3. Cryptographically validating user device: You need to verify device possession and that the device is authorized to access resources. Validation should also prevent access by devices vulnerable to compromise. 4. Ability to evaluate device security posture: Ensure devices are compliant and meet security standards. 5. Incorporate many types of risk signals: Utilizing risk signals and a robust policy engine allows you to either block access if risky or abnormal behavior is detected or require step-up authentication for high-risk situations. 6. Continuous authentication: Risk-based access at login isn’t enough. To achieve Zero Trust Authentication, the solution must continuously verify the user's identity and their authorization to access sensitive resources. 7. Integration with existing security infrastructure: Leverage the entire security ecosystem to institute robust authentication decisions to secure resources. This requires the sharing of data between tools in the security ecosystem to improve risk detection.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (27)
Subscribers (931)
Zero Trust Authentication protecting your workforce, customers, and developers with passwordless, phishing-resistant MFA! www.beyondidentity.com