Zero Trust Hardware Access
Zero Trust Hardware Use Case
A large corporate bank identified a suspicious transaction within the enterprise. Upon further investigation, it was discovered that the palm-vein scanner used for biometric authentication was compromised and, subsequently, granting unauthorized access. As a result of the compromise, the bank’s Zero Trust (ZT) model was at risk of being circumvented due to its reliance on identity-based access control.
Zero Trust is a network security model based on the principle of “never trust, always verify”. By acknowledging that threats not only originate outside the organization’s perimeter but also within, ZT eliminates the component of trust that was once automatically given to internal users and devices. Every user and device, internal or external, must be authenticated and authorized before granting access to an enterprise’s resources and data.
To implement ZT, micro-segmentation splits the network into smaller, more granular parts, each of which requires separate access authorization. In doing so, micro-segmentation controls east-west network traffic, i.e. lateral movement, as a means to reduce the attack surface. The implementation of micro-segmentation is supported by the principle-of-least-privilege whereby users only access the specific resources required to perform the task at hand. Enforcing the principle-of-least-privilege requires identity-based access control which, naturally, relies on identifying the user and their role. Identifying users is typically through multi-factor authentication, which can be done in three different ways: