Think of ZTA’s core components as the brain of the system. A policy engine (policy decision point) makes decisions on granting access to a user. The policy administrator (policy administration point) helps you create, edit, and manage policies used to grant access, and generates session-specific authentication credentials for users. The policy enforcement point is responsible for managing connections between users and resources.
The functional components of ZTA consist of data security, endpoint security, identity and access management (IAM), and security analytics:
- Data security component: Protects data at rest and in transit with data access policies that are used to protect data at rest and in transit.
- Endpoint security component: Safeguards endpoints from both external threats and threats from managed or unmanaged devices.
- IAM component: Creates, stores and manages user accounts and identity records, making sure the right people have their access to enterprise resources.
- Security analytics component: Covers all threat intelligence feeds and activity monitoring for an IT enterprise, gathering behavior insights to actively respond to threats.
Finally, the device and network infrastructure components include assets (devices) such as laptops, tablets, and other IoT devices that connect to enterprise resources. Assets are connected to enterprise resources, like data, applications, and resources that can be hosted on-premise, in the cloud, or at the edge. Along with assets, are enterprise resources which include data, resources, and applications that are hosted and managed on premise, in the cloud, or at the edge. The network infrastructure components cover all the network resources that an enterprise may need to deploy to keep everything running smoothly.
As for extending the efficacy of ZTA, one approach is to incorporate the National Institute of Standards and Technology (NIST)’s recommendation on using a policy engine to implement an attribute-based access control (ABAC) model. With ABAC and dynamic authorization, authorization decisions are made by evaluating attributes in real time, giving you greater flexibility and a more secure way to manage access. This approach offers better scalability and improved security compared to traditional methods.
To learn more about ZTA and its importance, please refer to NextLabs’ interview with Alper Kerman, author of the Implementing a Zero Trust Architecture document, on Why is Zero Trust Architecture (ZTA) Important?
For more general information on Zero Trust and NextLabs, check out the following resources: