<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon

Unlocking Continuous Zero Trust Authorization with Strong Policy Engine

Trust can be broken at any moment. That means your approach to Zero Trust must be dynamic and flexible enough to find and account for broken trust in real-time. 

We are thrilled to announce an exciting new addition to the StrongDM Zero Trust Privileged Access Management (PAM) platform: Continuous Zero Trust Authorization. This powerful capability can help organizations leap forward in the Zero Trust journey by enabling continuous, contextual, and granular authorization and control over resources and data.

What is Continuous Zero Trust Authorization?

Continuous Zero Trust Authorization is the real-time monitoring of access and operations across your infrastructure and the ability to enforce contextual access policies in real time.

Continuous Zero Trust Authorization requires:

  • Visibility into the access and operations being taken in your infrastructure and the context surrounding them.
  • Flexible access controls that can consider any context in authentication decisions–whether that’s from devices, roles, attributes, or anything.
  • Distributed policies that can be enforced in real time anywhere on your network, regardless of the system, tool, or location where an activity is taking place.
  • Dynamic & real-time monitoring of risk and enforcement of policies in the case of something being deemed a risk.

At StrongDM, we understand the evolving needs of modern organizations, where security and access control are paramount concerns. With Continuous Zero Trust Authorization, we are taking access control to the next level, providing you with unprecedented capabilities to ensure the right individuals have the appropriate access to your critical assets.

Key Features of Continuous Zero Trust Authorization

Continuous Zero Trust Authorization builds on top of StrongDM’s already robust capabilities for delivering dynamic access to infrastructure and tools with a new policy engine, centralized policy management, and the ability to add nearly any context to real-time policy enforcement.

Strong Policy Engine

The robust Strong Policy Engine, powered by the Cedar Policy Language, enables distributed enforcement of centralized policies, creating a secure and unified access control framework across your infrastructure. The engine allows for policy evaluation with sub-millisecond response times, aligning with the high-performance standards that StrongDM users have come to expect.

Centralized Policy Management

Writing policies once and enforcing them everywhere is the dream. StrongDM simplifies policy management by extending your existing RBAC and ABAC policies with new signals and controls. This centralized approach streamlines administration, reducing the complexity of access control. With StrongDM, you can establish security measures that are uniformly enforced across all your diverse applications and infrastructure components. It builds upon the natural strengths of these resources by adding layers of security policies, thereby improving the existing controls and safeguards.

Attribute-based Authorization Models for Zero Trust

StrongDM supports various authorization models, including *BAC (Anything-based Access Control), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Policy-Based Access Control (PBAC). You have the flexibility to choose the model or blend of models that best suits your needs.

Context-based Signals for Granular Control 

Adding context-based signals like geography, device, IP, requestor data, or resource tags to access decisions provides additional information about the requester, the resource being accessed, and the environment. Coupled with continuous trust assessment, this allows organizations to roll out an adaptive security strategy that responds to changes in real-time. 

New Context-based Signal: Device Trust

A critical context signal for determining the risk associated with access is device posture. Today, we are introducing Device Trust, which adds even more control to authorization decisions. This allows you to incorporate device posture from security solutions like CrowdStrike or SentinelOne as part of the continuous trust assessment for authorization. This enhances your security by considering the health and security status of devices when granting access.

Why Continuous Zero Trust Authorization Matters

In today's rapidly changing threat landscape, traditional access control mechanisms are no longer sufficient. Where traditional least privilege has been primarily focused on minimizing access to systems, that approach suffers the same flaw as perimeter-based access–once access has been approved, that person can do whatever they want, provided they have the associated role. 

The goal of least privilege is to reduce access to the minimum necessary for each person to perform their job effectively. While the concept is straightforward, it is frequently still overly permissive in practice. This is because, for most enterprises, access grants are static and long-lived, so the path to least privilege usually involves removing access. 

✨ Another way to think about contextual trust assessment: If privileged access management is like a security guard in an office building giving someone access to the 12th floor; then, dynamic access management would be like having an escort by your side the entire visit making sure you didn’t go into an office you shouldn’t, talk to someone you shouldn’t, or write something on the white boards that was inappropriate.

The rapid evolution of cloud resources presents a significant challenge in implementing Zero Trust access across a wide variety of infrastructure. Today, organizations deal with an unprecedented number of systems, each with its own unique configuration and access requirements. The complexity doesn't end with granting initial access; it's also about continuously assessing whether that access remains appropriate.

Software teams are building new applications for different use cases, and their security tooling must keep pace with themThey need ways to evaluate access continuously, not just at the point of entry. This includes robust security policies that are enforced in real time, all the time, and policy decisions that are informed by knowledge of the context on the ground. AWS created the Cedar policy language as a building block so that companies like StrongDM can build provable security into a new class of tools that are both easy and reliable. This next step in Zero Trust authorization has been a long time coming, and we're incredibly excited for this launch.” 

 

- Sarah Cecchetti, Head of Product, Cedar, AWS

Continuous authorization enables you to include operations executed in your environment as part of your Zero Trust initiatives. This approach ensures that access is continuously assessed and granted based on contextual factors, allowing you to make real-time access decisions that enhance security while preserving productivity.

By leveraging StrongDM's powerful capabilities, you can:

  • Minimize the risk of unauthorized access and data breaches.
  • Achieve granular control over resource access, reducing the potential for misuse.
  • Simplify policy management and enforcement across the entire infrastructure.
  • Incorporate device posture into access decisions for enhanced security. 

With Continuous Zero Trust Authorization, StrongDM empowers you to take a proactive and dynamic approach to access control, aligning with the principles of Zero Trust.

Get Started with StrongDM Today

StrongDM enables continuous, context-based authorization, and today, device posture is now available as a context signal that can be included in your authorization decisions. The new Strong Policy Engine – which will enable write once, enforce everywhere policies – is now in Beta and will be released in Q1 2024. 

Stay tuned for more updates and enhancements as we continue to evolve the StrongDM platform to meet your organization's dynamic access management needs. Thank you for choosing StrongDM as your trusted partner in access control and security.

Want to see StrongDM in action? Book a demo.


About the Author

, Chief Product Officer (CPO), spearheads the StrongDM Dynamic Access Management platform. Previously, he was the Senior Director at Google, leading the Zero Trust and Identity and Access Management portfolio for GCP. His career includes executive roles at Netskope, driving its transition from CASB to SASE, and at Riverbed Technology. Amol was also a founding member at Tablus, a pioneer in Data Loss Prevention. To contact Amol, visit him on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Zero Trust vs. VPN: Key Differences Explained (Side-by-Side)
Zero Trust vs. VPN: Key Differences Explained (Side-by-Side)
Understanding the core differences between a Zero Trust architecture and a Virtual Private Network (VPN) is an important step in shaping your organization’s cybersecurity strategy. Zero Trust and VPNs offer distinct approaches to security; knowing their functionalities and security philosophies helps you understand when to select one or the other to protect your data effectively—a strategic necessity for robust cybersecurity.
NSA Zero Trust Maturity Guidance Explained (TL;DR Version)
NSA Zero Trust Maturity Guidance Explained (TL;DR Version)
StrongDM is pleased to see that, in April 2024, the National Security Agency of the United States, has released a Cybersecurity Information (CSI) sheet that recommends why and how organizations, public and private, should adopt the Zero Trust (ZT) security model for their data tier of infrastructure. At the core of the recommendations, an organization needs to know what data it possesses, how that data is being accessed, and how to control access to that data.
PAM Was Dead. StrongDM Just Brought it Back to Life.
PAM Was Dead. StrongDM Just Brought it Back to Life.
In essence, legacy PAM solutions over-index on access. StrongDM uses the principles of Zero Trust to evaluate and govern every action, no matter how minor - where each command, query, or configuration change is evaluated in real-time against dynamic policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.
Top 9 Zero Trust Security Solutions
Top 9 Zero Trust Security Solutions in 2024
Zero trust is a security and authentication model that eliminates the assumption of trust and shifts the focus from a traditional security parameter, like a VPN or firewall, to the individual user. Nearly all (92 percent) cybersecurity professionals agree that it’s the best network security approach that exists. In this article, we’ll evaluate the top nine zero trust solutions and help you decide which is right for your organization.
XZ Utils Backdoor Explained: How to Mitigate Risks
XZ Utils Backdoor Explained: How to Mitigate Risks
Last week, Red Hat issued a warning regarding a potential presence of a malicious backdoor in the widely utilized data compression software library XZ, which may affect instances of Fedora Linux 40 and the Fedora Rawhide developer distribution. CISA, or Cybersecurity & Infrastructure Security Agency, confirmed and issued an alert for the same CVE.