October 17, 2022

Hey! Did you hear that (Insert: Your Company Name and Product) got hacked?

Have you noticed it’s never “Hey, someone got by a firewall” or “WOW, they bypassed the network security”?  

No. It’s always about the Device. It’s the same for hackers because everything else is just a means to an end, and that end is your Device! 

Imagine, late at night, driving around the Amusement Park security gate, then busting open the locked gated fence. These actions are necessary to get to the big score, the Rides! Yaaahoo! Free rides till the security guards show up.  

But what if a lot of the rides are not behind the security fence? How can those be better secured? 

The National Institute of Standards and Technology (NIST) has established the Zero Trust model, which among other security aspects, identifies requirements for “cloud-based assets that are not located within an enterprise-owned network boundary,” i.e., the rides outside the fence. 

In the NIST Special Publication 800-207 “Zero Trust Architecture” (ZTA) (https://doi.org/10.6028/NIST.SP.800-207), section 2.1 discusses the Tennent’s of Zero Trust. Among the seven tenents, item number six, “All resource authentication and authorization are dynamic and strictly enforced before access is allowed, is a critical component of a ZTA. Dynamically is the operative word in the statement, including the ability to scale dynamically! There must be a way, in a Zero Trust Architecture to dynamically provide authentication and authorization for every Device and every connection, regardless of location.  

At Device Authority, our solution aligns with the seven tenets of the NIST framework and provides dynamic policies, dynamic scaling, automatic isolation of offenders, robust reporting, and more. We ensure that every security lifecycle plan includes automatic certificate issuance, certificate rotations, encryption at rest and in transit, automatic device quarantine for any device abnormality, SBOM capabilities, code signing, and secure updates! Not to mention commissioning, decommissioning, and recommissioning.  

You’re not considering a complete Zero Trust architecture if you don’t include the Device’s entire automated Zero Trust lifecycle.   

Let us show you how Device Authority, following the NIST guidelines, can be a crucial component in your Dynamic Zero Trust Architecture.  



Louise José