Zero Trust

Started in April 2022

Zero Trust (ZT) is neither a technical solution nor a service, but rather a different way of working. Hence, ZT represents a “natural evolution” across all industries, and all company sizes, of how security should be done. One of the objectives of the PCSI ZT project is to chart a "transition model" that PCSI partners can use to make their shift to ZT not only possible, but complete and true. 

https://pcsi.nl/uploads/projects/ZeroTrust-1920x1080.jpg

ZT is all about making dynamic informed decisions in a constantly changing world based on all the layers of protection an organization already has to prevent unauthorized or unexpected activities. This can be a game-changer. It future-proofs organizations against not yet known threats and attacks. Whenever detected behavior or attributes diverge from what is expected, ZT provides the system with real-time reactive prevention capabilities. For example an attacker’s behavior diverging from the behavior of a normal user will be detected and stopped by terminating the access of the attacker.

Innovative idea

While ideas of what ZT should be have been introduced over a decade ago by the Jericho group1, the realization of such an approach has never been more out of reach due to the wild diversity of how organizations implement their technical infrastructure and their security countermeasures. We think that a vendor-agnostic ZT approach is required for ZT to finally really happen, and we intend to make this possible by demonstrating how a ZT orchestration layer should work.

Problem solving

Most vendors claim to provide such a ZT orchestration layer within their products, although these products do not interact well (or at all!) with technologies and/or products outside the scope of their direct commercial interests. Our innovative idea aims to solve this market issue by providing the PCSI partners with an orchestration layer for ZT, built from existing tooling, that properly meets the requirements in terms of agnosticism, both technical and commercial. 

All PCSI partners have been actively looking at ZT for some time and consider the transition to it as a step forward in their security strategies. Identifying the requirements for ZT and how to fulfil them has been at the forefront of our project. Now we are joining forces to create the one ZT enabler that is still missing.

Project results

Activities in the Explore phase

Within the double Explore phase this project came to the informed conclusion that the orchestration layer at the top of the ZT list of required enablers is a crucial “building block” that everyone misses to proceed forward in their respective ZT implementation roadmaps. 

Activities in the POC phase

We intend to create a Proof of Concept for a zero-trust orchestrator that can make dynamic and informed decisions based on trustworthiness to prevent unauthorized or unexpected activities. At the end of the POC phase we want to provide the PCSI partners with tools that form a starting ground for the implementation of a ZT architecture.

Activities in the Pilot phase

We will set up 3 different use cases to secure access to business applications and to test orchestration capabilities. 

 

 

1. https://www.opengroup.org/forum/security/zerotrust

This project is part of the trend

39 Opportunity October 2024

Growing interest in zero-trust initiatives

Zero trust is the principle of 'never trust, always verify'. The assumption is that there is no hard line between trusted and non-trusted zones. Zero trust allows an organization to use contextual information to make (risk based) security decisions (such as authentication or access management). Contextual information can be e.g. identity, credentials, authenticators, location, device, time of day etc.
Beeldmerk PCSI
PCSI is a collaboration of
    ABN-AMRO Achmea ASML Belastingdienst ING TNO