<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon

Unlocking Continuous Zero Trust Authorization with Strong Policy Engine

Trust can be broken at any moment. That means your approach to Zero Trust must be dynamic and flexible enough to find and account for broken trust in real-time. 

We are thrilled to announce an exciting new addition to the StrongDM Zero Trust Privileged Access Management (PAM) platform: Continuous Zero Trust Authorization. This powerful capability can help organizations leap forward in the Zero Trust journey by enabling continuous, contextual, and granular authorization and control over resources and data.

What is Continuous Zero Trust Authorization?

Continuous Zero Trust Authorization is the real-time monitoring of access and operations across your infrastructure and the ability to enforce contextual access policies in real time.

Continuous Zero Trust Authorization requires:

  • Visibility into the access and operations being taken in your infrastructure and the context surrounding them.
  • Flexible access controls that can consider any context in authentication decisions–whether that’s from devices, roles, attributes, or anything.
  • Distributed policies that can be enforced in real time anywhere on your network, regardless of the system, tool, or location where an activity is taking place.
  • Dynamic & real-time monitoring of risk and enforcement of policies in the case of something being deemed a risk.

At StrongDM, we understand the evolving needs of modern organizations, where security and access control are paramount concerns. With Continuous Zero Trust Authorization, we are taking access control to the next level, providing you with unprecedented capabilities to ensure the right individuals have the appropriate access to your critical assets.

Key Features of Continuous Zero Trust Authorization

Continuous Zero Trust Authorization builds on top of StrongDM’s already robust capabilities for delivering dynamic access to infrastructure and tools with a new policy engine, centralized policy management, and the ability to add nearly any context to real-time policy enforcement.

Strong Policy Engine

The robust Strong Policy Engine, powered by the Cedar Policy Language, enables distributed enforcement of centralized policies, creating a secure and unified access control framework across your infrastructure. The engine allows for policy evaluation with sub-millisecond response times, aligning with the high-performance standards that StrongDM users have come to expect.

Centralized Policy Management

Writing policies once and enforcing them everywhere is the dream. StrongDM simplifies policy management by extending your existing RBAC and ABAC policies with new signals and controls. This centralized approach streamlines administration, reducing the complexity of access control. With StrongDM, you can establish security measures that are uniformly enforced across all your diverse applications and infrastructure components. It builds upon the natural strengths of these resources by adding layers of security policies, thereby improving the existing controls and safeguards.

Attribute-based Authorization Models for Zero Trust

StrongDM supports various authorization models, including *BAC (Anything-based Access Control), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Policy-Based Access Control (PBAC). You have the flexibility to choose the model or blend of models that best suits your needs.

Context-based Signals for Granular Control 

Adding context-based signals like geography, device, IP, requestor data, or resource tags to access decisions provides additional information about the requester, the resource being accessed, and the environment. Coupled with continuous trust assessment, this allows organizations to roll out an adaptive security strategy that responds to changes in real-time. 

New Context-based Signal: Device Trust

A critical context signal for determining the risk associated with access is device posture. Today, we are introducing Device Trust, which adds even more control to authorization decisions. This allows you to incorporate device posture from security solutions like CrowdStrike or SentinelOne as part of the continuous trust assessment for authorization. This enhances your security by considering the health and security status of devices when granting access.

Why Continuous Zero Trust Authorization Matters

In today's rapidly changing threat landscape, traditional access control mechanisms are no longer sufficient. Where traditional least privilege has been primarily focused on minimizing access to systems, that approach suffers the same flaw as perimeter-based access–once access has been approved, that person can do whatever they want, provided they have the associated role. 

The goal of least privilege is to reduce access to the minimum necessary for each person to perform their job effectively. While the concept is straightforward, it is frequently still overly permissive in practice. This is because, for most enterprises, access grants are static and long-lived, so the path to least privilege usually involves removing access. 

✨ Another way to think about contextual trust assessment: If privileged access management is like a security guard in an office building giving someone access to the 12th floor; then, Zero Trust PAM would be like having an escort by your side the entire visit making sure you didn’t go into an office you shouldn’t, talk to someone you shouldn’t, or write something on the white boards that was inappropriate.

The rapid evolution of cloud resources presents a significant challenge in implementing Zero Trust access across a wide variety of infrastructure. Today, organizations deal with an unprecedented number of systems, each with its own unique configuration and access requirements. The complexity doesn't end with granting initial access; it's also about continuously assessing whether that access remains appropriate.

Software teams are building new applications for different use cases, and their security tooling must keep pace with themThey need ways to evaluate access continuously, not just at the point of entry. This includes robust security policies that are enforced in real time, all the time, and policy decisions that are informed by knowledge of the context on the ground. AWS created the Cedar policy language as a building block so that companies like StrongDM can build provable security into a new class of tools that are both easy and reliable. This next step in Zero Trust authorization has been a long time coming, and we're incredibly excited for this launch.” 

 

- Sarah Cecchetti, Head of Product, Cedar, AWS

Continuous authorization enables you to include operations executed in your environment as part of your Zero Trust initiatives. This approach ensures that access is continuously assessed and granted based on contextual factors, allowing you to make real-time access decisions that enhance security while preserving productivity.

By leveraging StrongDM's powerful capabilities, you can:

  • Minimize the risk of unauthorized access and data breaches.
  • Achieve granular control over resource access, reducing the potential for misuse.
  • Simplify policy management and enforcement across the entire infrastructure.
  • Incorporate device posture into access decisions for enhanced security. 

With Continuous Zero Trust Authorization, StrongDM empowers you to take a proactive and dynamic approach to access control, aligning with the principles of Zero Trust.

Get Started with StrongDM Today

StrongDM enables continuous, context-based authorization, and today, device posture is now available as a context signal that can be included in your authorization decisions. The new Strong Policy Engine – which will enable write once, enforce everywhere policies – is now in Beta and will be released in Q1 2024. 

Stay tuned for more updates and enhancements as we continue to evolve the StrongDM platform to meet your organization's Zero Trust PAM needs. Thank you for choosing StrongDM as your trusted partner in access control and security.

Want to see StrongDM in action? Book a demo.


About the Author

, Chief Product Officer (CPO), spearheads the StrongDM Zero Trust PAM platform. Previously, he was the Senior Director at Google, leading the Zero Trust and Identity and Access Management portfolio for GCP. His career includes executive roles at Netskope, driving its transition from CASB to SASE, and at Riverbed Technology. Amol was also a founding member at Tablus, a pioneer in Data Loss Prevention. To contact Amol, visit him on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Securing Network Devices with StrongDM's Zero Trust PAM Platform
Securing Network Devices with StrongDM's Zero Trust PAM Platform
Let’s talk about the unsung heroes of your on-premises infrastructure: network devices. These are the routers, switches, and firewalls that everyone forgets about…and takes for granted—until something breaks. And when one of those somethings breaks, it leads to some pretty bad stuff. If your network goes down, that’s bad, bad, bad for business. But if those devices lack the necessary security, well, that can leave you exposed in an incredibly dangerous way.
What Is Zero Trust for the Cloud? (And Why It's Important)
What Is Zero Trust for the Cloud? (And Why It's Important)
Zero Trust cloud security is a cybersecurity model that operates on the principle that no user, device, system, or action should be trusted by default — even if it's inside your organization’s own network. This approach minimizes the risk of breaches and other cyber threats by limiting access to sensitive information and resources based on user roles, device security posture, and contextual factors.
What Is Zero Trust Data Protection?
What Is Zero Trust Data Protection?
Zero Trust Data Protection isn't just the best way to safeguard your data — given today's advanced threat landscape, it's the only way. Assuming inherent trust just because an access request is inside your network is just asking for a breach. By implementing the latest tactics in authentication, network segmentation, encryption, access controls, and continuous monitoring, ZT data security takes the opposite approach.
Simplify Database Authorization with Policy-Based Action Control
Simplify Database Authorization with Policy-Based Action Control
As enterprises continue to modernize their IT environments, the need for a more advanced and adaptable approach to database authorization becomes increasingly apparent. Traditional models, with their reliance on static roles and broad permissions, are no longer sufficient to meet the demands of decentralized, dynamic infrastructures. StrongDM addresses this gap by offering a solution that emphasizes fine-grained, policy-based action control, enabling organizations to manage database access with the precision and flexibility required in today’s complex business environments.
StrongDM Now Delivers Continuous Authorization for Databases Through Fine-Grained Policy-based Action Control
Access is no longer the primary challenge in enterprise security; it's the actions of users that are most aligned with managing risk. By focusing on how actions are authorized, StrongDM is giving customers a more effective approach to enterprise security. Our policy-based action control ensures that, in addition to access, every user action is scrutinized, delivering a higher level of security tailored to meet the complex demands of modern enterprises.