During his session, Zero Trust for Consumers from Authentication to Consent, Nathanael will examine ways rapid digitalization has complicated security efforts, the role of authentication and consent in Zero Trust and how companies can best navigate today’s high volume of cybersecurity threats. Additionally, his session will include key takeaways on:
- Why authentication and consent is required for Zero Trust in an infrastructure
- Why application programming interfaces (APIs) and services must be integrated to create a Zero Trust identity and access management (IAM) framework
- Steps companies can take to reduce the burden on developers to externalize their approach to identity, authorization and consent, rather than hard-coding it into their application
Zero Trust has revolutionized our approach to application infrastructure, but thus far it’s been focused on employee authentication and how to properly authenticate users to other services. However, application development has evolved to API-driven distributed services accessed by partners and consumers, changing the requirements for Zero Trust-based authentication and authorization. It’s no longer about authenticating a user and determining what they can do in an application. It’s evolved to regulating what a service can know about a user and what a service can share about a user.
Within an API-based transaction, there is a need to authenticate the requestor (often on behalf of a user), authenticate the service (API), authenticate the data in the transaction and perform authorization. Thus, these entities in the transaction all require unique identity and authorization (coarse, fine-grained and consent). Without identity and Zero Trust, compliance and enforcement mandates cannot be met effectively. Without authorization, weak APIs can be abused to leak sensitive data.
If you’re attending Authenticate in-person in Seattle this October, don’t forget to visit Cloudentity at booth #19. Guests can register for the conference here. We look forward to seeing you there!