Making Dynamic Authorization an Essential Pillar in Federal Government Zero Trust Architecture Strategies
Published on March 29, 2022,
by Brook Lovatt
Author: Brook Lovatt, Chief Product Officer of Cloudentity
The government’s focus on Zero Trust has risen in the past year, as shown by the Biden Administration's May 2021 and January 2022 executive orders and the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. CISA’s Zero Trust Maturity Model is one of many roadmaps that assist government agencies in the development of their Zero Trust architecture strategies and implementation plans to ensure they comply with the May 2021 executive order.
Cloudentity & Zero Trust
In CISA's Maturity Model, dynamic authorization is an optimal end state for government agencies adopting Zero Trust models. With the help of Cloudentity, organizations can achieve a verifiable Zero Trust security posture that ensures the right users, systems and APIs have access to the right resources, services and data under pre-defined, acceptable conditions. By externalizing authorization, Zero Trust controls can be managed with greater flexibility and effectiveness. Using our intelligent authorization platform, organizations can control, monitor, audit and tune access and data exchange between users, systems, applications and APIs with declarative authorization and dynamic enforcement for every transaction.
Cloudentity was recently awarded a key technology patent for “Microservice Architecture for Identity and Access Management” (U.S. Patent No. 11,057,393 B2), which provides foundational technology to automate service identities, dynamic machine or workload-based identities common in cloud-native architectures, and enable auto-scale authorizations between any API endpoint. The patent enables Zero Trust access control for APIs and better protection of both North/South and East/West API access.
Dynamic authorization and consent control at the transaction-level through policy-as-code and cloud-native enforcement is an optimal approach to simplify and scale rapid application development to support API data security, privacy, and compliance. This approach not only enhances the contextual information that can be used to make real-time authorization decisions, but also ensures that private user data is not leaked or unnecessarily transmitted to services that don’t require it in order to function. Our team at Cloudentity is among the innovators in modern application authorization that are addressing these requirements to help organizations accelerate their business transformation and Zero Trust initiatives.
Authorization management is a cornerstone technology to enable Zero Trust architecture initiatives. As government agencies adopt Zero Trust models to adhere to the recent executive orders, Cloudentity can help ensure organizations are meeting authorization requirements. To learn more, schedule a demo with a member of the Cloudentity team here: cloudentity.com/demo/