In a Zero Trust networking environment, the concept of composite identity becomes especially important as it relates to access control.
One way to approach this in a Zero Trust environment is to use a composite identity model, where a user’s identity comprises multiple, interconnected, and often dynamic factors used to grant access. The five aspects of composite identity include the users and their devices, as well as time, location, and applications.
A user is only a user once it is associated with a device. For instance, a user with a corporate laptop differs from a user with a personal tablet or smartphone. This combination of identity aspects is the first degree of composite identity. But it extends further to the location or time of day. As well as the application or service requested. Varying degrees of trust and access are assigned based on different combinations of the available composite identity aspects.
For example, a high degree of trust is granted for an IT-issued device at a corporate or home office location. In contrast, a moderately low degree of trust is assigned to a consumer device at a remote location. Different times within a 24-hour day may also affect the granted access level. Of course, as in any zero-trust environment, access to specific applications is typically allocated with varying levels of trust based on the composite identity.
Once a level of access is granted based on the composite identity, visibility and constant monitoring are critical to ensure proper behavior according to policy. Monitoring is crucial for users with their devices, but also for headless IoT devices. Zero Trust means that nothing is completely trusted. Therefore, monitoring and visibility are essential to catch anomalies or misbehavior before they lead to damage to an organization.
To fully illustrate the concepts of composite identity, we’ve created an infographic. You can grab the full PDF version of this infographic via the link below. So, please download the PDF, print it out in full color, and display it in your office. And remember to share it with all your techno colleagues!