Zero trust security is an important concept in cybersecurity but has not been examined thoroughly in the context of underlying hardware platforms. This report explains hardware security for zero trust and illustrates the concept using the Sepio commercial solution.
The cybersecurity industry occasionally identifies a general protection concept that appears to meet the needs of all participants in an effective manner. Multifactor authentication, least privilege access, segregation of authorized duties, and automated correlation of indicators of compromise (IOC) are all examples of principles that collectively comprise the foundational base of the cybersecurity discipline.
Another generally accepted protection concept has emerged known as zero trust. Originally introduced in an industry analyst report, zero trust helps to drive enterprise network designs that are free of a firewall-protected perimeter. Specifically, the idea of zero trust security explains the condition that results for end users with devices accessing workloads hosted in public clouds. Neither entity can fully trust the other, which drives security controls for the session.
One aspect of the zero trust model that has received relatively little attention is the hardware aspect of its practical implementation. That is, where most zero trust architectures emphasize software controls for endpoints, networks, cloud infrastructure, and containerized applications, the role of the hardware in assuring the integrity of endpoints, servers, and other devices has been less examined by the cybersecurity community.
In this report, we discuss the zero trust model in the context of underlying hardware, with emphasis on endpoint protection and monitoring. We explain how hardware security can help avoid rogue or fake devices, and how this supports a zero trust security implementation. Finally, the hardware security concept is instantiated using Sepio’s Hardware Access Control platform to demonstrate how practitioners can take advantage of a commercially available solution.Download Report