Devices and zero trust

In a zero trust environment, every device has to earn trust in order to be granted access. When determining whether access should be granted, the security system relies on device metadata, such as what software is running or when the OS was last updated, and checks to see if the device meets that organization's minimum bar for health. 

Think of it like your temperature: under 100 degrees and you are safe, but go over and you are now medically in fever territory, and you may not be allowed into certain venues.

Zero Trust relies on WHO you are and WHAT you are using to determine access

Device data can take many forms, and can come from many sources. We recommend collecting multiple types of data from multiple systems and using it to make well-informed decisions on which devices get access to your important systems.

What are some of those data types?

• Operating system version: to help you limit access for older, unsupported releases
• Patch date: to find out if there are unpatched vulnerabilities present
• Last check-in date: to understand how long this machine has been 'offline'
• Binaries installed: to see if there's any known malware or dangerous executables
• Executables run recently: to see if anything fishy is still running
• Disk encryption: to see if the device complies with data protection policies
• Location data: to restrict access to some tools to only specific cities, states, or countries
• User(s) logged in recently: to see if other people might be sharing this device

And where can you gather the data? There are many sources, including:

• DNS servers
• DHCP servers
• Local agents
• Mobile device management solutions
• OS-specific management tools

For more on this topic, check out the following resources:

• OSQuery - Open source endpoint visibility
• Endpoint Verification - Google Cloud inventory management
• BeyondCorp: Building a Healthy Fleet
• BeyondCorp: Design to Deployment at Google