Continuous Assurance, Zero Trust Principles and the SNbD Digital Security by Design Challenge
The Secure Networking by Design project is part of the Digital Security by Design Challenge aimed at improving cybersecurity in today’s digital landscape. It recognises the importance of continuous assurance processes in mitigating the risks of advanced attacks and evolving threat scenarios.
Continuous assurance is a key component of the ManySecured® system, an open ecosystem designed to monitor activity at the gateway, determine the threat level, and take appropriate action. Rather than relying on traditional device authentication and authorisation methods, ManySecured® utilises a continuous assurance process to adapt to changing threat environments and protect against sophisticated attacks.
The system’s continuous assurance process is informed by metadata, including device type data and device instance data. By analysing both types of data, the ManySecured® system is able to develop a more complete picture of device behaviour and potential risks. This information is used to inform ongoing risk assessments and help the system make informed decisions about access permissions and other security controls.
The continuous assurance process implemented by ManySecured® is based on the principles of zero trust security. This approach involves ongoing monitoring and evaluation of device behaviour, vulnerability disclosures, software/upgrade status, and other factors that contribute to the overall trustworthiness of the device.
The UK Digital Security by Design project and Secure Networking by Design recognise the importance of a zero trust security model. In a zero trust security model, all devices and users are considered untrusted until they are verified and authenticated, and their access to resources is strictly controlled and monitored. This is in contrast to traditional security models, which rely on perimeter-based defences and trust assumptions.
By implementing a continuous assurance process, ManySecured® is able to more effectively protect against advanced attacks and rapidly evolving threat landscapes. This approach provides a powerful tool for protecting electronic systems against a wide range of potential threats, and is particularly well-suited to the zero trust security model.
We are looking to develop this vital work further and if you can help would like to invite you to join the ManySecured® Working Group. This is a truly collaborative and innovative initiative at the cutting edge of Digital Security. Please contact me.