Device Posturing As An Extension Of User Identity

As many companies are in the process of learning, the emerging identity-based digital perimeter marks a complete shift from the legacy “castle-and-moat” approach to securing organizational resources. Now that users are working from literally anywhere, access and authorization policies can no longer rely on a user’s IP address or network connection. This is a primary reason most companies who embark on a zero-trust journey start with their Identity and Access Management (IAM) strategy first. We now must verify who our users are and if they have the right permissions to access resources, regardless of networks.

A user’s digital identity typically consists of a username and password (credentials), and ideally a type of multi-factor authentication (MFA) method. Many tools and vendors exist to help secure and implement MFA and serve as an Identity Provider (IdP). Unfortunately, there is often a missing piece in this equation. Devices are usually just considered an “endpoint,” something used to do work on. The device used by a user to access work resources is a critical piece of their digital identity.

What is Device Identity?

Think about it for a minute. Our cell phones, especially for the chronically-online among us, are what control a massive portion of our personal digital identity. We store our credentials in our Operating Systems (OS) password vault, keep our social media accounts permanently logged in, and go weeks (or let’s be honest, months or years) without updating our applications.

The same story is true for corporate applications. Users are storing credentials for their corporate resources or accessing sensitive financial records and confidential customer data – all while shopping online (or doing much worse) at the very same time. The corporate device is now exposed to infection from a wide variety of compromised internet sources. This duality creates a situation where a valid user can connect to corporate resources with a compromised device.

Assessing Device Posture

Validating a healthy device posture is the process of assessing various security variables against an endpoint, typically at time of authentication and/or on a continuous basis. Example posture validations include:

• Verifying that an Endpoint Detection and Response (EDR) agent is installed and running

• Prohibiting access to a SaaS application if the operating system or web browser are out-of-date

• Adjusting security checks to Bring Your Own Devices (BYOD) based on their enrollment in tools like Mobile Device Management (MDM). 

The Power of OSquery

OSquery is an open-source tool that allows for endpoints to be queried just like a normal database would. Where SQL would be used to pull data from certain rows or columns, OSquery uses remarkably similar syntax to probe endpoints for information such as operating system version, web browser version, verification of an operational EDR agent, and even specific system processes and registry keys.

Why is this important? It allows for free-form and custom checks. With OSquery, a company or vendor can build and run their own custom queries for a wide variety of parameters. In short, they can now look for whatever they need to. With the power of custom queries, any organization can take their BYOD and device posturing strategy to the next level and build a security solution that fits them like a glove.

Zero-Trust and Device Identity

To create a single digital identity, we must consider not just the user’s credentials but their device’s posture and health as well. By adopting an identity-based access and connectivity solution with powerful, customizable device posturing checks, organizations can significantly improve not just their security posture but also ensure that users have a frictionless workflow from any device, anywhere.