Any organization that leverages technology manages protected data or delivers a vital service should be exploring a Zero Trust architecture strategy. I will be populating this page with the work that I have done in this space for healthcare organizations.
What comprises a Zero Trust architecture?
Identity provider to keep track of users and user-related information.
Device directory to maintain a list of devices that have access to corporate resources, along with their corresponding device information (e.g., type of device, integrity etc.)
Policy evaluation service to determine if a user or device conforms to the policy set forth by security admins
Access proxy that utilizes the above signals to grant or deny access to an organizational resource