Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

Download Publication

Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives
Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives
Who it's for:
  • Cybersecurity professionals
  • Software developers
  • Decision-makers
  • IT auditors
  • Network security engineers

Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives

Release Date: 11/05/2024

This publication explores the use of asymmetric cryptography in Zero Trust. Asymmetric cryptography provides an industry-standard, secure method to establish identity, authenticate entities, maintain data integrity, and control access without requiring any explicit trust. Therefore, it aligns well with the core principles of Zero Trust: Never Trust, Always Verify and Least Privilege.

When considering Zero Trust, asymmetric cryptography is particularly useful for authentication and data protection. For authentication, asymmetric cryptography is integral to Public-Key Infrastructure (PKI), utilizing digital signatures to authenticate users and devices. For data protection, asymmetric cryptography is integral in key exchange to establish the symmetric key for data encryption. 

When implementing asymmetric cryptography, it's important to consider factors such as security strength, computational cost, and key size. Additionally, robust key management practices, encompassing generation, distribution, storage, and revocation, are crucial for maintaining cryptographic integrity. Moreover, seamless integration with Identity and Access Management (IAM) systems is essential for efficient authentication and authorization processes.
 
Readers will come to understand how asymmetric cryptography is a powerful enabler for Zero Trust. Its ability to establish secure communications, verify identities, and ensure data protection, clearly supports Zero Trust objectives. 

Key Takeaways:
  • The role of asymmetric cryptography in Zero Trust
  • The role of key management in cryptography
  • Methods for effective key management, including key generation, distribution, storage, rotation, revocation, and hardware security modules (HSMs)
  • How to use asymmetric cryptography in various scenarios, including authentication methods like SSH keys, OAuth2.0, and Kerberos
  • Computational overheads and risks associated with asymmetric cryptography
  • Zero Trust principles relevant to asymmetric cryptography
Download this Resource

Bookmark
Share
Related resources
Cloud Security for Startups 2024
Cloud Security for Startups 2024
Key Management for Public Cloud Migration
Key Management for Public Cloud Migration
Top Threats to Cloud Computing 2024 - Japanese Translation
Top Threats to Cloud Computing 2024 - Japanese ...
How to Demystify Zero Trust for Non-Security Stakeholders
How to Demystify Zero Trust for Non-Security Stakeholders
Published: 12/19/2024
Why Digital Pioneers are Adopting Zero Trust SD-WAN to Drive Modernization
Why Digital Pioneers are Adopting Zero Trust SD-WAN to Drive Modern...
Published: 12/19/2024
Managed Security Service Provider (MSSP): Everything You Need to Know
Managed Security Service Provider (MSSP): Everything You Need to Know
Published: 12/18/2024
Zero-Code Cloud: Building Secure, Automated Infrastructure Without Writing a Line
Zero-Code Cloud: Building Secure, Automated Infrastructure Without ...
Published: 12/16/2024

Acknowledgements

Ryan Gifford
Ryan Gifford
Research Analyst, CSA

Ryan Gifford

Research Analyst, CSA

Shruti Kulkarni
Shruti Kulkarni
Information Security Architect, Elexon

Shruti Kulkarni

Information Security Architect, Elexon

I am a security professional with experience across various domains of security. I work in defining organisation’s security strategy, security architecture and security practices. Translating business objectives and risk management strategies into specific security processes enabled by security technologies and services. I work on gap analysis, design, implementation and...

Read more

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 125 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.

Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...

Read more

Heinrich Smit
Heinrich Smit
CISO & Risk Management at Semperis

Heinrich Smit

CISO & Risk Management at Semperis

Heinrich is a recognized Information Protection and Zero Trust expert who started out in Law, and pivoted to his love of technology during the Tech Boom. He has led teams at software innovators and large financial institutions, has authored entire Information Security Policy stores, and has protected data at both 280,000 seat regulated enterprises and SAAS-based startup unicorns. He is passionate about Privacy and Zero Trust, as well as Def...

Read more

Hani Raouda
Hani Raouda
Cybersecurity Professional at Google

Hani Raouda

Cybersecurity Professional at Google

Paul Simmonds
Paul Simmonds
CEO at Global Identity Foundation & Board Member of CSA UK Chapter

Paul Simmonds

CEO at Global Identity Foundation & Board Member of CSA UK Chapter

Paul is the CEO of the Global Identity Foundation and formerly the global CISO of AstraZeneca, ICI and prior to that Motorola Cellular Infrastructure. He is twice listed as one of Network World’s “most powerful people in networking”. He is a director of the Cloud Security Alliance (Europe), co-founded the Jericho Forum, and sits on the advisory boards of a number of global tech companies.

Read more

Erik Johnson
Erik Johnson
Cloud Security Specialist & Senior Research Analyst, CSA

Erik Johnson

Cloud Security Specialist & Senior Research Analyst, CSA

Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).

I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.

Linke...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training