Using Zero Trust Against Identity Spoofing and Abuse

The shift towards zero trust architectures brings in a heightened focus on the integrity of identity and identity attributes. In a world where traditional network perimeters are increasingly irrelevant, and hybrid way of working is the norm, long established security models prove to be inadequate. The Zero Trust strategy is built on the principle of "never trust, always verify". This principle places an immense reliance on the continual authentication using accurate and reliable identity attributes from all the entities in the communication chain. This principle also relies on the validation of the integrity of other signals used to provide confidence. As the cornerstone of access control decisions, the authenticity and completeness of identity attributes, the entities that sign/validate them, and the confidence in other signals (including but not limited to IP addresses, location, device security) become paramount. Thus, any compromise in the integrity of identity, identity attributes, or signals can lead to consequences, including data breaches, unauthorized access, and reputational damage. This paper looks at how the identity ecosystem can be subverted by malicious actors - with Identity spoofing (where an attacker assumes the identity of another entity - real or fictitious) to abuse the attributes of an existing entity (where an entity’s attributes are stolen or subverted). The paper also examines risk-based prevention and mitigation strategies that can be adopted to increase security confidence, awareness and proactiveness.