Security and zero trust

  • Home
  • Security and zero trust

A secure and versatile identity and access management, considering the roles of users in projects and organisations, is implemented in the Platform’s management core. Pilot use cases of the platform dealt with sensitive data, and the participating computing centres require a high level of security and identity assurance.

While LEXIS provides a single sign-on through the platform’s IAM, delegated authentication and identity federation is preferred through European cross-site identities. Integration with  MyAccessID and EUDAT B2ACCESS provides ample compatibility and possible functionality here, including the transfer of attributes on the account.

Diving deeper into security and AAI aspects, the LEXIS Platform is built based on the “zero trust” concept, role based access (RBAC) and “security by design” principles. The architecture is modular, with communication realised by REST APIs. Authentication and authorisation are realised using OpenID.

Zero Trust is a security model that requires strict identity verification for every user and device attempting to access a network or system, regardless of whether they are inside or outside the network perimeter. This approach assumes that there is no implicit trust granted to any user, device, or application, even if they are already inside the network. Zero Trust operates under the principle of “never trust, always verify,” meaning that every user and device must continuously prove their identity and meet strict security standards before they are granted access to any resources. This model helps to prevent unauthorized access, reduce the risk of data breaches, and increase overall security posture.

Zero Trust architecture provides several advantages over traditional network security models. Some of the benefits of Zero Trust include:

      •   Better protection against data breaches: Zero Trust  helps to prevent data breaches by limiting access to sensitive resources only to authorised users and devices that have undergone rigorous authentication and verification processes.

      •   Enhanced visibility: Zero Trust architecture provides greater visibility into network activity, which can help to identify and mitigate potential threats and attacks more quickly.

      •   Increased flexibility: Zero Trust allows for more flexible access controls, enabling users to access resources from anywhere, at any time, without compromising security.

      •   Improved compliance: Zero Trust helps organisations to meet compliance requirements by enforcing strict access controls and security policies.

 

However, there are also some challenges and potential disadvantages associated with Zero Trust:

      •   Complex implementation: Implementing a Zero Trust architecture can be complex and time-consuming, requiring significant changes to existing network infrastructure and security policies.

      •   Higher costs: Zero Trust can be more expensive than traditional security models, particularly in terms of implementing the necessary technology and infrastructure.

      •   User experience: The strict access controls and authentication processes can make it more difficult for users to access resources, potentially impacting productivity and user experience.

All components of our platform, including HEAppE, utilise zero trust to  ensure that only authorised users and devices can access sensitive data  and systems.