What is the Zero Trust security model?
The Zero Trust security model is based on the premise that no entity, whether inside or outside the organization, can be fully trusted to have access to the organization's systems and data. In other words, every user, device, and system must be authenticated, authorized, and verified before access is granted. It's about verifying first and then trusting.
How is the Zero Trust model applied at Syncfy?
We adopt the Zero Trust model to protect our customers' financial data. Every API request we receive must go through multiple layers of authentication and authorization before being processed. In addition, we monitor to detect any suspicious activity and prevent unauthorized access to our customer information.
Authenticate and secure all network connections.
All network connections established between the parties involved, including internal services, external resources, administrators, and users, must be authenticated, and encrypted end-to-end. Data in transit and at rest is protected with different security measures.
Control access to resources and services.
Access to resources and services is authorized in accordance with the principles of minimum necessary access and minimum privilege to ensure that each user has access only to the resources they require to carry out their tasks. Access to confidential or critical resources is restricted through authentication and authorization mechanisms.
Always check and don't trust automatically.
A zero-trust approach is established, meaning the identity and behavior of users, devices and services will always be verified before allowing access to resources. This way, the attack surface is minimized.
Limit the time spent accessing resources.
Temporary and limited access is granted to the resources and services needed to complete a specific task.
Reduce the attack surface.
To reduce exposure to potential threats, the attack surface is constantly limited, segmented, and monitored. These actions are performed by applying security policies and strict access protocols, as well as firewalls, intrusion detection and prevention systems, among others.