What is Adaptive Access and why does it matter in ZTNA?

Adaptive access was described by Ant Allen, Vice President Analyst in Gartner Research, as “context-aware access control that acts to balance the level of trust against risk”. The National Institute of Standards and Technology (NIST) described adaptive access as a form of “control that uses an authorization policy that takes into account operational need, risk, and heuristics”.

Why is Adaptive Access important?

Traditionally, permissions have often been granted globally based upon job role, and do not take into account real-time risk factors. By not taking these factors into account, businesses have been implicitly trusting that it is safe to provide access to applications to anyone with the correct credentials. Zero Trust Network Access (ZTNA is classified by Gartner as the technology class that “replaces traditional technologies, which require companies to extend excessive trust to employees and partners to connect and collaborate”. Microsoft explains that “network-based security perimeters are obsolete” and zero trust policies should be used with their Azure AD service.

Adopting adaptive access as part of ZTNA is important for ensuring that the right users with the secure devices are connecting to sensitive information or business critical applications. However, it is not adequate to simply perform access permission assessments at the time of connection as the level of risk may change during the session.

For example:

• If the Wi-FI connection being used is an unsecured public Wi-Fi network there is a risk that traffic could be intercepted as part of a Man-in-the-Middle attack.
• If a user has an app that contains a known vulnerability, such as the WhatsApp vulnerability that exposed Jeff Bezos’ personal information, data could be exfiltrated.
• If the device has been jailbroken, either intentionally to access a 3rd party app store or maliciously by malware, such as the Pegasus software, bad actors could gain access to confidential corporate information.

In the above examples Jamf can monitor the contextual information associated with app, device, content or network threats. However, to enable adaptive access to operate, a decision making engine is needed to continuously apply business policy based on the contextual information that it processes.

One of the most important contextual factors when determining access privileges is the risk score of the device. The risk score determines the health of the endpoint that a remote user is attempting to use to connect with the corporate applications.

Mobile risk scores are calculated based on information about the device, the apps on it, the content it is accessing and network it is doing it over.

The combination of Jamf Data Policy, Jamf Private Access and Jamf Threat Defense enables adaptive access thanks to MI:RIAM, the industries most advanced mobile threat intelligence engine. MI:RIAM ingests contextual information from the app installed on endpoint devices and uses it to calculate a mobile risk score that can be used to apply adaptive access policies.

Adaptive access policy can be applied natively within Jamf to restrict access or through 3rd party technologies by integrating them with Jamfs APIs.