[Blog post]

Federal government pushes zero-trust architecture

In response to the increasingly critical cybersecurity situation, the Department of the Interior advocates a gradual evolution toward zero-trust architecture

13. July 2022

SwooshZero Trust

The German Federal Office for Information Security (BSI) has been noting an increasingly heightened threat situation for Germany for some time. At the annual conference of the Teletrust association in Berlin, Andreas Könen, head of the cyber and IT security department at the Federal Ministry of the Interior (BMI), called for a move toward zero-trust architecture as a response to the critical situation and a preventive protective measure.

The approach of a zero-trust architecture (in German: "Traue niemandem") assumes that no user and no application may automatically be considered trustworthy. Due to the growing number of users connecting to enterprise applications via different networks and devices, authentication becomes necessary for each individual access. Put into practice, this requires secure and scalable authentication servers and also brings the issue of digital sovereignty back into focus.

Building a zero-trust architecture

In concrete terms, such an orientation first brings the need for action to identify which applications and providers are being used. In the particularly sensitive environment of critical IT infrastructure (KRITIS), only providers with controlled German or European origins should then be used in the long term. In the cloud environment, there will also be additional special requirements to strengthen the domestic economy.

The establishment of a zero-trust architecture is already a long-established approach in the IT security market, with some practical guidance. However, the core of the zero-trust concept is not a concrete instruction but a common understanding to authenticate all accesses, even if they originate from one's own internal network, and to acknowledge the need to monitor all applications and accesses. Since all areas of IT are affected by the security concept, the establishment of such an environment for companies thus requires an overview and control of all users, services and devices within their data environment. All accesses and access authorizations are enforced via information on user roles. Multi-level procedures are also inevitably required for authentication, as passwords alone are not sufficient.

2FA Bare.ID Figure 1: Example of multi-factor authentication for Bare.ID Single Sign-On_

If all infrastructure components, applications and devices continuously authenticate each request individually and repeatedly, the requests to the central authentication and authorization service multiply enormously. At the same time, this becomes the most critical element for the entire business operation. But it is not only the load on this system that increases, but also the amount of data managed, since authorizations on user identities have to be managed for many of the systems that are connected and need to be checked. Many companies underestimate the share of the authorization service in zero-trust projects and see the greater effort in the individual services.

In order to proactively secure one's own IT environment and to meet expected requirements in advance, it is advisable for companies, especially those in highly regulated industries, to take the first steps toward a zero-trust architecture. The announced support for the domestic economy must also be taken into account and presents companies with the challenge of checking their service providers and suppliers even more closely in the future with regard to location and data protection standards and changing them if necessary.

Advice needed?

Bare.ID's team of experts is here to support you with experience and take the hassle out of running your authentication and authorization solution. We offer you effective rights management as well as a wide range of integration options and KRITIS-compliant private cloud operation in Germany. This allows you to fully concentrate on the implementation of the actual Zero-Trust architecture without having to worry about operational issues, performance and scaling.

Simply make a non-binding consultation appointment via our contact form and our team will get in touch with you as soon as possible.

Ähnliche Artikel

SaaS Award

SaaS Leader Award 2023

Bare.ID GmbH receives recognition at the SaaS Leader Summit 2023 in the category of IT Management & Governance

Mehr-Faktor-Authentifizierung

EU NIS 2 – Why All Industries Should Take Action Now

EU NIS 2 - What's Changing and Why Should All Industries Take Action Now?

Digitalstrategie Bund

Bare.ID Aligns with the Federal Digital Strategy

The federal digital strategy is undergoing revision, with a focus on digital sovereignty - an aspect that is already inherent to Bare.ID today.

Termin vereinbaren

Get in touch

Request a non-binding consultation now and discover how Bare.ID can be integrated into your IT environment.

Bare.ID is committed to respecting and protecting your privacy. We will only use your personal data to provide you with the information you have requested. All information can be found in our Privacy Policy. By clicking "Submit" below, you consent to Bare.ID storing and processing the personal data provided above in order to provide you with the requested content.

Newsletter

Sign up for our newsletter to stay updated.

I agree to receive further information and news from Bare.ID. For more information, please see our Privacy Policy.


Bare.ID represents user-friendly Identity & Access Management in the cloud. With Bare.ID, digital business processes and applications can be connected to a local user directory, benefiting from centralized security and Single Sign-On. Whether On-Premise, Hybrid, or Cloud, Bare.ID offers a multitude of pre-configured integrations. 100% security, Made in Germany.

Bare.ID's offerings are exclusively intended for business customers in accordance with §14 BGB. All prices are to be understood as net prices, plus applicable VAT at the time of billing.

Bare.ID is a product and registered trademark of Bare.ID GmbH - an AOE Group company © 2024 - All rights reserved.