As one of the core principles of zero trust, continuous authorization leverages real-time device posture and trust, user trust, and resource sensitivity as defined in granular policy controls. In this scenario, trust is not only verified at the beginning of each request, it continuously verifies that the request remains trustworthy throughout the entirety of the session. In order for continuous authorization to work in practice, two things are required:
- Continuous Quantified Trust – Constant, thorough analysis of the trustworthiness of the user and their device.
- Instant Access Control – The ability to instantly revoke access if trustworthiness falls below a specified threshold, re-granting access for future requests if trustworthiness rises sufficiently.