Device Identity Verification & Enforcement (DIVE) - Now Released

ZTNA is not just for remote workers. Your on-prem workers need to be safeguarded as well. CloudConnexa's Device Identity Verification & Enforcement (DIVE) is a new approach to enforcing one of the key principles of ZTNA – Least Privilege, by allowing Owners and Administrators to restrict application access to only authorized devices. This is accomplished by establishing a 1:1 relationship with a user’s connection Profile and the device’s UUID and allowing only authorized device IDs to connect.

The device's identity is important to consider while providing access to applications. DIVE allows you to build a security policy around device identity.

If device identity is not part of your security policy, it is possible for an authorized user to transfer the connection profile from a company-owned laptop to a personal smartphone and continue to access applications. Worse yet, a bad actor can obtain the connection profile from a compromised device and try and access the applications with their device.

The Device Identity Verification and Enforcement (DIVE) feature, when enabled, creates a mapping of the connection profile and the device that stores it. It checks device identity (UUID of the device) during requests to connect and import profile operations, ensuring that only authorized devices can connect and obtain configuration profiles.

In the old Settings > User UI, Owners and Administrators had limited options to configure Device Profiles, with no way of enforcing trust. Device configuration Profiles were distributed Manually or Automatically and could be re-used across multiple devices – with no device identity visibility.

Now, Owners and Administrators can enable Device Enforcement policies to implement trust. With the Learn and Enforce mode enabled, Owners and Administrators can choose to create a Device with or without a Device ID (if created without a Device ID, the UUID will propagate on the next successful connection, and the user will only be able to connect from that device in the future).

When the Enforce mode is enabled, the Owner or Administrator must add the Device's UUID when a Device is configured for a user – making that device 'trusted' or 'authorized'. Only users with trusted Devices can import a Profile and connect successfully.

Device Management

Now, Owners and Administrators can enter the UUID when creating devices. To do so, navigate to Users > Devices. Next, click the edit icon (pencil) of the Device, and enter the UUID in the Client UUID field.

Visibility

View the new Device details for all Users by navigating to the Users > Devices screen. There, you can view the Client UUID (Device ID) and (optional) device Description.

View the new Device details for a specific User by navigating to Users > Users and clicking the Username. Details such as the Device Client UUID (Device ID) and (optional) device Description will be displayed.

Filters

Filter Device details from the Users > Devices screen by clicking the filter icon.

Connection Logs

From the Status screen, expand the Device Connection logs to view the new device-specific fields:

• Device name and OS (icon) / Connector name

• Client ID (UUID)

Protect your Network and Users – get started with our User Guide - Device Identity Verification & Enforcement (DIVE) today!