This is how IT security works with Zero Trust today
TABLE OF CONTENT WHY TODAY'S IT SECURITY ARCHITECTURES SHOULD BE DESIGNED ACCORDING TO THE ZERO TRUST MODEL WHAT USED TO WORK DOES NOT...
In our article "Security Awareness Programs: IT Security Starts with the Users." we discussed that the users need to feel involved with the awareness programs in order to be successful. In this post, we look at why passwords can derail a security concept and how the Zero Trust concept can help solve it.
TABLE OF CONTENTS |
Despite security awareness, no matter how well taught an employee is, they will still bypass security policies if their productivity is affected. In many cases, the introduction of new security measures fails not because the workforce does not understand the risks, but because the process, technology, or both, are too cumbersome. As a result, users prefer to look for ways to overcome technical limitations and risk choosing their own insecure path.
In the worst case, this results in shadow IT - employees spend valuable time searching for workarounds and increase the risk of exposing or losing sensitive data.
Security awareness campaigns are therefore only moderately successful if the technical requirements and processes are not in place.
The first improvement of password-centric authentication can be the introduction of Single Sign On (SSO) methods. This reduces the frequency of password entry and also the number of passwords required. The shift to remote working (work from home) has led many companies to introduce at least basic Two-Factor Authentication (2FA) with one-time passwords via SMS.
Next step, companies could use another factor in conjunction with passwords consistently for all employees, especially for privileged users and systems, e.g. digital certificates, (hardware or software-based) tokens and access cards. At a minimum, this step could replace SMS-based 2FA with application-based 2FA.
Authentication without a password is the most advanced, most secure and smoothest level of authentication. Companies use third-party digital certificates or biometric factors. Other factors can be used as an additional security measure, especially for privileged users and systems, more extensive authentication requirements should apply.
With the "consumerisation of IT" (which began at the latest with the introduction of the iPhone in 2007) and the fact that the digital transformation is making companies more and more permeable, the IT landscape has changed. IT has had to relinquish competencies: Users want the freedom to manage themselves. We work from anywhere, and stakeholders interact with each other along the entire value chain.
But if companies want to successfully complete the digital transformation, taking into account the necessary IT security, they have to take the employees with them.
Forrester's Zero Trust (ZT) framework describes a modern security architecture for companies. It means moving away from the traditional perimeter-based security approach to a data-driven and identity-aware security model. Zero Trust not only improves security but has a hidden lever to improve the so-called Employee Experience (EX). After all, security and productivity are fundamental necessities for modern businesses.
What enhances the employee experience?
Photos: iStock
TABLE OF CONTENT WHY TODAY'S IT SECURITY ARCHITECTURES SHOULD BE DESIGNED ACCORDING TO THE ZERO TRUST MODEL WHAT USED TO WORK DOES NOT...
Cybersecurity is a hot topic that has penetrated the corners of our society. Regional newspapers regularly write about cyber attacks on local...
Entering into a new decade requires businesses and professionals to rethink, reconsider and update their approach to IT security and ensuring the...