Zero Trust Security has gained a lot of popularity over the last six months. Almost daily you can read articles about this security strategy (e.g., TechRepublic, CSO, Security Current). Both analysts (e.g., Forrester) and security professionals acknowledge the benefits it offers in the context of establishing effective ways to minimize the risk of falling victim to a cyber-attack.
The reason why so many embrace Zero Trust Security is most likely anchored around its simplicity ― with today’s porous network perimeter, untrusted actors already exist both inside and outside the network.
However, when it comes to developing the necessary blueprint on how to implement Zero Trust Security in their own organizations, many security practitioners are struggling. The biggest question is where to start.
THE COMMON DENOMINATOR: IDENTITY AND ACCESS CREDENTIALS
Considering the complexity of today’s interconnected and boundaryless IT ecosystem, which encompasses people (employees, partners, customers), data, processes, infrastructure, and devices, it initially might appear challenging to determine what step to take first. Many might be tempted to focus on data integrity and network segmentation strategies.
Nevertheless, there is a common factor that ties all these ecosystem components together: identity, including humans and systems; as well as access controls, covering both authentication and authorization to apps, devices, and systems.
An easy way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Thus, it’s not surprising that according to the Verizon 2017 Data Breach Investigation Report, a whopping 81% of hacking-related breaches leverage either stolen, default, or weak passwords.
Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, and therefore provides the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags.
Until we start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches. Neither data integrity nor network segmentation strategies can address today’s #1 attack vector fully and prevent a cyber adversary from gaining access to protected data once he has assumed the identity of a privileged user.
THE FOUNDATION OF ZERO TRUST: NEXT-GEN ACCESS
That’s why Next-Gen Access is the first step on the path to attaining Zero Trust Security across your organization.
Now you might ask why not stick with traditional access methodologies? Traditional access technologies are frequently fragmented into application controls, endpoint controls, and server controls and even segregated by user roles such as end users and privileged users.
In today’s dynamic threat landscape this approach is no longer sufficient and doesn’t reflect the realities, whereby users take on multiple roles, have varying privileges based on their activities, and move across system boundaries.
Next-Gen Access is a natural evolution of these traditional access management technologies and reflects the need for a holistic approach to access across all user audiences and systems. In this context, Next-Gen Access converges Identity-as-a-Services (IDaaS), Privileged Access Management (PAM), and Enterprise Mobility Management (EMM) in a single solution.
Ultimately, Next-Gen Access offers a collective set of mature and proven technologies and capabilities that is aware of each device, knows each user, limits access and privilege intelligently, and allows policies to learn and adapt without impacting user experiences.
Through the power of Next-Gen Access, security professionals can establish the core foundation of Zero Trust Security and achieve the following benefits:
- Protect against the #1 attack vector: identity
- Improve security detection and response through analytics and automation
- Support new business and operational models such as containers, microservices, and cloud transformation
- Enable compliance
If you’re serious about securing your organization’s applications, devices, data, and infrastructure — both on-premises and in the cloud — start with Next-Gen Access solutions from Centrify.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.