The concept of zero trust has existed for nearly two decades, but only recently has the security model become popular, and it is now one of the hottest trends in the field of network security.One Microsoft Report It was found that 90% of security decision makers are now familiar with this concept, compared with 20% a year ago. But as organizations rethink how they handle identity management, adoption remains a challenge.
This surge in popularity is undoubtedly related to the growth of enterprise cloud computing and the rise of remote work. It is now expected that employees can access their organization’s data from a range of devices, locations, and geographic regions.
Zero trust is only a small part of the pie
Building a zero-trust architecture requires organizations to determine a so-called “protection surface”, which consists of its most important data, assets, applications, and services. A micro boundary is then deployed around the protected surface, requiring users to authenticate when passing through it.
Identity and Access Management (IAM) is the cornerstone of a zero trust architecture in many ways. However, due to the combination of legacy systems, many organizations have complex digital identity structures. One tool is used for configuration and de-configuration, another is used for multi-factor authentication (MFA), another is used for single sign-on, and the fourth is used for single sign-on. For fast smart card-enable access.
Visionary organizations should strive to reduce their overall attack surface by integrating these structures. Their ultimate goal should be a decentralized identity infrastructure that enables different organizational systems to accurately map back to individual user identities.
Such a system will automatically provide, cancel, and modify access rights immediately, and accurately report all users in the organization’s digital continuum. It will be supported by powerful policies and access rules as well as modern MFA methods.
Fragmented digital identities pose a security risk
Digital identities-originally a set of technologies designed for industries that process highly sensitive data (such as financial services, government, and the military)-are now critical to how we interact with devices in our personal and professional lives. Now, you can log in to your online bank using biometric technology, access your email via SMS verification, and enter your workplace by swiping an RFID key card.And all this is before 9 o’clock in the morning
Within the organization, the large number of digital identities associated with employees has now become a threat in itself. Having multiple digital identities for each person will double the attack surface of the organization. Once a breach occurs, they will face greater risks of financial loss and data loss. Given that the original intended purpose of these technologies is to enhance security, this shift in events is somewhat ironic.
consider Colonial pipeline attack Earlier this year. According to reports, the attackers entered the organization’s system through an employee VPN account that is no longer in use but still active. The employee in question used the same password multiple times, and due to completely unrelated leaks, the password in question was part of a batch sold on the dark web.
In hindsight-it’s always 20/20, admittedly-if you automatically cancel account configuration or deploy an enterprise single sign-on solution, it seems that one of the most dangerous attacks in US history can be avoided. If this is not the reason for prioritizing strong digital identity management, then I don’t know what it is!
In an increasing number of cyber attacks, it is difficult to exaggerate the scale of the digital identity challenges that organizations are currently facing. Of course, the top priority for IT executives should be to protect systems, data, and users in the short term. At the same time, however, the reasons for establishing a more effective digital identity paradigm are clear. This will include overall solutions for the management and governance of digital identities, the ability to manage identity governance, proof and authentication assurance, as well as simple, password-free user access and identity verification. This setting should be the ultimate goal of most companies.
