Why You Need 2FA for Zero Trust Policies
Previous << DoD gets serious about DFARS compliance
By Joakim Thorén, CEO
What is "Zero Trust?" First coined by Forrester Research, it describes a security model in which no one is assumed to be trusted. As former Forrester Analyst John Kindervag explained, "You can't think about trusted and untrusted users."
While this concept was identified in 2010, it's still not a universal practice, as employers often overlook threats from employees. A string of insider threat breaches damaged companies including Tesla and Punjab National Bank last year and could have been avoided with a Zero Trust strategy. The issue with today's security is that our password-reliant security is easily accessible, shared and sometimes used for malicious purposes.
In many cases, these breaches could have been prevented by creating a Zero Trust organizational principle starting with strong two-factor authentication and extending to the whole security ecosystem. Such a principle would require strong authentication of every resource, verifiable access control, effective governance and communications security.
The three key components to implementing a Zero Trust Principle include the following:
- Knowing the user, his or her role within the company and his or her need for applications within the company. This includes determining what the user requires to know to perform his/her job within the organization.
- Identifying the device each user is using to access the network. In the bring-your-own-device (BYOD) era, companies must know every device an employee is using to perform daily work functions and must not inherently trust these devices.
- Managing the user access to applications. It's critical that IT and HR work together to set access parameters for each new employee. Does the employee need access to sensitive data? Can this employee do his job without this access? CISOs and managers must answer these questions and set parameters to limit access to sensitive data.
Versasec empowers business systems by providing state of the art, highly secure identity management. Two-factor authentication and PKI enable the use of powerful applications that require and demand the highest levels of security, not only for fine-grained access control but also traceability, audit and non-repudiation. To learn more about how your company can deploy a Zero Trust policy, visit vSEC:CMS S-Series.
Tags: cybersecurity, iam, two-factor, zero trust, authentication.