When it Comes to Identities, Trust No One -- Period

Date: 2021-05-13
Author: Carolina Martinez, General Manager

Next >> Diversity Day at Versasec

Previous << New perspective of the Versasec offices

Over the weekend, a cyberattack against the largest gas pipeline disrupted fuel delivery to a huge swath of consumers along the central and southern U.S. East Coast. This latest attack has Biden administration officials and its critics finally agreeing on something: the need for improved cybersecurity measures around critical infrastructure.

The Colonial Pipeline Co.’s pipeline shutdown was fueled by a ransomware attack. Hackers got far enough into Colonial’s network to steal data last Thursday. To contain the threat, pipeline officials took many of their systems offline, which resulted in a halting of all pipeline operations.

The situation is highly disruptive to a large segment of the U.S. population. It also illustrates why we say when it comes to user identities, the mantra should be “Trust no one.” The Zero Trust security model in a nutshell says no person – whether outside or even inside the network -- is trusted, unless they can show authentication or verification of their user identity. The model uses user and application authentication, as well as device authentication to determine trust. Multifactor authentication (MFA) that considers who you are (identity and password) and what you have (such as a token, smartcard or virtual smartcard) is the best way to securely identify and “trust” users.

As our distributor, reseller and technology partner Thales noted in a LinkedIn post on Monday, “… in today’s remotely managed and highly interconnected digital world, identities have become the frontier of security”.

So what’s next? On May 12, the White House issued it’s anticipated “Executive Order on Improving the Nation’s Cybersecurity,” The EO bolsters the U.S. federal government’s ability to first detect, react to and investigate cybercrimes among government contractors. It will require companies doing business with the federal government to meet certain software security standards and will require them to report cyber incidents as they happen to a new office within the Department of Homeland Security. It will also establish a Cyber Safety Review Board. The EO also notes “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture,” and more which is likely to include multiifactor authentication since hardware public key infrastructure (PKI) provides the highest level of user identity security.

Meanwhile, the perpetrators of the gas pipeline attack, DarkSide, released a statement on the web saying they hadn’t intended the breach to harm regular citizens. They did. Moreover, they have helped once again educate the public about the price of security failures - at least those that are known today. As with any breach, however, there are underreported effects, such as loss of a company’s reputation that can hurt current employees and their families as well as investors. There can be collateral damage on the communities impacted, such as disruptions in travel, disruptions in deliveries of food and other supplies, and worse. Cybercrimes against business create tremendous negative impacts and burdens on the original victims, but the ripple effects can be devastating as well.


Photo by Bermix Studio.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]