Skip to content
Advertisements

Posts from the ‘ZTS’ Category

High-Tech’s Greatest Challenge Will Be Securing Supply Chains In 2019

Bottom Line: High-tech manufacturers need to urgently solve the paradox of improving supply chain security while attaining greater visibility across supplier networks if they’re going make the most of smart, connected products’ many growth opportunities in 2019.

The era of smart, connected products is revolutionizing every aspect of manufacturing today, from suppliers to distribution networks. Capgemini estimates that the size of the connected products market will be $519B to $685B by 2020. Manufacturers expect close to 50 percent of their products to be smart, connected products by 2020, according to Capgemini’s Digital Engineering: The new growth engine for discrete manufacturers. The study is downloadable here (PDF, 40 pp., no opt-in).

Smart, connected products free manufacturers and their supply chains from having to rely on transactions and the price wars they create. The smarter the product, the greater the services revenue opportunities. And the more connected a smart product is using IoT and Wi-Fi sensors the more security has to be designed into every potential supplier evaluation, onboarding, quality plan, and ongoing suppliers’ audits. High-tech manufacturers are undertaking all of these strategies today, fueling them with real-time monitoring using barcoding, RFID and IoT sensors to improve visibility across their supply chains.

Gaining even greater visibility into their supply chains using cloud-based track-and-trace systems capable of reporting back the condition of components in transit to the lot and serialized pack level, high-tech suppliers are setting the gold standard for supply chain transparency and visibility. High-tech supply chains dominate many other industries’ supplier networks on accuracy, speed, and scale metrics on a consistent basis, yet the industry is behind on securing its vast supplier network. Every supplier identity and endpoint is a new security perimeter and taking a Zero Trust approach to securing them is the future of complex supply chains. With Zero Trust Privilege, high-tech manufacturers can secure privileged access to infrastructure, DevOps, cloud, containers, Big Data, production, logistics and shipping facilities, systems and teams.

High-Tech Needs to Confront Its Supply Chain Security Problem, Not Dismiss It

It’s ironic that high-tech supply chains are making rapid advances in accuracy and visibility yet still aren’t vetting suppliers thoroughly enough to stop counterfeiting, or worse. Bloomberg’s controversial recent article,The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, explains how Amazon Web Services (AWS) was considering buying Portland, Oregon-based Elemental Technologies for its video streaming technology, known today as Amazon Prime Video. As part of the due diligence, AWS hired a third-party company to scrutinize Elemental’s security all the way up to the board level. The Elemental servers that handle the video compression were assembled by Super Micro Computer Inc., a San Jose-based company in China. Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design that could create a stealth doorway into any network the machines were attached to. Apple (who is also an important Super Micro customer) and AWS deny this ever happened, yet 17 people have confirmed Supermicro had altered hardware, corroborating Bloomberg’s findings.

The hard reality is that the scenario Bloomberg writes about could happen to any high-tech manufacturer today. When it comes to security and 3rd party vendor risk management, many high-tech supply chains are stuck in the 90s while foreign governments, their militaries and the terrorist organizations they support are attempting to design in the ability to breach any network at will. How bad is it?  81% of senior executives involved in overseeing their companies’ global supply chains say 3rd party vendor management including recruiting suppliers is riskiest in China, India, Africa, Russia, and South America according to a recent survey by Baker & McKenzie.

PriceWaterhouseCoopers (PwC) and the MIT Forum for Supply Chain Innovation collaborated on a study of 209 companies’ supply chain operations and approaches to 3rd party vendor risk management. The study, PwC and the MIT Forum for Supply Chain Innovation: Making the right risk decisions to strengthen operations performance, quantifies the quick-changing nature of supply chains. 94% say there are changes in the extended supply chain network configuration happening frequently. Relying on trusted and untrusted domain controllers from server operating systems that are decades old can’t keep up with the mercurial pace of supply chains today.

Getting in Control of Security Risks in High-Tech Supply Chains

It’s time for high-tech supply chains to go with a least privilege-based approach to verifying who or what is requesting access to any confidential data across the supply chains. Further, high-tech manufacturers need to extend access request verification to include the context of the request and the risk of the access environment. Today it’s rare to find any high-tech manufacturer going to this level of least-privilege access approach, yet it’s the most viable approach to securing the most critical parts of their supply chains.

By taking a least-privilege access approach, high-tech manufacturers and their suppliers can minimize attack surfaces, improve audit and compliance visibility, and reduce risk, complexity, and operating costs across their hybrid manufacturing ecosystem.

Key actions that high-tech manufacturers can take to secure their supply chain and ensure they don’t end up in an investigative story of hacked supply chains include the following:

  • Taking a Zero Trust approach to securing every endpoint provides high-tech manufacturers with the scale they need to grow. High-tech supply chains are mercurial and fast-moving by nature, guaranteeing they will quickly scale faster than any legacy approaches enterprise security management. Vetting and then onboarding new suppliers needs to start by protecting every endpoint to the production and sourcing level, especially for next-generation smart, connected products.
  • Smart, connected products and the product-as-a-service business models they create are all based on real-time, rich, secured data streams that aren’t being eavesdropped on with components no one knows about. Taking a Zero Trust Privilege-based approach to securing access to diverse supply chains is needed if high-tech manufacturers are going to extend beyond legacy Privileged Access Management (PAM) to secure data being generated from real-time monitoring and data feeds from their smart, connected products today and in the future.
  • Quality management, compliance, and quality audits are all areas high-tech manufacturers excel in today and provide a great foundation to scale to Zero Trust Privilege. High-tech manufacturers have the most advanced quality management, inbound inspection and supplier quality audit techniques in the world. It’s time for the industry to step up on the security side too. By only granting least-privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment, high-tech manufacturers can make rapid strides to improve supply chain security.
  • Rethink the new product development cycles for smart, connected products and the sensors they rely on, so they’re protected as threat surfaces when built. Designing in security to the new product development process level and further advancing security scrutiny to the schematic and board design level is a must-do. In an era of where we have to assume bad actors are everywhere, every producer of high-tech products needs to realize their designs, product plans, and roadmaps are at risk. Ensuring the IOT and Wi-Fi sensors in smart, connected products aren’t designed to be hackable starts with a Zero Trust approach to defining security for supplier, design, and development networks.

Conclusion

The era of smart, connected products is here, and supply chains are already reverberating with the increased emphasis on components that are easily integrated and have high-speed connectivity. Manufacturing CEOs say it’s exactly what their companies need to grow beyond transaction revenue and the price wars they create. While high-tech manufacturers excel at accuracy, speed, and scale, they are falling short on security. It’s time for the industry to re-evaluate how Zero Trust can stabilize and secure every identity and threat surface across their supply chains with the same precision and intensity quality is today.

Advertisements

86% Of Enterprises Increasing IoT Spending In 2019

  • Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year.
  • 38% of enterprises have company-wide IoT deployments in production today.
  • 84% of enterprises expect to complete their IoT implementations within two years.
  • 82% of enterprises share information from their IoT solutions with employees more than once a day; 67% are sharing data in real-time or near real-time.

These and many other fascinating insights are from Zebra Technologies’ second annual Intelligent Enterprise Index (PDF, 25 pp., no opt-in). The index is based on the list of criteria created during the 2016 Strategic Innovation Symposium: The Intelligent Enterprise hosted by the Technology and Entrepreneurship Center at Harvard (TECH) in 2016. An Intelligent Enterprise is one that leverages ties between the physical and digital worlds to enhance visibility and mobilize actionable insights that create better customer experiences, drive operational efficiencies or enable new business models, “ according to Tom Bianculli, Vice President, Technology, Zebra Technologies.

The metrics comprising the index are designed to interpret where companies are on their journeys to becoming Intelligent Enterprises. The following are the 11 metrics that are combined to create the Index: IoT Vision, Business Engagement, Technology Solution Partner, Adoption Plan, Change Management Plan, Point of use Application, Security & Standards, Lifetime Plan, Architecture/Infrastructure, Data Plan and Intelligent Analysis. An online survey of 918 IT decision makers from global enterprises competing in healthcare, manufacturing, retail and transportation and logistics industries was completed in August 2018. IT decision makers from nine countries were interviewed, including the U.S., U.K./Great Britain, France, Germany, Mexico, Brazil, China, India, and Australia/New Zealand. Please see pages 24 and 25 for additional details regarding the methodology.

Key insights gained from the Intelligent Enterprise Index include the following:

  • 86% of enterprises expect to increase their spending on IoT in 2019 and beyond. Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year. Nearly half of enterprises globally (49%) interviewed are aggressively pursuing IoT investments with the goal of digitally transforming their business models this decade. 38% of enterprises have company-wide IoT deployments today, and 55% have an IoT vision and are currently executing their IoT plans.

  • 49% of enterprises are on the path to becoming an Intelligent Enterprise, scoring between 50 – 75 points on the index. The percent of enterprises scoring 75 or higher on the Intelligent Enterprise Index gained the greatest of all categories in the last 12 months, increasing from 5% to 11% of all respondents. The majority of enterprises are improving how well they scale the integration of their physical and digital worlds to enhance visibility and mobilize actionable insights. The more real-time the integration unifying the physical and digital worlds of their business models, the better the customer experiences and operational efficiencies attained.

  • The majority of enterprises (82%) share information from their IoT solutions with employees more than once a day, and 67% are sharing data in real-time or near real-time. 43% of enterprises say information from their IoT solutions is shared with employees in real-time, up 38% from last year’s index. 76% of survey respondents are from retailing, manufacturing, and transportation & logistics. Gaining greater accuracy of reporting across supplier networks, improving product quality visibility and more real-time data from distribution channels are the growth catalysts companies competing in retail, manufacturing, and transportation & logistics need to grow. These findings reflect how enterprises are using real-time data monitoring to drive quicker, more accurate decisions and be more discerning in which strategies they choose. Please click on the graphic to expand to view specifics.

  • Enterprises continue to place a high priority on IoT network security and standards with real-time monitoring becoming the norm. 58% of enterprises are monitoring their IoT networks constantly, up from 49%, and a record number of enterprises (69%) have a pre-emptive, proactive approach to IT security and network management. It’s time enterprises consider every identity a new security perimeter, including IoT sensors, smart, connected products, and the on-premise and cloud networks supporting them. Enterprises need to pursue a “never trust, always verify, enforce least privilege” approach and are turning to Zero Trust Privilege (ZTP) to solve this challenge today. ZTP grants least privilege access based on verifying who is requesting access, the context of their request, and ascertaining the risk of the access environment. Designed to secure infrastructure, DevOps, cloud, containers, Big Data, and scale to protect a wide spectrum of use cases, ZTP is replacing legacy approaches to Privileged Access Management by minimizing attack surfaces, improving audit and compliance visibility, and reducing risk, complexity, and costs for enterprises. Leaders in this field include Centrify for Privileged Access Management, Idaptive, (a new company soon to be spun out from Centrify) for Next-Gen Access, as well as CiscoF5 and Palo Alto Networks in networking.

  • Analytics and security dominate enterprise’ IoT management plans this year. 66% of enterprises are prioritizing analytics as their highest IoT data management priority this year, and 63% an actively investing in IoT security. The majority are replacing legacy approaches to Privilege Access Management (PAM) with ZTP.  Enterprises competing in healthcare and financial services are leading ZTS’ adoption today, in addition to government agencies globally. Enterprises investing in Lifecycle management solutions increased 11% between 2017 and 2018. Please click on the graphic to expand to view specifics.

The Current State Of Cybersecurity Shows Now Is The Time For Zero Trust

  • 41% of total breaches in 2017 targeted the healthcare industry, making it the most popular target for breach attempts.
  • Personally Identifiable Information (PII) combined with user credentials tops the percentage of breaches with 29% according to Wipro’s report.
  • 88 records were lost or stolen every second in 2017 according to Wipro’s analysis.
  • Machine learning & AI are the second highest ranking security competencies for the future.

These and many other fascinating findings are from Wipro’s State of Cybersecurity Report 2018. A copy of the report can be downloaded here (PDF, 96 pp., no opt-in). The study is based on four primary sources of data including primary research of Wipro customers, Cyber Defense Center (CDC) primary research, secondary research sources and Wipro partner content. 42% of respondents are from North America, 10% from Europe, 18% from the Middle East, 21% from Asia and 8% from Australia. For additional details on the methodology, please see pages 3 through 5 of the report.

Banking & Financial Services and Healthcare Breaches Most Common

Over 40% of all breaches Wipro was able to track using their CDCs are targeted at healthcare, followed by banking & financial services with 18%. This is consistent with Verizon’s 2018 Data Breach Investigations Report which shows healthcare leading all industries with five times the number of breaches experienced than any other industry. Banking & financial services receive more server-based breach incidents than any other industry according to Verizon’s latest study. Accenture’s study, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000.

Wipro’s State of Cybersecurity Report 2018 underscores how all industries are facing a security crisis today. The study shows how all industries need a more scalable approach to security that protects every attack surface by validating every access request on every device, for every resource.  Zero Trust Security (ZTS) continues to be proven effective in thwarting breach attempts across all industries by relying on its four core pillars of verifying the identity of every user, validating every device, limiting access and privilege, as well as relying on machine learning to analyze user behavior and gain greater insights from analytics. Leaders in this field include Centrify for Privileged Access Management, Idaptive, (a new company soon to be spun out from Centrify) for Next-Gen Access, as well as CiscoF5 and Palo Alto Networks in networking.

ZTS starts by maturing an organization’s identity management practices ― be it to secure end-user access credentials through Next-Gen Access (NGA) or to secure privileged user credentials via Zero Trust Privilege (ZTP). NGA empowers organizations to validate every end user access attempt by capturing and then analyzing a wide breadth of data, including user identity, device, device operating system, location, time, resource request, and many other factors to derive risk scores. NGA determines in less than a second if verified end users will get immediate access to resources requested, or be asked to verify their identity further through Multi-Factor Authentication (MFA). Zero Trust Privilege is focused on privileged users that typically hold the “keys to the kingdom” and therefore are a common target for cyber adversaries. ZTP grants least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, organizations minimize attack surfaces, improving audit and compliance visibility, and reducing risk, complexity, and costs for the modern, hybrid enterprise. Every industry needs Zero Trust Security to secure the proliferating number and variety of attack surfaces and realize that each customer, employee and partner identity is their real security perimeter.

Key takeaways of the Wipro State of Cybersecurity Report 2018 include the following:

  • Security Architecture & Design and Machine learning & AI are the #1 and #2 ranked security competencies for the future. When senior executive respondents were asked which security competencies would most help security practitioners excel in the cybersecurity domain, they mentioned security architecture & design (31%) and machine learning & AI (19%) as their top choices. Next-Gen Access platforms leverage machine learning algorithms to continuously learn and generate contextual intelligence that is used to streamline access for verified end users while thwarting breach attempts, the most common of which is compromised credentials. Please click on the graphic to expand it for easier reading.

  • 29% of respondents say that Privileged Access Management (PAM) gave them most value, further validating now is the time for Zero Trust Privilege. IT executives are more and more understanding that privileged access credential abuse is the most common cause for cyber-attacks and therefore are starting to place more emphasis on implementing Privileged Access Management. Centrify has recently announced a new focus on Zero Trust Privilege, extending PAM to a broader modern threatscape including DevOps, containers, Big Data and more. Please click on the graphic to expand it for easier reading.

  • Endpoint attack vectors are proliferating faster than traditional enterprise security approaches can keep up. The scale and scope of endpoint attack vectors continue to change quickly. Wipro found that breach attempts are often multi-dimensional with orchestrated attempts to compromise a combination of attack vectors at once. Wipro’s findings that endpoint attack vectors are fluctuating so quickly further support the need for ZTS enabled by Next-Gen Access as the primary security strategy to thwart breach attempts. Please click on the graphic to expand it for easier reading.

Conclusion

In quantifying the number and scope of breaches healthcare, banking & financial services, retail, education and manufacturing companies experienced in 2017, Wipro’s latest Wipro State of Cybersecurity Report shows how every identity is the new security perimeter of a business. Attack surfaces are proliferating with the growth of business models in each of these industries, accelerated by the Internet of Things (IoT) adoption and smart, connected products and systems. By relying on the four core pillars of verifying the identity of every user, validating every device, limiting access and privilege, as well as relying on machine learning to analyze user behavior and gain greater insights from analytics, Zero Trust Security thwarts breach attempts by protecting every threat surface in real-time.

58% Of All Healthcare Breaches Are Initiated By Insiders

  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). A copy of the study is available for download here (PDF, 20 pp., no opt-in).  The study is based on 1,368 incidents across 27 countries. Healthcare medical records were the focus of breaches, and the data victims were patients and their medical histories, treatment plans, and identities. The data comprising the report is a subset of Verizon’s Annual Data Breach Investigations Report (DBIR) and spans 2016 and 2017.

Why Healthcare Needs Zero Trust Security To Grow

One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What’s holding its growth back, however, is how porous healthcare digital security is. 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information, and 58% of breach attempts involve internal actors.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

Identities Need to Be Every Healthcare Providers’ New Security Perimeter

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system, and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).

The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

NGA is proving to be an effective strategy for thwarting stolen and sold healthcare provider’s privileged access credentials from gaining access to networks and systems, combining Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify is one of the leaders in this field, with expertise in the healthcare industry.

NGA can also assure healthcare providers’ privileged access credentials don’t make the best seller list on the Dark Web. Another recent study from Accenture titled, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. 24% of employees know of someone who has sold privileged credentials to outsiders, according to the survey. By verifying every login attempt from any location, NGA can thwart the many privilege access credentials for sale on the Dark Web.

The following are the key takeaways from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR):

  • 58% of healthcare security breach attempts involve inside actors, which makes it the leading industry for insider threats today. External actors are attempting 42% of healthcare breaches. Inside actors rely on their privileged access credentials or steal them from fellow employees to launch breaches the majority of the time. By utilizing NGA, healthcare providers can get this epidemic of internal security breaches under control by forcing verification for every access request, anywhere, on a 24/7 basis.

  • Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud. Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach.

  • Abusing privileged access credentials (66%) and abusing credentials and physical access points (17%) to gain unauthorized access comprise 82.9% of all misuse-based breach attempts and incidents. Verizon’s study accentuates that misuse of credentials and the breaching of physical access points with little or no security is intentional, deliberate and driven by financial gain the majority of the time. Internal, external and partner actors acting alone or in collaboration with each other know the easiest attack surface to exploit are accessed credentials, with database access being the goal half of the time. When there’s little to no protection on web application and payment card access points to a network, breaches happen. Shutting down privilege abuse starts with a solid ZTS strategy based on NGA where every login attempt is verified before access is granted and anomalies trigger MFA and further user validation. Please click on the graphic to expand it for easier reading.

  • 70.2% of all hacking attempts are based on stolen privileged access credentials (49.3%) combined with brute force to obtain credentials from POS terminals and controllers (20.9%). Hackers devise ingenious ways of stealing privileged access credentials, even resorting to hacking a POS terminal or controllers to get them. Healthcare insiders also steal credentials to gain access to mainframes, servers, databases and internal systems. Verizon’s findings below are supported by Accenture’s research showing that 18% of healthcare employees are willing to sell privileged access credentials and confidential data to unauthorized parties for as little as $500 to $1,000. Please click on the graphic to expand it for easier reading.

  • Hospitals are most often targeted for breaches using privileged access credentials followed by ambulatory health care services, the latter of which is seen as the most penetrable business via hacking and brute force credential acquisition. Verizon compared breach incidents by North American Industry Classification System (NAICS) and found privileged credential misuse is flourishing in hospitals where inside and outside actors seek to access databases and web applications. Internal, external and partner actors are concentrating on hospitals due to the massive scale of sensitive data they can attain with stolen privileged access credentials and quickly sell them or profit from them through fraudulent means. Verizon also says a favorite hacking strategy is to use USB drives to exfiltrate proprietary information and sell it to health professionals intent on launching competing clinics and practices. Please click on the graphic to expand it for easier reading.

Conclusion

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

Identities Are The New Security Perimeter

  • Privileged credentials for accessing an airport’s security system were recently for sale on the Dark Web for just $10, according to McAfee.
  • 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.
  • Apple employees in Ireland have been offered as much as €20,000 ($22,878) in exchange for their privilege access credentials in 2016, according to Business Insider.
  • Privileged access credentials belonging to more than 1 million staff at a top UK law firm have been found for sale on the Dark Web.

There’s been a 135% year-over-year increase in financial data for sale on the Dark Web between the first half of 2017 and the first half of 2018. The Dark Web is now solidly established as a globally-based trading marketplace for a myriad of privileged credentials including access procedures with keywords, and corporate logins and passwords where transactions happen between anonymous buyers and sellers. It’s also the online marketplace of choice where disgruntled, angry employees turn to for revenge against employers. An employee at Honeywell, angry over not getting a raise, used the Dark Web as an intermediary to sell DEA satellite tracking system data he accessed from unauthorized accounts he created to Mexican drug cartels for $2M. He was caught in a sting operation, the breach was thwarted, and he was arrested.

Your Most Vulnerable Threat Surface Is A Best Seller

Sites on the Dark Web offer lucrative payment in bitcoin and other anonymous currencies for administrators’ accounts at leading European, UK and North American banking institutions and corporations. Employees are offering their privileged credentials for sale to the highest bidder out of anger, revenge or for financial gain anonymously from online auction sites.

Privileged access credentials are a best-seller because they provide the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity, a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. This holds especially true when the organizations are not applying multi-factor authentication (MFA) or risk-based access controls to limit any type of lateral movement after unauthorized access. Without these security measures in place, hackers can quickly access any digital businesses’ most valuable systems to exfiltrate valuable data or sabotage systems and applications.

81% of all hacking-related breaches leverage either stolen and weak passwords, according to Verizon’s 2017 Data Breach Investigations Report. A recent study by Centrify and Dow Jones Customer Intelligence titled, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in), found that CEOs can reduce the risk of a security breach by rethinking their Identity and Access Management (IAM) strategies. 68% of executives whose companies experienced significant breaches in hindsight believe that the breach could have been prevented by implementing more mature identity and access management strategies.

In A Zero Trust World, Identities Are The New Security Perimeter

The buying and selling of privileged credentials are proliferating on the Dark Web today and will exponentially increase in the years to come. Digital businesses need to realize that dated concepts of trusted and untrusted domains have been rendered ineffective. Teams of hackers aren’t breaking into secured systems; they’re logging in.

Digital businesses who are effective in thwarting privileged credential access have standardized on Zero Trust Security (ZTS) to ensure every potentially compromised endpoint, and threat surface within and outside a company is protected. Not a single device, login attempt, resource requested or other user-based actions are trusted, they are verified through Next-Gen Access (NGA).

Zero Trust Security relies upon four pillars: real-time user verification, device validation, access and privilege limitation, while also learning and adapting to verified user behaviors. Leaders in this area such as Centrify are relying on machine learning technology to calculate risk scores based on a wide spectrum of variables that quantitatively define every access attempt, including device, operating system, location, time of day, and several other key factors.

Depending on their risk scores, users are asked to validate their true identity through MFA further. If there are too many login attempts, risk scores increase quickly, and the NGA platform will automatically block and disable an account. All this happens in seconds and is running on a 24/7 basis ― monitoring every attempted login from anywhere in the world.

A recent Forrester Research thought leadership paper titled, Adopt Next-Gen Access to Power Your Zero Trust Strategy (14 pp., PDF, opt-in), provides insights into how NGA enables ZTS to scale across enterprises, protecting every endpoint and threat surface. The study found 32% of enterprises are excelling at the four ZTS pillars of verifying the identity of every user, validating every device using Mobile Data Management (MDM) and Mobile App Management (MAM), limiting access and privileges and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

NGA is a proven strategy for thwarting stolen and sold privileged access credentials from gaining access to a digital business’ network and systems, combining Identity-as-a-Service, Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Forrester found that scalable Zero Trust Security strategies empowered by NGA lead to increased organization-wide productivity (71%), reduced overall risk (70%) and reduced cost on compliance initiatives (70%).

Additionally, insights gained from user behavior through machine learning allow for greater efficiency — both on reduced compliance (31% more confident) and overall security costs (40% more likely to be confident), as well through increased productivity for the organization (8% more likely to be confident). The following graphic from the study ranks respondents’ answers.

Conclusion

Making sure your company’s privileged access credentials don’t make the best seller list on the Dark Web starts with a strong, scalable ZTS strategy driven by NGA. Next-Gen Access continually learns the behaviors of verified users, solving a long-standing paradox of user experience in security and access management. However, every digital business needs to focus on how the four pillars of Zero Trust Security apply to them and how they can take a pragmatic, thorough approach to secure every threat surface they have.

IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now

  • Digital businesses that lost less than 1% of their customers due to a data breach incurred a cost of $2.8M, and if 4% or more were lost the cost soared to $6M.
  • U.S. based breaches are the most expensive globally, costing on average $7.91M with the highest global notification cost as well, $740,000.
  • A typical data breach costs a company $3.86M, up 6.4% from $3.62M last year.
  • Digital businesses that have security automation can minimize the costs of breaches by $1.55M versus those businesses who are not ($2.88M versus $4.43M).
  • 48% of all breaches are initiated by malicious or criminal attacks.
  • Mean-time-to-identify (MTTI) a breach is 197 days, and the mean-time-to-contain (MTTC) is 69 days.

These and many other insights into the escalating costs of security breaches are from the 2018 Cost of a Data Breach Study sponsored by IBM Security with research independently conducted by Ponemon Institute LLC. The report is downloadable here (PDF, 47 pp. no opt-in).

The study is based on interviews with more than 2,200 compliance, data protection and IT professionals from 477 companies located in 15 countries and regions globally who have experienced a data breach in the last 12 months. This is the first year the use of Internet of Things (IoT) technologies and security automation are included in the study. The study also defines mega breaches as those involving over 1 million records and costing $40M or more. Please see pages 5, 6 and 7 of the study for specifics on the methodology.

The report is a quick read and the data provided is fascinating. One can’t help but reflect on how legacy security technologies designed to protect digital businesses decades ago isn’t keeping up with the scale, speed and sophistication of today’s breach attempts. The most common threat surface attacked is compromised privileged credential access. 81% of all breaches exploit identity according to an excellent study from Centrify and Dow Jones Customer Intelligence, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in).

The bottom line from the IBM, Centrify and many other studies is that we’re in a Zero Trust Security (ZTS) world now and the sooner a digital business can excel at it, the more protected they will be from security threats. ZTS begins with Next-Gen Access (NGA) by recognizing that every employee’s identity is the new security perimeter for any digital business.

Key takeaways from the study include the following:

  • U.S. based breaches are the most expensive globally, costing on average $7.91M, more than double the global average of $3.86M. Nations in the Middle East have the second-most expensive breaches globally, averaging $5.31M, followed by Canada, where the average breach costs a digital business $4.74M. Globally a breach costs a digital business $3.86M this year, up from $3.62M last year. With the costs of breaches escalating so quickly and the cost of a breach in the U.S. leading all nations and outdistancing the global average 2X, it’s time for more digital businesses to consider a Zero Trust Security strategy. See Forrester Principal Analyst Chase Cunningham’s recent blog post What ZTX Means For Vendors And Users, from the Forrester Research blog for where to get started.

  • The number of breached records is soaring in the U.S., the 3rd leading nation of breached records, 6,850 records above the global average. The Ponemon Institute found that the average size of a data breach increased 2.2% this year, with the U.S. leading all nations in breached records. It now takes an average of 266 days to identify and contain a breach (Mean-time-to-identify (MTTI) a breach is 197 days and the mean-time-to-contain (MTTC) is 69 days), so more digital businesses in the Middle East, India, and the U.S. should consider reorienting their security strategies to a Zero Trust Security Model.

  • French and U.S. digital businesses pay a heavy price in customer churn when a breach happens, among the highest in the world. The following graphic compares abnormally high customer churn rates, the size of the data breach, average total cost, and per capita costs by country.

  • U.S. companies lead the world in lost business caused by a security breach with $4.2M lost per incident, over $2M more than digital businesses from the Middle East. Ponemon found that U.S. digitally-based businesses pay an exceptionally high cost for customer churn caused by a data breaches. Factors contributing to the high cost of lost business include abnormally high turnover of customers, the high costs of acquiring new customers in the U.S., loss of brand reputation and goodwill. U.S. customers also have a myriad of competitive options and their loyalty is more difficult to preserve. The study finds that thanks to current notification laws, customers have a greater awareness of data breaches and have higher expectations regarding how the companies they are loyal to will protect customer records and data.

Conclusion

The IBM study foreshadows an increasing level of speed, scale, and sophistication when it comes to how breaches are orchestrated. With the average breach globally costing $4.36M and breach costs and lost customer revenue soaring in the U.S,. it’s clear we’re living in a world where Zero Trust should be the new mandate.

Zero Trust Security starts with Next-Gen Access to secure every endpoint and attack surface a digital business relies on for daily operations, and limit access and privilege to protect the “keys to the kingdom,” which gives hackers the most leverage. Security software providers including Centrify are applying advanced analytics and machine learning to thwart breaches and many other forms of attacks that seek to exploit weak credentials and too much privilege. Zero Trust is a proven way to stay at parity or ahead of escalating threats.

Zero Trust Security Is The Growth Catalyst IoT Needs

  • McKinsey predicts the Internet of Things (IoT) market will be worth $581B for ICT-based spend alone, growing at a Compound Annual Growth Rate (CAGR) between 7 and 15% according to their study Internet of Things The IoT opportunity – Are you ready to capture a once-in-a-lifetime value pool?
  • By 2020, Discrete Manufacturing, Transportation & Logistics and Utilities industries are projected to spend $40B each on IoT platforms, systems, and services according to Statista.
  • The Industrial Internet of Things (IIoT) market is predicted to reach $123B in 2021, attaining a CAGR of 7.3% through 2020 according to Accenture.

IoT is forecast to be one of the tech industry’s fastest-growing sectors in the next three to five years, as many market estimates like the ones above illustrate. The one factor that will fuel IoT to rapidly grow to new heights or deflate demand just as quickly is security across the myriad of endpoints.

Zero Trust Security (ZTS) is the force multiplier IoT needs to reach its true potential and must be designed into IoT networks if they are going to flex and scale for every endpoint and protect every threat surface.

IoT Needs A Security Wake-Up Call Now  

Industrial Control Systems (ICS) provides a cautionary tale for anyone who thinks enterprise networks don’t need endpoint security and the ability to control access from any point inside or outside an organization.

Chemical, electricity, food & beverage, gas, healthcare, oil, transportation, water services and other key infrastructure industries have relied on ICS applications and platforms for decades. They were designed to deliver reliability and uptime first with little if any effort put into securing them.

However, the glaring security gaps in ICS provide the following lessons for IoT adoption now and in the future:

  • Only digitally enable an endpoint that can verify if every person or device attempting access is authorized, down to the risk score and device level. ICS endpoints were added as fast as utility companies and manufacturers could enable them with speed of deployment, reliability measurement, and uptime being the highest priorities. Security wasn’t a priority with the results being predictable: now many nations’ power grids are vulnerable to attack due to this oversight. With IoT, utilities need to start designing in security to the sensor level using Next-Gen Access as the foundation, leveraging Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM) to enable Zero Trust strategies organization-wide. Next-Gen Access calculates a risk score predicated on previous authorized login and resource access patterns for each verified account.  When there is an anomaly in account credentials’ use, users are requested to verify with Multi-Factor Authentication (MFA).
  • An ICS doesn’t learn from security mistakes, while NGA gets smarter with every breach attempt. A typical ICS is designed to make operations more efficient and reliable, not secure. Even with many endpoints of an ICS being digitally-enabled today with device retrofitting common, security still isn’t a priority. Instead of digitally enabling IoT sensors purely for efficiency, Next-Gen Access needs to be designed in at the sensor level to protect entire networks. Zero Trust Security’s four main pillars are to verify the user, validate their device, limit access and privilege, and learn and adapt. Machine learning is relied on for learning and adapting in real-time to access requests and threats.
  • ICS assumes no bad actors exist while NGA knows how to stop them. Bad actors, or those who want to breach a system for financial gain or to harm a business, aren’t just outside. Verizon’s 2017 Data Breach Investigations Report finds that 25% of all breaches are initiated from inside an organization and 75% outside which makes NGA essential for attaining Zero Trust Security on an enterprise level. Of the ICS being protected today, the majority are reliant on trusted and untrusted domains, a security technology over two decades old. When organized crime, state-sponsored hacking organizations or internal employees can quickly compromise privileged credentials, entire utility systems are at risk.
  • Replacing security-obsolete ICS with IoT-based systems that have NGA designed in to flex for every person and device shuts down physical and digital attack vectors organization-wide. The strategic security plan for any IoT-enabled enterprise has to prioritize faster automated discovery, configuration and response if it’s going to survive against highly orchestrated attacks. NGA has proven effective at thwarting unauthorized privileged credential attacks while continually learning from usage patterns of authorized and unauthorized users.

Conclusion

ICS have some of the most porous, incomplete security perimeters of any enterprise systems. 63% of all ICS-related vulnerabilities cause processing plants to lose control of operations, and 71% can obfuscate or block the view of operations immediately according to the Dragos Industrial Control Vulnerabilities 2017 in Review.  ICS needs an overhaul starting with Next-Gen Access, enabling Zero Trust Security across every employee and device that forms an organizations’ security perimeter.

Bain & Company released a study on the price elasticity of IoT-enabled products by security level. They found that 93% of the executives surveyed would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9B to $11B.

The speed at which manufacturers are building smart, connected products accentuates the need for Zero Trust Security powered by Next-Gen Access from their inception. Security as an afterthought won’t be effective at the scale and pace of IoT.

Source: Bain Snap Chart, July 98, 2018 Better IoT Security Could Grow Device Market

 

Zero Trust Security Update From The SecurIT Zero Trust Summit

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords.
  • 53% of enterprises feel they are more susceptible to threats since 2015.
  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year.

These and many other fascinating insights are from SecurIT: the Zero Trust Summit for CIOs and CISOs held last month in San Francisco, CA. CIO and CSO produced the event that included informative discussions and panels on how enterprises are adopting Next-Gen Access (NGA) and enabling Zero Trust Security (ZTS). What made the event noteworthy were the insights gained from presentations and panels where senior IT executives from Akamai, Centrify, Cisco, Cylance, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone shared their key insights and lessons learned from implementing Zero Trust Security.

Zero Trust’s creator is John Kindervag, a former Forrester Analyst, and Field CTO at Palo Alto Networks.  Zero Trust Security is predicated on the concept that an organization doesn’t trust anything inside or outside its boundaries and instead verifies anything and everything before granting access. Please see Dr. Chase Cunningham’s excellent recent blog post, What ZTX means for vendors and users, for an overview of the current state of ZTS. Dr. Chase Cunningham is a Principal Analyst at Forrester.

Key takeaways from the Zero Trust Summit include the following:

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords. Tom Kemp, Co-Founder, and CEO, Centrify, provided key insights into the current state of enterprise IT security and how existing methods aren’t scaling completely enough to protect every application, endpoint, and infrastructure of any digital business. He illustrated how $86B was spent on cybersecurity, yet a stunning 66% of companies were still breached. Companies targeted for breaches averaged five or more separate breaches already. The following graphic underscores how identities are the new enterprise perimeter, making NGA and ZTS a must-have for any digital business.

  • 53% of enterprises feel they are more susceptible to threats since 2015. Chase Cunningham’s presentation, Zero Trust and Why Does It Matter, provided insights into the threat landscape and a thorough definition of ZTX, which is the application of a Zero Trust framework to an enterprise. Dr. Cunningham is a Principal Analyst at Forrester Research serving security and risk professionals. Forrester found the percentage of enterprises who feel they are more susceptible to threats nearly doubled in two years, jumping from 28% in 2015 to 53% in 2017. Dr. Cunningham provided examples of how breaches have immediate financial implications on the market value of any business with specific focus on the Equifax breach.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year. 43% of confirmed breaches in the last 12 months are from an external attack, 24% from internal attacks, 17% are from third-party incidents and 16% from lost or stolen assets. Consistent with Verizon’s 2018 Data Breach Investigations Report use of privileged credential access is a leading cause of breaches today.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

                       

  • One of Zero Trust Security’s innate strengths is the ability to flex and protect the perimeter of any growing digital business at the individual level, encompassing workforce, customers, distributors, and Akamai, Cisco, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone each provided examples of how their organizations are relying on NGA to enable ZTS enterprise-wide. Every speaker provided examples of how ZTS delivers several key benefits including the following: First, ZTS reduces the time to breach detection and improves visibility throughout a network. Second, organizations provided examples of how ZTS is reducing capital and operational expenses for security, in addition to reducing the scope and cost of compliance initiatives. All companies presenting at the conference provided examples of how ZTS is enabling greater data awareness and insight, eliminating inter-silo finger-pointing over security responsibilities and for several, enabling digital business transformation. Every organization is also seeing ZTS thwart the exfiltration and destruction of their data.

Conclusion

The SecurIT: the Zero Trust Summit for CIOs and CISOs event encapsulated the latest advances in how NGA is enabling ZTS by having enterprises who are adopting the framework share their insights and lessons learned. It’s fascinating to see how Akamai, Cisco, Intel, Live Nation Entertainment, YapStone, and others are tailoring ZTS to their specific customer-driven goals. Each also shared their plans for growth and how security in general and NGA and ZTS specifically are protecting customer and company data to ensure growth continues, uninterrupted.

 

 

Analytics Are Empowering Next-Gen Access And Zero Trust Security

Employee identities are the new security perimeter of any business.

80% of IT security breaches involve privileged credential access according to a Forrester study. According to the Verizon Mobile Security Index 2018 Report, 89% of organizations are relying on just a single security strategy to keep their mobile networks safe. And with Gartner predicting worldwide security spending reaching $96B this year, up 8% from 2017, it’s evident enterprises must adopt a more vigilant, focused strategy for protecting every threat surface and access point of their companies. IT security strategies based on trusted and untrusted domains are being rendered insufficient as hackers camouflage their attacks through compromised, privileged credentials. It’s happening so often that eight in ten breaches are now the result of compromised employee identities.

Thus, taking a Zero Trust Security (ZTS) approach to ensure every potential threat surface and endpoint, both within and outside a company, is protected, has become vital in today’s dynamic threat landscape. ZTS is an essential strategy for any digital business whose perimeters flex in response to customer demand, are using the Internet of Things (IoT) sensors to streamline supply chain and production logistics, and have suppliers, sales teams, support, and services all using mobile apps.  ZTS begins with Next-Gen Access (NGA) by providing companies with the agility they need to secure applications, devices, endpoints, and infrastructure as quickly as needed to support company growth. Both NGA and ZTS are empowered by analytics to anticipate and thwart a wide variety of cyber threats, the most common of which is compromised credential access.

How NGA Leverages Analytics to Secure Every Endpoint

NGA validates every access attempt by capturing and quickly analyzing a wide breadth of data including user identity, device, device operating system, location, time, resource request, and several other factors. As NGA is designed to verify every user and access attempt, it’s foundational to attaining Zero Trust Security across an IT infrastructure. One of the fascinating areas of innovation in enterprise security today is the rapid adoption of analytics and machine learning for verifying users across diverse enterprise networks. NGA platforms calculate and assign a risk score to every access attempt, determining immediately if verified users will get immediate access to resources requested, or be asked to verify their identity further through Multi-Factor Authentication (MFA).

Machine learning-based NGA platforms including Centrify calculate a risk score that quantifies the relative level of trust based on every access attempt across an IT infrastructure. NGA platforms rely on machine learning algorithms to continuously learn and generate contextual intelligence that is used to streamline verified user’s access while thwarting many potential threats ― the most common of which is compromised credentials. IT security teams can combine the insights gained from machine learning, user profiles, and contextual intelligence to fine-tune the variables and attributes that calculate risk scores using cloud-enabled analytics services.  An example of Centrify’s Analytics Services dashboard is shown below:

Visibility and Analytics are a Core Pillar of ZTS

Analytics, machine learning and their combined potential to produce contextual intelligence, real-time risk scores, and secure company perimeters to the individual access attempt level need a continual stream of data to increase their accuracy. Forrester’s Zero Trust Framework, shown below, illustrates how an enterprise-wide ZTS security strategy encompasses workloads, networks, devices, and people.  NGA is the catalyst that makes ZTS scale into each of these areas. It’s evident from the diagram how essential visibility and analytics are to a successful ZTS strategy. NGA provides incident data including reports of anomalous or atypical login and attempted resource behavior. Visibility and analytics applications from IBM, Splunk, Sumologic, and others are relied on to aggregate the data, anticipating and predicting breaches and advanced attacks. The result is a ZTS security strategy that begins with NGA that flexes and scales to the individual perimeter level as a digital business grows.

Source: What ZTX Means For Vendors And Users, Forrester Research Blog, January 23, 2018., Chase Cunningham, Principal Analyst.

Conclusion

Every company, whether they realize it or not, is in a race against time to secure every threat surface that could be compromised and used to steal or destroy data and systems.  Relying on yesterday’s security technologies to protect against tomorrow’s sophisticated, well-orchestrated threats isn’t scaling. Reading through the Verizon Mobile Security Index 2018 Report illustrates why Zero Trust Security is the future. Improving visibility throughout the network and reducing the time to breach detection, stopping malware propagation and reducing the scope and cost of internal and regulatory-mandated compliance requirements are just a few of the business benefits. Analytics and machine learning are the fuel enabling NGA to scale and support ZTS strategies’ success today.

Three Ways Machine Learning Is Revolutionizing Zero Trust Security

Bottom Line: Zero Trust Security (ZTS) starts with Next-Gen Access (NGA). Capitalizing on machine learning technology to enable NGA is essential in achieving user adoption, scalability, and agility in securing applications, devices, endpoints, and infrastructure.

How Next-Gen Access and Machine Learning Enable Zero Trust Security

Zero Trust Security provides digital businesses with the security strategy they need to keep growing by scaling across each new perimeter and endpoint created as a result of growth. ZTS in the context of Next-Gen Access is built on four main pillars: (1) verify the user, (2) validate their device, (3) limit access and privilege, and (4) learn and adapt. The fourth pillar heavily relies on machine learning to discover risky user behavior and apply for conditional access without impacting user experience by looking for contextual and behavior patterns in access data.

As ZTS assumes that untrusted users or actors already exist both inside and outside the network, machine learning provides NGA with the capability to assess data about users, their devices, and behavior to allow access, block access, or enforce additional authentication. With machine learning, policies and user profiles can be adjusted automatically and in real-time. While NGA enabled by machine learning is delivering dashboards and alerts, the real-time response to security threats predicated on risk scores is very effective in thwarting breaches before they start.

Building NGA apps based on machine learning technology yields the benefits of being non-intrusive, supporting the productivity of workforce and business partners, and ultimately allowing digital businesses to grow without interruption. For example, Centrify’s rapid advances in machine learning and Next-Gen Access to enable ZTS strategies makes this company one of the most interesting to watch in enterprise security.

The following are three ways machine learning is revolutionizing Zero Trust Security:

  1. Machine learning enables enterprises to adopt a risk-based security strategy that can flex with their business as it grows. Many digital businesses have realized that “risk is security’s new compliance,” and therefore are implementing a risk-driven rather than a compliance-driven approach. Relying on machine learning technology to assess user, device, and behavioral data for each access request derives a real-time risk score. This risk score can then be used to determine whether to allow access, block access, or step up authentication. In evaluating each access request, machine learning engines process multiple factors, including the location of the access attempt, browser type, operating system, endpoint device status, user attributes, time of day, and unusual recent privilege change. Machine learning algorithms are also scaling to take into account unusual command runs, unusual resource access histories, and any unusual accounts used, unusual privileges requested and used, and more. This approach helps thwart comprised credential attacks, which make up 81% of all hacking-related data breaches, according to Verizon.
  2. Machine learning makes it possible to accomplish security policy alignment at scale. To keep pace with a growing digital business’ need to flex and scale to support new business models, machine learning also assists in automatically adjusting user profiles and access policies based on behavioral patterns. By doing so, the need for IT staffers to review and adjust policies vanishes, freeing them up to focus on things that will grow the business faster and more profitably. On the other hand, end users are not burdened with step-up authentication once a prior abnormal behavior is identified as now typical behavior and therefore both user profile and policies updated.
  3. Machine learning brings greater contextual intelligence into authentication, streamlining the experience and increasing user adoption. Ultimately, the best security is transparent and non-intrusive. That’s where the use of risk-based authentication and machine learning technology comes into play. The main impediment to adoption for multi-factor authentication has been the perceived impact on the productivity and agility of end users. A recent study by Dow Jones Customer Intelligence and Centrify revealed that 62% of CEOs state that multi-factor authentication (MFA) is difficult to manage and is not user-friendly, while only 41% of technical officers (CIOs, CTOs, and CISOs) agree with this assessment. For example, having to manually type in a code that has been transmitted via SMS in addition to the already supplied username and password is often seen as cumbersome. Technology advancements are removing some of these objections by offering a more user-friendly experience, like eliminating the need to manually enter a one-time password on the endpoint, by enabling the user to simply click a button on their smartphone. Nonetheless, some users still express frustration with this additional step, even if it is relatively quick and simple. To overcome these remaining barriers to adoption, machine learning technology contributes to minimizing the exposure to step up authentication over time, as the engine learns and adapts to the behavioral patterns.

In Conclusion

Zero Trust Security through the power of Next-Gen Access is allowing digital businesses to continue on their path of growth while safeguarding their patented ideas and intellectual property. Relying on machine learning technology for Next-Gen Access results in real-time security, allowing to identify high-risk events and ultimately greatly minimizing the effort required to identify threats across today’s hybrid IT environment.

%d bloggers like this: