Skip to content

Posts tagged ‘Palo Alto Networks’

Debunking The Myth That Greater Compliance Makes IT More Secure

Debunking The Myth That Greater Compliance Makes IT More Secure

Bottom Line:  Excelling at compliance doesn’t protect any business from being hacked, yet pursuing a continuous risk management strategy helps.

With a few exceptions (such as spearphishing), cyberattacks are, by nature, brutally opportunistic and random. They are driven to disrupt operations at best and steal funds, records, and privileged access credentials at worst. Conversely, the most important compliance event of all, audits, are planned for, often months in advance. Governance, Risk, and Compliance (GRC) teams go to Herculean efforts to meet and exceed audit prep timelines working evenings and weekends.

Wanting to learn more about the relationship between GRC and cybersecurity strategy, I searched for webinars on the topic. I found Improve Your Compliance Posture with Identity-Centric PAM, a recent webinar-on-demand offered by Centrify. The webinar brought up several interesting insights, including shared pains companies experience with compliance and cybersecurity, yet require drastically different approaches to solving them.

Rationalizing Compliance Spending with Cybersecurity

The truth is organizations are attempting to rationalize the high costs of compliance by looking for how GRC spend can also improve cybersecurity. This is a dangerous assumption, as Marriott’s third breach indicates. Marriott is an excellently managed business and sets standards in compliance. Unfortunately, that hasn’t thwarted three breaches they’ve experienced.

Why are organizations assuming GRC spending will improve cybersecurity? It’s because both areas share a common series of pains that require different solutions, according to the webinar. These pains include:

  • Updates to regulations are exponentially increasing today, averaging 200 or more per day from approximately 900 oversight agencies worldwide, leading to a quickly changing, heterogeneous landscape. Dr. Torsten George, Cybersecurity Evangelist at Centrify, said that when he worked in the GRC space, the midsize clients he worked with had to deal with 17 different regulations. Larger organizations that operate on a global basis are dealing with, on average, 70 or more regulations they need to stay in compliance with. Dr. George provided an overview of the compliance landscape, differentiating between the levels compliance requirements every organization needs to abide by, which is shown below:
  • Compliance is, by nature, reactive to a known event (audit), while cybersecurity is also entirely reactive to random events (cyberattacks). GRC teams need to ramp up their staff and equip them with the apps and tools they need at least six months before an audit. For cybersecurity, the threat is random and will most likely be more severe in terms of financial loss. Preparing for each takes entirely different strategies.
  • The lack of continuous risk monitoring by GRC teams and identity management by IT cybersecurity leads to systemic failures in achieving compliance and securing an organization. The webinar makes an excellent point that for compliance to succeed, it needs to be based on continuous risk management, not just checking off the boxes or categories of a given GRC approach. The same holds for cybersecurity. Identity-Centric Privileged Access Management (PAM) provides GRC and IT professionals mutual benefits when it comes to achieving the mission of being and staying compliant, and shows how securing enterprises drive better compliance, not vice versa.
  • Manually updating compliance mapping tables showing the interrelationships of requirements by industry is not scaling – and leaving gaps in GRC coverage. The more regulated a business is, for example manufacturing medical products, the more important it is to automate every aspect of compliance. A great place to start is automating the process of creating mapping tables. Taking a manual approach to creating mapping tables comparing standards often leads to errors and gaps. And in highly regulated industries like medical products manufacturing, the accuracy, speed, and scale of staying compliant can be turned into a competitive advantage, leading to more sales.

How To Resolve The Conflict Between GRC and Cybersecurity Spending

According to the webinar, 80% of today’s data breaches are caused by default, weak, stolen, or otherwise compromised credentials. GRC and cybersecurity strategies’ best efforts need to be put on securing privileged access first. The webinar makes a strong argument for prioritizing privileged access security as the initiative that can unify GRC and cybersecurity strategies.

Key insights from the webinar include the following:

  • Industry standards and government regulations are calling for identity and access management as a requirement, with several specifically naming privilege access controls.
  • Identity-Centric Privileged Access Management (PAM) approaches help meet compliance mandates, while at the same time hardening cybersecurity to the threat surface level.
  • Attaining greater compliance by taking an Identity-Centric PAM approach ensures machines have secured identities as well, and the use of anonymous access accounts is limited to break-glass scenarios only, while organizations should otherwise be leveraging enterprise directory identities for the authentication and authorization process.
  • Improving accountability and segmentation by establishing granular security controls and auditing everything helps bridge the gap between GRC and cybersecurity initiatives.
Debunking The Myth That Greater Compliance Makes IT More Secure

Conclusion

Continuous risk management is key to excelling at compliance, just as securing privileged access credentials is foundational to an effective cybersecurity strategy. Dr. Torsten George ended the webinar saying, “In the long term, I believe that the current situation that we’re dealing with and its associated spike of cyber-attacks will lead to even stricter compliance mandates; especially when it comes to secure remote access by key IT stakeholders and outsourced IT.” The bottom line is that compliance and cybersecurity must share the common goal of protecting their organizations’ privileged access credentials using adaptive approaches and technologies if both are going to succeed.

 

 

Why Cybersecurity Needs To Focus More On Customer Endpoints

Why Cybersecurity Needs To Focus More On Customer Endpoints

  • Cloud-based endpoint protection platforms (EPP) are proliferating across enterprises today as CIOs and CISOs prioritize greater resiliency in their endpoint security strategies going into 2020.
  • Gartner predicts that Global Information Security and Risk Management end-user spending is forecast to grow at a five-year CAGR of 9.2% to reach $174.5 billion in 2022, with approximately $50B spent on endpoint security.
  • Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
  • 70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.

There’s a surge of activity happening right now in enterprises that are prioritizing more resiliency in their endpoint security strategies going into 2020. The factors motivating CIOs, CISOs, IT, and Practice Directors to prioritize endpoint resiliency include more effective asset management based on real-time data while securing and ensuring every endpoint can heal itself using designed-in regenerative software at the BIOS level of every device. CIOs say the real-time monitoring helps reduce asset management operating expense, a big plus many of them appreciate give their tight budgets. Sean Maxwell, Chief Commercial Officer at Absolute, says, “Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning.”

The Endpoint Market Is Heating Up Going Into 2020

Over thirty vendors are competing in the endpoint security market right now. A few of the most interesting are Absolute Software, Microsoft, Palo Alto Networks, and others who are seeing a surge of activity from enterprises based on discussions with CIOs and CISOs. Absolute Software’s Persistence self-healing endpoint security technology is embedded in the firmware of more than 500 million devices and gives CIOs, CISOs and their team’s complete visibility and control over devices and data. Absolute is the leading visibility and control platform that provides enterprises with tamper-proof resilience and protection of all devices, data, and applications.

Like Absolute, Microsoft is unique in how they are the only vendor to provide built-in endpoint protection at the device level, with the core focus being on the OS. Windows 10 has Windows Defender Antivirus now integrated at the OS level, the same System Center Endpoint Protection delivers in Windows 7 and 8 OS. Microsoft Defender Advanced Threat Protection (ATP) incident response console aggregates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP, and Active Directory, in addition to Azure.

Further evidence of how enterprise customers are placing a high priority on endpoint security is the increase in valuations of key providers in this market, including Absolute Software (TSE: ABT) and others. Absolute’s stock price has jumped 13% in just a month, following their latest earnings announcement on November 12th with a transcript of their earnings call here. Absolute’s CEO Christy Wyatt commented during the company’s most recent earnings call that, “The ability to utilize near real-time data from the endpoint to… to deliver actionable insights to IT about where controls are failing and the ability to apply resilience to self-heal and reinforce those security controls will become a critical skill for every one of our customers. This is the essence of Absolute’s platform, which adds resiliency to our customer’s operations.” It’s evident from what CIOs and CISOs are saying that resiliency is transforming endpoint security today and will accelerate in 2020.

Key Takeaways From Conversations With Enterprise Cybersecurity Leaders

The conversations with CIOs, CISOs, and IT Directors provided valuable insights into why resiliency is becoming a high priority for endpoint security strategies today. The following are key takeaways from the conversations:

  • Known humorously as the “fun button” cybersecurity teams enjoy being able to brick any device any time while monitoring the activity happening on it in real-time. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA), and one had been resold on the back market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded, at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image re-build “brick me.”
  • IT budgets for 2020 are flat or slightly up, with many CIOs being given the goal of reducing asset management operating expenses, making resiliency ideal for better managing device costs. The more effectively assets are managed, the more secure an organization becomes. That’s another motivating factor motivating enterprises to adopt resiliency as a core part of the endpoint security strategies.
  • One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.
  • Endpoints enabled with Resiliency have proven their ability to autonomously self-heal themselves, earning the trust of CIOs and CISOs, who are adopting Absolute to alleviate costly network interruptions and potential breaches in the process. 19% of endpoints across a typical IT network require at least one client or patch management repair monthly, according to Absolute’s 2019 Endpoint Security Trends Report. The report also found that increasing security spending on protecting endpoints doesn’t increase an organizations’ safety – and in some instances, reduces it. Having a systematic, design-in solution to these challenges gives CIOs, CISO, and their teams greater peace of mind and reduces expensive interruptions and potential breaches that impede their organizations’ growth.

 

5 Ways To Demystify Zero Trust Security

Bottom Line: Instead of only relying on security vendors’ claims about Zero Trust, benchmark them on a series of five critical success factors instead, with customer results being key.

Analytics, Zero Trust Dominated RSA

Analytics dashboards dominated RSA from a visual standpoint, while Zero Trust Security reigned from an enterprise strategy one. Over 60 vendors claimed to have Zero Trust Security solutions at RSA, with each one defining the concept in a slightly different way.

RSA has evolved into one of the highest energy enterprise-focused conferences today, and in 2019 Zero Trust was center stage in dozens of vendor booths. John Kindervag created the Zero Trust Security framework while at Forrester in 2010. Chase Cunningham, who is a Principal Analyst at Forrester today, is a leading authority on Zero Trust and frequently speaks and writes on the topic. Be sure to follow his blog to stay up to date with his latest research. His most recent post, OK, Zero Trust Is An RSA Buzzword — So What?, captures the current situation on Zero Trust perfectly. Becca Chambers’ blog post, Talking All Things Zero Trust at RSA Conference 2019, includes an insightful video of how the conferences’ attendees define Zero Trust.

With so many vendors claiming to offer Zero Trust solutions, how can you tell which ones have enterprise-ready, scalable solutions?  The following are five ways to demystify Zero Trust:

  1. Customer references are willing to talk and case studies available. With the ambitious goal of visiting every one of the 60 vendors who claimed to have a Zero Trust solution at RSA, I quickly realized that there’s a dearth of customer references. To Chase Cunningham’s point, more customer use cases need to be created, and thankfully that’s on his research agenda. Starting the conversation with each vendor visited by asking for their definition of Zero Trust either led to a debate of whether Zero Trust was needed in the industry or how their existing architecture could morph to fit the framework. Booth staffs at the following companies deserve to be commended for how much they know about their customers’ success with Zero Trust: AkamaiCentrifyCiscoMicrosoftMobileIronPalo Alto NetworksSymantec, and Trend Micro. The team at Ledios Cyberwho was recently acquired by Capgemini, was demonstrating how Zero Trust applied to Industrial Control Systems and shared a wealth of customer insights as well.
  2. Defines success by their customers’ growth, stability and earned trust instead of relying on fear. A key part of de-mystifying Zero Trust is seeing how effective vendors are at becoming partners on the journey their customers are on. While in the Centrify booth I learned of how Interval International has been able to implement a least privilege model for employees, contractors, and consultants, streamline user onboarding, and enable the company to continue its rapid organic growth. At MobileIron, I learned how NASDAQ is scaling mobile applications including CRM to their global sales force on a Zero Trust platform. The most customer-centric Zero Trust vendors tend to differentiate on earned trust over selling fear.
  3. Avoid vendors who have a love-hate relationship with Zero Trust. Zero Trust is having an energizing effect on the security landscape as it provides vendors with a strategic framework they can differentiate themselves in. Security vendors are capitalizing on the market value right now, with product management and engineering teams working overtime to get new applications and platforms ready for market. I found a few vendors who have a love-hate relationship with Zero Trust. They love the marketing mileage or buzz, yet aren’t nearly as enthusiastic about changing product and service strategies. If you’re looking for Zero Trust solutions, be sure to watch for this and find a vendor who is fully committed.
  4. Current product strategies and roadmaps reflect a complete commitment to Zero Trust. Product demos at RSA ranged from supporting the fundamentals of Zero Trust to emulating its concepts on legacy architectures. One of the key attributes to look for is how perimeterless a given security application is that claims to support Zero Trust. How well can a given application protect mobile devices? An IoT device? How can a given application or security platform scale to protect privileged credentials? These are all questions to ask of any vendor who claims to have a Zero Trust solution. Every one of them will have analytics options; the question is whether they fit with your given business scenario. Finally, ask to see how Zero Trust can be automated across all user accounts and how privileged access management can be scaled using Identity Access Management systems including password vaults and Multi-Factor Authentication (MFA).
  5. A solid API strategy for scaling their applications and platforms with partner successes that prove it. One of the best questions to gauge the depth of commitment any vendor has to Zero Trust is to ask about their API strategy. It’s interesting to hear how vendors with Zero Trust-based product and services strategies are scaling inside their largest customers using APIs. Another aspect of this is to see how many of their services, system integration, technology partners are using their APIs to create customized solutions for customers. Success with an API strategy is a leading indicator of how reliably any Zero Trust vendor will be able to scale in the future.

Conclusion

RSA is in many ways a microcosm of the enterprise security market in general and Zero Trust specifically. The millions of dollars in venture capital invested in security analytics and Zero Trust made it possible for vendors to create exceptional in-booth experiences and demonstrations – much the same way venture investment is fueling many of their roadmaps and sales teams. Zero Trust vendors will need to provide application roadmaps that show their ability to move beyond prevention of breaches to more prediction, at the same time supporting customers’ needs to secure infrastructure, credentials, and systems to ensure uninterrupted growth.

Digital Transformation’s Missing Link Is Zero Trust

    • Enterprises will invest $2.4T by 2020 in digital transformation technologies including cloud platforms, cognitive systems, IoT, mobile, robotics, and integration services according to the World Economic Forum.
    • Digital transformation software and services revenue in the U.S. is predicted to reach $490B in 2025, soaring from $190B in 2019, attaining a Compound Annual Growth Rate (CAGR) of 14.49% according to Grand View Research published by Statista.
    • IDC predicts worldwide spending on the technologies and services that enable the digital transformation of business practices, products, and organizations will reach $1.97T in 2022.
    • Legacy approaches to Privileged Access Management (PAM) don’t protect the new threatscapes digital transformation initiatives create, making Zero Trust Privilege essential for enterprises.

B2B customers, including manufacturers looking to replace legacy production equipment with smart, connected machines, have high expectations when it comes to product quality, ease of integration, and intuitive user experiences. Replacing factories full of legacy assets with smart, connected machinery is one of the most powerful catalysts driving digital transformation today. Innovative smart, connected machinery and the performance gains they provide are the oxygen that keeps customer relationships alive. That’s why digital transformation forecasts from the World Economic Forum, Grand View ResearchIDC, and many others predict perennial growth. The many forecasts reflect a fundamental truth: digital transformation done with intensity creates a customer-driven renaissance for any business.

Businesses digitally transforming themselves are succeeding because they’ve made themselves accountable and transparent to customers. Earning and protecting that trust is the heartbeat of any business’ growth. 51% of enterprises invest in digital transformation to capture growth opportunities in new markets, with 46% investing to stay in front of evolving customer behaviors and preferences. Brian Solis’ excellent report, The State of Digital Transformation, 2018 – 2019 Edition (31 pp., PDF, opt-in) shows how digitally transforming any business with the customer first leads to greater growth. The graphic from his study illustrates this point:

 

Closing The Digital Transformation Gap With Zero Trust

Gaps exist between the results digital transformation initiatives are delivering today, and the customer-driven value they’re capable of. According to Gartner, 75% of digital transformation projects are not aligned internally today, leading to delayed new product launches, mediocre experiences, and greater security risks than ever before. Interactive, IoT-enabled experiences and products are expanding the threatscape of enterprises to include Big Data, cloud, containers, DevOps, IoT systems, and more. With that comes a host of new exposure points, many of which allow access to sensitive data that must be protected with modern Privileged Access Management solutions that reduce risk in these modern enterprise use cases.

The new security perimeter is identity. Forrester estimates that 80% of data breaches are caused by privileged access abuse. Every smart, connected machine that replaces legacy production equipment is another identity that defines a manufacturer’s security perimeter.

As the use cases and adoption of smart, connected machines proliferate, so too does the urgency that manufacturers need to replace their legacy approaches to Privileged Access Management (PAM). Relying on outdated strategies for protecting administrative access to all machines needs to be replaced with a “never trust, always verify, enforce least privilege” approach.

IT needs to improve how they’re protecting the most privileged access credentials, the ‘keys to the kingdom,’ by granting just-enough, just-in-time privilege. Of the many cybersecurity approaches available today, Zero Trust Privilege (ZTP) enables IT to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

The more diverse any digital transformation strategy, the greater the risk of privileged credential abuse. Thwarting privileged credential abuse needs to start with a least privilege access approach, minimizing each attack surface, improving audit and compliance visibility while reducing risk, complexity, and costs. Leaders in Zero Trust include CentrifyMobileIronPalo Alto Networks, and others. Of these companies, Centrify’s approach to Zero Trust to prevent privileged access abuse shows the greatest potential for securing digital transformation initiatives and strategies.

How To Secure Digital Transformation Strategies

IDG Research found in their Security Priorities for 2018 study that 71% of security-focused IT decision-makers are aware of the Zero Trust model and 18% of enterprises are either running pilots or have implemented Zero Trust.

Zero Trust Privilege (ZTP) is the force multiplier digital transformation initiatives need to reach their true potential by securing administrative access to the complex mix of machinery and infrastructure – and the sensitive data they hold and use – that manufacturers rely on daily.

Starting with a strategic perspective, ZTP’s contribution to securing digital transformation deployments apply to every area of planning, pilots, platforms, product, and service data being designed to stop the leading cause of breaches, which is privileged credential abuse. The following graphic illustrates how ZTP needs to span every aspect of an enterprise’s digital transformation capabilities.

Source: World Economic Forum, Digital Transformation Initiative, May 2018

Conclusion

By 2020, 30% of Global 2000 companies will have allocated capital budget equal to at least 10% of revenue to fuel their digital transformation strategies according to IDC.  European spending on technologies and services that enable the digital transformation of business practices, products, and organizations is forecasted to reach $378.2B in 2022. The perennial growth these forecasts promise is predicated on enterprises delivering new experiences and innovative products, which create the oxygen that keeps their customer relationships alive.

Amidst all the potential for growth, enterprises need to realize every new infrastructure element, machine, or connected production asset is a new identity that collectively comprises the fabric of their security perimeter. Legacy cybersecurity approaches won’t scale to protect the proliferating number of smart machines being put into use today. Relying entirely on legacy approaches to PAM, where privileged access to systems and resources only inside the network are secure, is failing today. Smart, connected machinery and the products and experiences they deliver require an entirely new cybersecurity strategy, one based on a “never trust, always verify, enforce least privilege” approach. Centrify Zero Trust Privilege shows potential to meet this challenge by granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

86% Of Enterprises Increasing IoT Spending In 2019

  • Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year.
  • 38% of enterprises have company-wide IoT deployments in production today.
  • 84% of enterprises expect to complete their IoT implementations within two years.
  • 82% of enterprises share information from their IoT solutions with employees more than once a day; 67% are sharing data in real-time or near real-time.

These and many other fascinating insights are from Zebra Technologies’ second annual Intelligent Enterprise Index (PDF, 25 pp., no opt-in). The index is based on the list of criteria created during the 2016 Strategic Innovation Symposium: The Intelligent Enterprise hosted by the Technology and Entrepreneurship Center at Harvard (TECH) in 2016. An Intelligent Enterprise is one that leverages ties between the physical and digital worlds to enhance visibility and mobilize actionable insights that create better customer experiences, drive operational efficiencies or enable new business models, “ according to Tom Bianculli, Vice President, Technology, Zebra Technologies.

The metrics comprising the index are designed to interpret where companies are on their journeys to becoming Intelligent Enterprises. The following are the 11 metrics that are combined to create the Index: IoT Vision, Business Engagement, Technology Solution Partner, Adoption Plan, Change Management Plan, Point of use Application, Security & Standards, Lifetime Plan, Architecture/Infrastructure, Data Plan and Intelligent Analysis. An online survey of 918 IT decision makers from global enterprises competing in healthcare, manufacturing, retail and transportation and logistics industries was completed in August 2018. IT decision makers from nine countries were interviewed, including the U.S., U.K./Great Britain, France, Germany, Mexico, Brazil, China, India, and Australia/New Zealand. Please see pages 24 and 25 for additional details regarding the methodology.

Key insights gained from the Intelligent Enterprise Index include the following:

  • 86% of enterprises expect to increase their spending on IoT in 2019 and beyond. Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year. Nearly half of enterprises globally (49%) interviewed are aggressively pursuing IoT investments with the goal of digitally transforming their business models this decade. 38% of enterprises have company-wide IoT deployments today, and 55% have an IoT vision and are currently executing their IoT plans.

  • 49% of enterprises are on the path to becoming an Intelligent Enterprise, scoring between 50 – 75 points on the index. The percent of enterprises scoring 75 or higher on the Intelligent Enterprise Index gained the greatest of all categories in the last 12 months, increasing from 5% to 11% of all respondents. The majority of enterprises are improving how well they scale the integration of their physical and digital worlds to enhance visibility and mobilize actionable insights. The more real-time the integration unifying the physical and digital worlds of their business models, the better the customer experiences and operational efficiencies attained.

  • The majority of enterprises (82%) share information from their IoT solutions with employees more than once a day, and 67% are sharing data in real-time or near real-time. 43% of enterprises say information from their IoT solutions is shared with employees in real-time, up 38% from last year’s index. 76% of survey respondents are from retailing, manufacturing, and transportation & logistics. Gaining greater accuracy of reporting across supplier networks, improving product quality visibility and more real-time data from distribution channels are the growth catalysts companies competing in retail, manufacturing, and transportation & logistics need to grow. These findings reflect how enterprises are using real-time data monitoring to drive quicker, more accurate decisions and be more discerning in which strategies they choose. Please click on the graphic to expand to view specifics.

  • Enterprises continue to place a high priority on IoT network security and standards with real-time monitoring becoming the norm. 58% of enterprises are monitoring their IoT networks constantly, up from 49%, and a record number of enterprises (69%) have a pre-emptive, proactive approach to IT security and network management. It’s time enterprises consider every identity a new security perimeter, including IoT sensors, smart, connected products, and the on-premise and cloud networks supporting them. Enterprises need to pursue a “never trust, always verify, enforce least privilege” approach and are turning to Zero Trust Privilege (ZTP) to solve this challenge today. ZTP grants least privilege access based on verifying who is requesting access, the context of their request, and ascertaining the risk of the access environment. Designed to secure infrastructure, DevOps, cloud, containers, Big Data, and scale to protect a wide spectrum of use cases, ZTP is replacing legacy approaches to Privileged Access Management by minimizing attack surfaces, improving audit and compliance visibility, and reducing risk, complexity, and costs for enterprises. Leaders in this field include Centrify for Privileged Access Management, Idaptive, (a new company soon to be spun out from Centrify) for Next-Gen Access, as well as CiscoF5 and Palo Alto Networks in networking.

  • Analytics and security dominate enterprise’ IoT management plans this year. 66% of enterprises are prioritizing analytics as their highest IoT data management priority this year, and 63% an actively investing in IoT security. The majority are replacing legacy approaches to Privilege Access Management (PAM) with ZTP.  Enterprises competing in healthcare and financial services are leading ZTS’ adoption today, in addition to government agencies globally. Enterprises investing in Lifecycle management solutions increased 11% between 2017 and 2018. Please click on the graphic to expand to view specifics.

How Machine Learning Quantifies Trust & Improves Employee Experiences

Bottom Line: By enabling enterprises to scale security with user behavior-based, contextual intelligence, Next-Gen Access strategies are delivering Zero Trust Security (ZTS) enterprise-wide, enabling the fastest companies to keep growing strong.

Every digital business is facing a security paradox today created by their proliferating amount of applications, endpoints and infrastructure on the one hand and the need to scale enterprise security without reducing the quality of user experiences on the other. Businesses face a continual series of challenges to growth, the majority of which are scale-based. Scaling security takes a multidimensional approach that accurately interprets user behavior, risk and threat predictions, and assesses data use and access patterns.

How Enterprises Are Solving The Security Paradox With Next-Gen Access

Security defies simple, scale-based solutions because its processes are ingrained in many different systems across a company. Each of the many systems security relies on and protects have their cadence, speed, and scale. When a company is growing fast, core systems including accounting, CRM, finance, pricing, sales, services, supply chain and human resources become security-constrained. It’s common for companies experiencing high growth to choose expediency over security. 32% of enterprises are sacrificing security for expediency and business performance, leaving many areas of their core infrastructure unsecured according to the Verizon Mobile Security Index 2018 Report.

The hard reality for any growing business is the faster they grow; the more sophisticated and strong they need to become at security. Protecting intellectual property (IP), all data assets and eradicating threats assures uninterrupted, profitable growth. Adding new suppliers, sales teams, distribution partners and service centers can’t be slowed down by legacy-based approaches to user authentication and system access.  The challenge is the faster a business is growing, the slower its legacy approaches to security reacts, slowing down sales cycles, supplier qualifications, and pipelines.

Next-Gen Access solves the security paradox of fast-growing businesses, enabling Zero Trust Security (ZTS) enterprise-wide by solving the following major challenges of a high growth business:

  1. Quit relying on brute-force Multi-Factor Authentication (MFA) techniques that deliver mediocre user experiences and slow down productivity. Any company can still attain Zero Trust Security (ZTS) without reverting to brute-force approaches to MFA. Get away from the idea of having MFA challenges be for every user on every device they use to access every resource. Instead look to Next-Gen Access (NGA) to quantify context, device, and behavioral patterns and derive risk scores for each user.
  2. Begin to rely on Next-Gen Access, Risk-Aware MFA, and Risk Scores to quantify trust and set the foundation of a Zero Trust Security (ZTS) enterprise-wide strategies. The goal is to keep growth going strong, uninterrupted by any security event or breach. Next-Gen Access (NGA) provides behavioral, contextual intelligence indexed as a risk score for each user, enabling more secure and efficient user experiences. NGA is built on a platform that includes Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). They are also the essential components for creating and fine-tuning Zero Trust Security (ZTS) across fast-growing businesses. Taken together in a concerted strategy, ZTS delivers greater control and visibility over every resource in a company.
  3. Identify potential security risks on a per-user basis to the device level and limiting access while asking for identity verification without impacting user experiences. NGA takes contextual and user intelligence into account when deciding which resources will be available to a given user based on their previous login and system use actions and behaviors quantified in their risk score. Machine learning algorithms are used to find patterns in user behavior that could signal a potential security risk. Based on the risk score, conditional access is provided or not. All of this is done in seconds and doesn’t impact the user experience.
  4. Rely on more NGA that learns user’s behavioral patterns over time and improves the user experience, scaling Zero Trust Security enterprise-wide. Solving the paradox of scaling security in fast-growing companies needs to start with a machine learning-based approach to finding and acting on user’s behavioral and contextual activity. As NGA “learns” how valid users interact with security, updating risk scores and performing identity verification, the quality of a user’s experience improves. In fast-growing companies adding new employees, partners, and suppliers, this is invaluable as every new user will generate a risk score. Quantifying trust using NGA, the foundation of any ZTS strategy makes fast, secure profitable growth possible.
  5. The era of ZTS has arrived, and it is accentuating the importance of partnering with security providers who excel at offering Next-Gen Access solutions. ZTS will continue to revolutionize every aspect of an organization’s security strategy, enabling digital businesses to grow faster and more securely over time. Next-Gen Access solutions are the foundations enabling enterprises to scale ZTS strategies across their businesses. Key Next-Gen access providers enabling the era of ZTS include Palo Alto Networks for firewalls and Centrify for Access. Over the next 18 months, ZTS will redefine the cybersecurity landscape as digital businesses look to Next-Gen Access solutions to securely scale their companies and grow.
%d bloggers like this: