FEATURE : ZERO TRUST
Joseph Carson , Chief Security
Scientist , ThycoticCentrify , explains how a Zero Trust approach can reduce risk without increasing friction for users . increasingly take advantage of flexible working environments where users log in from different locations and use a mix of work and personal devices .
Strong controls and / or a frictionless approach
Last year we added a new phrase to our vocabulary , ‘ working from home ’ or WFH . This year , we added another term , ‘ hybrid working ’, to describe a flexible approach that combines working from home and the office , and which many organizations are embracing in response to employee requests or to minimize their physical space requirements .
But just as organizations were challenged in the rush to support WFH at the beginning of the pandemic , hybrid working comes with its own set of risks and challenges .
Employees need to be able to start work and log in at their preferred location while still being able to access the same systems and information they need . If this is difficult , involving what employees may see as unnecessary friction , productivity is reduced and the organization ’ s business will be impacted .
It ’ s no secret that cybersecurity has a reputation for generating friction . But as we saw with WFH , strong security controls are necessary as threat actors
Imagine that an organization ’ s information infrastructure is managed like a VIP event . A strong control would be to have security guards check everyone before they can enter . You would need reliable identification such as a pass or ticket backed up by photo ID like a driver ’ s license or passport .
This would be very effective at keeping out non-VIPs . But it could also be frustrating for legitimate attendees who may not take kindly to requests to show photo ID , resulting in long delays .
A more frictionless approach would be for guards to check visitors based on their appearance . Familiar guests could walk right in , but sketchy individuals would be asked to show ID . This would be better for most familiar guests , but it would create risks if guards weren ’ t familiar with everyone on the invitation list .
Another option aimed at cutting down on friction would be to look at the behavior and actions of guests . Security guards could monitor what people did , and if they abused their access or visited off-limits areas , for example , they could be challenged or removed .
While these scenarios are helpful to visualize how security controls work , they may not be very effective
Hybrid working works best with Zero Trust and zero friction
40 INTELLIGENTCIO APAC www . intelligentcio . com