PREDICTIVE INTELLIGENCE
�
This would be very effective at keeping out non-VIPs . But it could also be frustrating for legitimate attendees who may not take kindly to requests to show photo ID , resulting in long delays .
A more frictionless approach would be for guards to check visitors based on their appearance . Familiar guests could walk right in , but sketchy individuals would be asked to show ID . This would be better for most familiar guests , but it would create risks if guards weren ’ t familiar with everyone on the invitation list .
Another option aimed at cutting down on friction would be to look at the behaviour and actions of guests . Security guards could monitor what people did and if they abused their access or visited offlimits areas , for example , they could be challenged or removed .
While these scenarios are helpful to visualize how security controls work , they may not be very effective in a physical setting . In a digital environment , however , any or all of these approaches can be effectively implemented . It is all about the balance between productivity and security .
Zero Trust and riskbased verification
In hybrid working environments , employees don ’ t want to be constantly interrupted by security controls . Equally , organisations looking to minimise friction still want to be able to accurately identify users and exclude unauthorised actors .
The solution to achieving this balance is a Zero Trust strategy using a risk-based approach with verification measures that vary based on factors such as the user ’ s device or the systems and information they access . Think of Zero Trust as a digital polygraph test that adapts to the risk potential of each interaction and – if implemented properly – authenticates users with as little friction as possible .
While we ’ ve been hearing about Zero Trust for a few years , it would be a mistake to think of the concept as a typical security solution . Rather than a list of boxes to be ticked off , it is more a mindset guiding each organisation down a unique path determined by their individual infrastructure and objectives . It is about forcing attackers into taking more risks .
Key to Zero Trust is the ability to adapt security measures and verify authorisation at every point and there a number of technologies and techniques that can minimise impact to users . Single Sign-On ( SSO ), for example , significantly reduces friction because users only have to be verified once to gain access to different systems and information . However , it is important that passwords are not the only security controls .
PAM and EPM provide strong controls
Strong privilege controls are a vital element in reducing risk . A comprehensive Privileged Access Management ( PAM ) solution allows organisations to adopt the principle of least privilege , so that users can only access the data and applications they need . In particular , PAM controls the privileges of admin accounts which adversaries target to gain full access to systems . It also controls access to valuable or sensitive information by privileged users who are targets for cybercriminals . Endpoint Privilege Management ( EPM ) is an important tool that addresses risks associated with local admin access exploited by ransomware and other threats . EPM combines application control and PAM so only trusted , known applications can be run on user devices .
It allows security to be adaptive and evolve to address new threats as opposed to relying on usernames and passwords and trusting users to always do the right thing .
Multi-Factor Authentication ( MFA ) is also an effective way to enforce adaptive authentication and has become very user-friendly in recent years thanks to biometrics .
When users act suspiciously , such as attempting to access assets they don ’ t usually need , or logging in from
34 www . intelligentciso . com