In today’s mobile-first, cloud-first environment, cybersecurity starts with protecting the primary attack vector – privileged identities – with a “never trust, always verify” mindset for Zero Trust Security.
Gartner predicts that companies will spend $96 billion in cybersecurity solutions in 2018 alone. While worldwide spending will increase 8% from last year’s total, less than 10% will be spent on Identity and Access Management, the number one attack vector. Clearly there is misinformation and misunderstanding of how to stop a breach.
A recent research study with Dow Jones Customer Intelligence, “CEO Disconnect is Weakening Cybersecurity,” revealed that a discrepancy in the C-Suite is weakening enterprise security postures. CEOs mistakenly focus on eliminating malware, while Technical Officers (CIOs, CTOs and CISOs) on the front lines of cybersecurity point to identity breaches – including privileged user identity attacks and default, stolen or weak passwords – as the biggest threat, not malware.
68% of executives whose companies experienced significant breaches indicate it would most likely have been prevented by either privileged user identity and access management or user identity assurance.
This is one reason why we continue to see an increasing amount of headlines about major breaches. A recent report by Forrester indicated that 58% of global enterprises have experienced a breach in the past 12 months. This number only begins to reflect the urgency executives and IT leaders alike are feeling to secure their organizations, but traditional methods of cybersecurity are proving ineffective.
LOGGING IN, NOT HACKING IN
In today’s cyber world, hackers are no longer hacking their way in – they are logging in just like you and me. More often than not, they are logging in AS you and me, using weak, stolen or otherwise compromised credentials.
To battle these identity-exploiting breaches, there is a groundswell of momentum toward adopting Zero Trust Security models to secure the enterprise. Zero Trust relies on the philosophy that no person or device is to be trusted, period. Therefore, they must consistently prove themselves to not be trusted, but rather to not be untrusted. Trust is removed from the equation entirely.
RETHINK SECURITY WITH ZERO TRUST
Rhonda Shantz: There's a couple of really big reasons why there are so many breaches today, and 66% of the companies are still breached. One of the big reasons is there is so much noise, and way too many vendors that are pitching that they solve the breach. The second big reason is that there is a misconception around what the problem is. It's not about an end point, or a VPN, or a network. It's about access to the data.
Bill Mann: Traditional access management solutions were built for the pre-cloud, mobile, and Infrastructure-as-a-Service era. Next-Gen Access is really built for the era we're in now, an era in which most users are mobile, companies are using SaaS applications, there's a lot of outsourcing, and there's a need for access from anywhere.
Rhonda Shantz: So, today's threats really require a different type of security, one that is, “Never trust, always verify.”
Bill Mann: There's four pillars to the Zero Trust approach: verify the user, validate the device, limit access and privilege to applications and infrastructure, and lastly, learn and adapt. And the learn and adapt really helps you change policies as you see changes in the organization, changes in access, and privilege.
Rhonda Shantz: There's over a hundred companies who are actually talking about Zero Trust. However, there's only one company whose entire product line, and whose position in the marketplace, is Zero Trust Security. And that's Centrify.
We’ve recently posted some new videos on our YouTube channel that describe what Zero Trust Security is, and how it relies on four key pillars to secure the identity attack vector:
- Verify every user through a combination of identity governance, single sign-on, and multi-factor authentication (MFA) to eliminate the risk of credential compromise.
- Validate every device with mobile device management to enforce security policies, with local administrator privilege management to eliminate local admin compromise, and with device identity management to ensure that only trusted devices are allowed to access resources.
- Limit access and privilege using privileged access management to ensure a user has just enough access and only the necessary privileges to perform their job during any given time.
- Continually learn and adapt using behavior-based analytics and machine learning to automatically improve and personalize access policies.
SUBSCRIBE TO US ON YOUTUBE!
Subscribe to Centrify’s YouTube Channel to learn more about how Zero Trust Security from Centrify can help secure your organization.