Cyber defences are becoming ever more porous and the only option is for businesses to adopt a 鈥榸ero-trust鈥 approach to security.
Richard Archdeacon, advisory CISO at Duo Security, says the 鈥榩erimeter wall鈥 is coming down 鈥 and it鈥檚 no longer enough to assume a user is who they say they are just because they are inside the network.
鈥淥rganisations are turning to the zero-trust approach where only trusted users and devices are given access to the tools and information they need to carry out their day-to-day jobs,鈥 he told 老九品茶Cloud.
鈥淯sers who are unable to verify their identity or the health of their device will therefore not be granted access 鈥 regardless of whether they are connecting from a 鈥榯rusted鈥 location.
鈥淚f a user is connecting with a healthy, up-to-date device, they are granted permission to only the applications the user needs 鈥 not access to the entire network.
鈥淚f, however, the device is not updated or authenticating from an unusual location, the user will be asked to further verify their identity or be denied access.鈥
Confirming a user鈥檚 identity can be as simple as accepting a two-factor push notification, thereby preventing fraudulent logins impersonating a legitimate user.
In addition, the device must be running current system updates and security patches to ensure it is not compromised.
鈥淚mplementing a zero-trust approach may sound daunting but the process need not be onerous for the user or the administrator,鈥 Archdeacon explained.
鈥淶ero-trust is best managed with a risk-based approach, designing custom access policies, often down to the individual level, based on the risk to the business.
鈥淭he flexibility of a risk-based approach allows organisations to implement a zero-trust policy without creating barriers for legitimate users.鈥
Among its large user base, Duo Security observed 43 per cent of network authentication requests now come from outside the office 鈥 highlighting the degree to which working practices have changed.
The firm also found that the average number of unique networks users are authenticating from increased ten per cent.聽 This suggests more employees are accessing systems from multiple external locations.
鈥淲ith staff now able to be as productive in a coffee shop as they are at their desk, remote working delivers powerful business benefits,鈥 Archdeacon continued.
鈥淗owever, this perimeter-less era requires a new approach to security, one where zero-trust is the foundation.
鈥淚t鈥檚 a model which offers employees more flexibility while allowing IT and security departments to retain control over who is accessing corporate applications and systems.鈥