In today’s mobile-first, cloud-first environment, cybersecurity starts with protecting the primary attack vector – privilege identities – with a “never trust, always verify” mindset for Zero Trust Security.
Gartner predicts that companies will spend $96 billion in cybersecurity solutions in 2018 alone. While worldwide spending will increase 8% from last year’s total, less than 10% will be spent on Identity and Access Management, the number one attack vector. Clearly there is misinformation and misunderstanding of how to stop a breach.
A recent research study with Dow Jones Customer Intelligence, “CEO Disconnect is Weakening Cybersecurity,” revealed that a discrepancy in the C-Suite is weakening enterprise security postures. CEOs mistakenly focus on eliminating malware, while Technical Officers (CIOs, CTOs and CISOs) on the front lines of cybersecurity point to identity breaches – including privileged user identity attacks and default, stolen or weak passwords – as the biggest threat, not malware.
68% of executives whose companies experienced significant breaches indicate it would most likely have been prevented by either privileged user identity and access management or user identity assurance.
This is one reason why we continue to see an increasing amount of headlines about major breaches. A recent report by Forrester indicated that 58% of global enterprises have experienced a breach in the past 12 months. This number only begins to reflect the urgency executives and IT leaders alike are feeling to secure their organizations, but traditional methods of cybersecurity are proving ineffective.
LOGGING IN, NOT HACKING IN
In today’s cyber world, hackers are no longer hacking their way in – they are logging in just like you and me. More often than not, they are logging in AS you and me, using weak, stolen or otherwise compromised credentials.
To battle these identity-exploiting breaches, there is a groundswell of momentum toward adopting Zero Trust Security models to secure the enterprise. Zero Trust relies on the philosophy that no person or device is to be trusted, period. Therefore, they must consistently prove themselves to not be trusted, but rather to not be untrusted. Trust is removed from the equation entirely.
RETHINK SECURITY WITH ZERO TRUST
We’ve recently posted some new videos on our YouTube channel that describe what Zero Trust Security is, and how it relies on four key pillars to secure the identity attack vector:
- Verify every user through a combination of identity governance, single sign-on, and multi-factor authentication (MFA) to eliminate the risk of credential compromise.
- Validate every device with mobile device management to enforce security policies, with local administrator privilege management to eliminate local admin compromise, and with device identity management to ensure that only trusted devices are allowed to access resources.
- Limit access and privilege using privileged access management to ensure a user has just enough access and only the necessary privileges to perform their job during any given time.
- Continually learn and adapt using behavior-based analytics and machine learning to automatically improve and personalize access policies.
SUBSCRIBE TO US ON YOUTUBE!
Subscribe to Centrify’s YouTube Channel to learn more about how Zero Trust Security from Centrify can help secure your organization.
The post Modern Practices: Zero Trust Security appeared first on Secure Thinking by Centrify.