Regain trust in a “zero trust” world?

Teleworking and the cloud have shattered the control of organizations over their digital environment. Faced with cyber risks, is zero trust an essential solution or a buzzword?

The health crisis has shaken up our habits and caused many changes in our personal and professional environment. If IT security was initially based on an internal infrastructure, the evolution of working methods (teleworking, nomadism, remote access) and “software” networks towards the cloud has shattered the full control of organizations over their digital environment, tipping them into a world of “zero trust” (or zero trust).

The organization’s internal IT system has been supplemented by external parameters over which it has little or no control: service provider access, connection from a personal computer, unsecured Wi-Fi network, various coworking spaces, SaaS applications managed by third parties, etc. All of this “periphery” becomes the preferred gateway for cyber attackers.

Faced with the multiplication of cyber risks, is zero trust an essential solution for the sustainability of organizations or is it just a buzzword?

An erosion of control leading to a loss of trust

CIOs have control of internal digital infrastructure and hardware. But what about factors external to the organization? Since trust is most often based on mastering one’s environment, the emergence of a hybrid form of work has led to a loss of control. And hackers are not mistaken: according to a study by Tenable, 67% of cyber-attacks having had an impact on the activity have targeted employees working from home.

A similar problem arises for the access of people outside the organization such as service providers. Their access to digital infrastructures is an additional threat to corporate IT security. Last year, 51% of security breaches discovered by organizations worldwide were due to the intervention of a third party (source: Security Magazine).

The traditional security perimeter has expanded beyond its traditional boundaries and organizations can no longer afford to take risks. Faced with the cyber threat, they have entered a so-called world of zero trust.

Identity: the new perimeter of trust

A zero trust access, or zero trust network access (ZTNA), opens a volatile access, on random network doors, to a computer resource made invisible from the Internet, accessed through a secure tunnel of which only the customer holds the key. , to a defined user.

It is precisely in this user and in his identity that we must find confidence. This is checked in real time and determines their rights, their role in the organization (employee, consultant, service provider), the context of their use (when, where, how), and the workstation used (professional or personal). , up-to-date system/antivirus, location, browser used, serial number, etc.).

In addition to these parameters, there is behavioral biometrics, a technology which, thanks in particular to artificial intelligence, continuously analyzes the user’s attitude: how to type a password on the keyboard, click or speed of movement of mouse, browsing habits, etc. This technology ensures that the person behind the screen is still the one who connected in the first place.

If the collaborator is today the number one target of cyber attackers because of his vulnerability, trust must today be found in his digital identity. Thanks to technology, organizations can regain control of their information systems and evolve with, rather than undergo, new ways of working.

The fact remains that certain forms of attacks such as phishing, which consists of luring the employee (often by email) to induce him to communicate personal or sensitive data, cannot be avoided by technology alone. Raising awareness and training employees to this type of attack becomes complementary to technology and essential to the survival of the organization.

We want to say thanks to the writer of this post for this remarkable web content

Regain trust in a “zero trust” world?

Explore our social media profiles and also other related pages