Zero trust closes the end-user gap in cybersecurity
About 40% of poll respondents said their organizations have already adopted a zero-trust model, while another 18% are in the process of implementing the model, and 17% are in the planning stages.
And this is important says Vishal Salvi, chief information security officer for Infosys, because companies need to think about “adopting a new security architecture to support new connectivity models.”
Securing the cloud during covid-19
In addition to the ever-growing cybercrime wave, thank covid-19 for this extra level of vigilance. Cloud computing was the focus of the pandemic. Lockdowns sent millions to their homes where they connected to company systems remotely using their own devices, rather than their employer’s. Traditional centralized security, where users log in only once a day–the modern equivalent to a moat around a castle–was no more possible.
The shift happened on a grand scale, and almost immediately so did an uptick in cyberattacks, such as ransomware, phishing attempts, and denial of service.
Cybercriminals have increased the number of points they can exploit due to the new distributed nature of information services. Organizations were in a delicate situation. They had to give easy access to their partners and employees, while also making sure that their data and applications weren’t misused.
Of the poll respondents, almost 55% said their biggest challenge is securing a hybrid or entirely remote workforce. Their second biggest challenge, also related to decentralized IT infrastructure, is securing applications and data through the cloud (49%).
Specifically, 68% of the interviewees worry about cloud applications and data being subject to malware, ransomware, and phishing attacks. Although 55% don’t feel confident that their cloud security is properly configured, 59% believe that they have adequate control processes and policies to secure the cloud. One third of respondents stated that cybersecurity training is difficult for them.
End users under attack The weakest link in any IT security strategy is always people, according to Keri Pearlson (executive director of the MIT research group Cybersecurity at MIT Sloan). CAMS studies strategic, managerial, organizational and organizational issues in cyberspace. “It takes just one person to click on the wrong link, email, or program to infect systems. It’s not only end users, but all people who interact with our systems. Pearlson states that every person who interacts with systems can be a vulnerability point.”
Although typically more than 99% of system security measures are handled on the back end by IT, says Salvi, the tiny sliver of security threats users are responsible for account for almost 19 out of 20 cyberattacks.
They all start with phishing emails,” Salvi states. “They’re trying get the keys rather that breaking the locks,” Salvi says. End users are more likely to cause damage if they are locked down in covid. Security strategy must be adapted quickly.
In contrast to traditional end-user security models, a user’s initial sign-in to a zero-trust environment– even one confirmed by a fingerprint, a face scan, or multifactor authentication–isn’t the end of surveillance. Zero trust follows users as they go about their cyber-day, making sure that they aren’t doing anything illegal and that they haven’t clicked on any link that could lead to hackers. Users won’t notice zero trust except for the occasional request to reauthenticate.
I don’t have the security to work if the user doesn’t do the right things,” says Salvi. “They don’t have to remember a complex password or change it every three months or be cautious about what they download.”
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by the editorial staff of MIT Technology Review.
I’m a journalist who specializes in investigative reporting and writing. I have written for the New York Times and other publications.
