Posted on October 4, 2018 by staff

Businesses must adopt ‘zero-trust’ approach to security


Cyber defences are becoming ever more porous and the only option is for businesses to adopt a ‘zero-trust’ approach to security.

Richard Archdeacon, advisory CISO at Duo Security, says the ‘perimeter wall’ is coming down – and it’s no longer enough to assume a user is who they say they are just because they are inside the network.

“Organisations are turning to the zero-trust approach where only trusted users and devices are given access to the tools and information they need to carry out their day-to-day jobs,” he told BusinessCloud.

“Users who are unable to verify their identity or the health of their device will therefore not be granted access – regardless of whether they are connecting from a ‘trusted’ location.

“If a user is connecting with a healthy, up-to-date device, they are granted permission to only the applications the user needs – not access to the entire network.

“If, however, the device is not updated or authenticating from an unusual location, the user will be asked to further verify their identity or be denied access.”

Confirming a user’s identity can be as simple as accepting a two-factor push notification, thereby preventing fraudulent logins impersonating a legitimate user.

In addition, the device must be running current system updates and security patches to ensure it is not compromised.

“Implementing a zero-trust approach may sound daunting but the process need not be onerous for the user or the administrator,” Archdeacon explained.

“Zero-trust is best managed with a risk-based approach, designing custom access policies, often down to the individual level, based on the risk to the business.

“The flexibility of a risk-based approach allows organisations to implement a zero-trust policy without creating barriers for legitimate users.”

Among its large user base, Duo Security observed 43 per cent of network authentication requests now come from outside the office – highlighting the degree to which working practices have changed.

The firm also found that the average number of unique networks users are authenticating from increased ten per cent.  This suggests more employees are accessing systems from multiple external locations.

“With staff now able to be as productive in a coffee shop as they are at their desk, remote working delivers powerful business benefits,” Archdeacon continued.

“However, this perimeter-less era requires a new approach to security, one where zero-trust is the foundation.

“It’s a model which offers employees more flexibility while allowing IT and security departments to retain control over who is accessing corporate applications and systems.”