The following post was written and/or published as a collaboration between Benzinga’s in-house sponsored content team and a financial partner of Benzinga.
Cyberspace is fraught with dangers; malicious forces and bad actors abound. All too often a company has its systems breached and its sensitive data compromised. Facebook Inc. (NASDAQ: FB), Alibaba Group Holding Ltd. (NYSE: BABA), and Experian PLC (OTCMKTS: EXPGY) are just a few examples of giant companies that have all suffered a breach. However, the cybersecurity community is constantly adjusting and innovating, to continuously protect sensitive data to the best of its ability.
Security Perimeters are Obsolete
Traditionally a cybersecurity strategy worked much like a castle. A strong defense perimeter was created — the castle wall — and the devices and users, once verified as the “good guys” and let through that perimeter, were then inherently trusted to get access to all areas of the castle. The castle’s defenses always faced outward, looking for external threats.
But as we know from history, many a king was killed by one of his own.
Zero Trust Continuously Verifies Identity
More modern cybersecurity approaches are now looking towards a Zero Trust framework that eliminates the concept of a traditional perimeter. The Zero Trust motto is “never trust, always verify.” In this system, no user or device is assumed to be benevolent. All parties are verified continuously as they access various applications, data, and resources. Gone is the castle wall as assumptions cannot be made that just because you are “inside the walls” you are a good guy from a bad guy.
Today’s IT systems are hyper-complex and made up of various ecosystems constantly interacting with each other. Internal systems are connected to cloud-based Software-as-a-Service (SaaS) solutions that are connected to remote and mobile devices, which are connected to smart devices. Users are now outside of the four walls of the enterprise, working remotely from home and on public networks.
The key to Zero Trust is continuous identity verification. That means making sure users and devices are who they say they are. A password is the basic level of security here, but as is, passwords can rather easily be hacked. Also, with single sign-on, a user can get up from their desk and leave a point of entry exposed. It is therefore important that passwords and single sign-on systems be buttressed with additional security controls.
Is Multi-factor Authentication the Foundation?
According to some, the first foundational step of implementing a Zero Trust architecture, and increasing security is multifactor authentication (MFA). In this model, a user or device must provide additional layers of authentication, such as a password and a randomly generated security code sent via email or text. Some find MFA to be tedious, but its effectiveness is self-evident.
However, considerations must also be made for the methods of authentication that are used. With more traditional authentication approaches, such as one-time passwords sent to a phone via text, one weakness is that it only verifies the presence of the phone but not the user using the device. One can imagine a scenario where a friend or significant other may have access to another’s phone. So even this level of security may not be adequate for certain environments, which may require the positive identification of the individual. Yet, it is a balance. More layers of authentication can cause workflow friction, so the tradeoffs between security and efficiency must always be considered based on the sensitivity of what’s being accessed.
Positively Identify the Individual with Biometrics
Another option is to incorporate biometric authentication, such as the approach BIO-Key International Inc. (NASDAQ: BKYI) takes. The company creates solutions centered around Identity-Bound-Biometrics (IBB), which it believes balances efficiency and security. IBB actually verifies the user behind a transaction versus a security code, a token, or their phone.
BIO-key says that IBB factors, including fingerprint, face, palm, or voice verification, are permanently bound to the individual’s digital identity, ensuring the highest level of integrity is maintained each time that person requests access. IBB is positively identifying the individual and matching it to the originally enrolled identity, not just an enrolled device that they possess.
The world has changed with relentless cyberattacks, the adoption of cloud services, and new work-from-home and hybrid working models. Security architectures based on people and devices inside the “castle wall” seem to not work as well and become quickly outdated in today’s environment. Many organizations have already started the journey to using zero trust design principles and approaches, starting with the implementation of multi-factor authentication and Identity-Bound Biometrics.
The preceding post was written and/or published as a collaboration between Benzinga’s in-house sponsored content team and a financial partner of Benzinga. Although the piece is not and should not be construed as editorial content, the sponsored content team works to ensure that any and all information contained within is true and accurate to the best of their knowledge and research. This content is for informational purposes only and not intended to be investing advice.
© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.