By Chris Werpy, COO, PlanetOne
As our Planet made the shift to work from wherever, remote access exploded in numbers and speed, with capacity taking the lead. Looking ahead, it’s time to determine how to not only keep the lights on, but to drive increased productivity without compromising security. Is the environment we work in today designed for the future, or it is merely the outcome of our reaction to a pandemic?
The reality is, the comfort of having your team behind a pre-defined security perimeter is no longer an option. Technology should be implemented to make the human interface and the solution’s usability both simple and secure, not more complex. But what does this mean within the context of today’s cybersecurity frameworks?
Recently, Ann Johnson, Corporate Vice President of the Cybersecurity Solutions Group at Microsoft shared her thoughts on “digital empathy” while deploying a Zero Trust framework, for example. Zero Trust is the security concept anchored on the belief that it’s irresponsible of organizations to automatically trust anything inside or outside their perimeters. Rather, before granting access, they must verify anything and everything that attempts to connect to their systems.
She indicated the first control to put in place 100% of the time for 100% of the users is multi-Factor authentication (MFA), previously two-factor (2FA) and before that – step (2SV). But if we need to implement MFA 100% of the time for 100% of the users how can this be achieved in a simple method?
Most solutions are built on top of legacy logins and should be replaced with a Zero Trust framework for each and every login attempt. Compromised credentials are still the leading cause of a breach. Rarely has anyone been breached by a hacker beating the firewall of the VPN encryption. Instead, they gain access through usernames and passwords.
I reached out to Heath Spencer, CEO of TraitWare, a company whose zero-trust architecture offers a foundation with built-in security measures upon which businesses can protect themselves. With many employees working remotely, and an increasing number of personal devices being used to access business-critical applications, the risk of cybercrime has increased. Businesses want to trust your employees, yet they don’t want just anyone accessing their most valuable assets. It is no longer sufficient to assume that data need only be protected from the outside. Like it or not, cybercrime is often coming from the inside.
With Traitware’s zero trust approach, it may be possible someday to securely work from Mars, and
Spencer offers his take on how the concept of zero-trust can be applied and actually delivered to the enterprise.
What Is Zero Trust, and How Does Multi-Factor Authentication Support It?
At the 29th Annual RSA Conference (RSAC) held earlier this year, discussions zeroed in on the urgency for more fresh strategies to battle threats to data security. In today’s world, this applies to all companies. Among the most prominent points raised were multifactor authentication and zero trust.
Zero trust has become seemingly more practical with the rise of cloud storage/compute, which means companies no longer keep/access their data in one place, combining for example, on-premise location and the cloud, and even a third separate physical location. As such, businesses and IT solutions providers need to recalibrate the way they set up their web security and implement protocols, with the awareness that the “Big Ass Fence with Razor Wire” approach to security is no longer the best answer to data security threats. The zero trust model of information security redirects the attention of organizations that have always focused on defending their perimeters based on the assumption that everything and everyone inside the “fence” doesn’t pose a threat and is therefore granted access. Considering a zero trust strategy? Get your multifactor authentication sorted first.
A different take on this dynamic is to focus on the weakest link in the chain: Usernames and Passwords. In theory, a solution for the Enterprise world is one that takes you Passwordless while providing the MFA inherently. In this scenario 100% of the users are using it 100% of the time using a Zero Trust process for every login attempt. This moves the Zero Trust framework beyond the machine to machine end points and brings it all the way to the human to machine end point.
About TraitWare’s Zero Trust Approach
TraitWare understands the need for a zero trust model for security, and makes it simple by combining multi-factor authentication with single sign-on (SSO). Instead of legacy password-based logins that make it easier to steal credentials, Traitware leverages a passwordless system designed to authenticate the user at every step. With granular, ‘never trust, always verify’ access control, TraitWare can assure that users are authenticated with MFA every time they are required to provide proof of their identity. TraitWare has worked hard to minimize friction and make this transparent for the end user, relying on an authentication app installed on a mobile device. For contextual awareness, geofencing can be used to make sure a user is attempting to access a resource from an approved location. To further enhance security, TraitWare incorporates behavioral biometrics by looking at unique traits on the user’s device, which represent some of the past actions they have taken in their authentication and access steps. When additional security is desired, a knowledge factor using a photo-based PIN (PhotoAuth) can be layered on top of a biometric.
PlanetOne is the IT channel and telecom industry’s preferred business partner for identifying and delivering cloud-based and connectivity solutions to small and midsize businesses and enterprises. Headquartered in Scottsdale, Ariz., the industry pioneer is celebrated by Inc. Magazine as one of America’s Fastest-Growing Private Companies and regarded as a top-performing partner for hundreds of telecom agents and channel partners nationwide. In 2018, PlanetOne was named one of the Best Places to Work by The Business Intelligence Group. Since 2017, the company has been honored as one of the “Nation’s 101 Best and Brightest Companies to Work For®” by the National Association for Business Resources. In 2015 and 2017, PlanetOne ranked No. 1 in the Phoenix Business Journal’s annual “Best Places to Work” survey and has been recognized as one of Arizona’s largest privately held companies as part of the Arizona Corporate Excellence (ACE) Awards program, since 2016. The award-winning PlanetOne Partner Program has also been included in CRN’s Connectivity Solutions Partner Program Guide and Cloud Partner Program Guides.
To learn more, visit www.planetone.net. Follow us on Facebook, Twitter, LinkedIn, and YouTube.