IT Brief Asia logo
Technology news for Asia's largest enterprises
Partner content
Story image

Zero Trust means strong, frictionless PAM and other controls

By Contributor
Tue 9 Nov 2021

Article by ThycoticCentrify chief security scientist Joseph Carson.

It’s no secret that cybersecurity has a reputation for generating friction. But as we saw with working from home – and will continue to see with hybrid working – strong security controls are necessary. Threat actors are increasingly taking advantage of flexible working environments where users log in from different locations and use a mix of work and personal devices.

Organisations must continue to step up their security controls to mitigate these risks. And Zero Trust strategies – implemented via a range of identity verification and privilege management solutions – offer an effective and adaptive approach. If only friction can be minimised to keep everyone productive! The fine balance between productivity and security is crucial.  

To visualise how strong controls may or may not generate friction, imagine an organisation’s information infrastructure as something like a bank’s safe deposit box service, with security guards on the door.

The strictest control would be to have the guards check the ID of each and every customer, demanding reliable, government-sanctioned ID – passports and driver’s licenses, not library cards. This approach has the highest chance of keeping out those who are not authorised, but it causes the most friction and can be frustrating for legitimate visitors. 

A frictionless version would be to have the guards assess all the visitors by sight only. Anyone who seems legitimate is nodded through; anyone who appears suspicious needs to present their ID. This creates a much better visitor experience but creates risk if the guards cannot accurately identify everyone coming in.

A third option that also presents a frictionless experience is to continuously monitor how visitors use their access once they are in the safe deposit area, with individuals being challenged if they try to visit other areas or tamper with other boxes.

Think of Zero Trust as a digital polygraph test 

While helpful to see how security controls might work, these scenarios may not all be effective in a physical setting. In a digital environment, however, any or all of these approaches can be effectively implemented with a Zero Trust strategy.

Obviously, employees don’t want to be constantly interrupted by security controls. Equally, organisations looking to minimise friction still want to accurately identify users and exclude unauthorised actors. Finding ways to move security controls into the background, but still be strong and effective, is the way to keep productivity and security balanced.

The solution to achieving this balance is a Zero Trust strategy using a risk-based approach with verification measures that vary based on factors such as the user’s device or the systems and information they access. Think of Zero Trust as a digital polygraph test that adapts to the risk potential of each interaction and – if implemented properly – authenticates users with as little friction as possible.

Key to Zero Trust is the ability to adapt security measures and verify authorisation at every point, and there are many technologies and techniques that can minimise impact to users. Single sign-on (SSO), for example, significantly reduces friction because users only have to be verified once to gain access to different systems and information. With SSO, however, it is important that passwords are not the only security controls.

PAM, EPM and MFA’s role in Zero Trust

Strong privilege controls are a vital element in reducing risk. A comprehensive Privileged Access Management (PAM) solution allows organisations to adopt the principle of least privilege so that users can only access the data and applications they need. In particular, PAM controls the privileges of admin accounts which adversaries target to gain full access to systems. It also controls access to valuable or sensitive information by privileged users who are targets for cybercriminals.

Endpoint privilege management (EPM) is an important tool that addresses risks associated with local admin access exploited by ransomware and other threats. EPM combines application control and PAM, so only trusted applications can be run on user devices. It allows security to be adaptive and evolve to address new threats as opposed to relying on usernames and passwords and trusting users to always do the right thing.

Multi-factor authentication (MFA) is also an effective way to enforce adaptive authentication and has become very user-friendly in recent years, thanks to biometrics. When users act suspiciously, such as attempting to access assets they don’t usually need or logging in from new devices or locations, they can be challenged and have to verify themselves.

With MFA, behaviour can be continuously monitored in the background, and additional verification is required when a user exceeds their risk score limit.

A mindset to guide organisations on a journey

Zero Trust is not a single solution but more a mindset to guide organisations on a continuous journey of stepwise improvements. Each organisation needs to determine which controls will achieve the biggest risk reduction based on a clear understanding of the value of their assets and a dynamic assessment of potential risks and impacts.

Equally, organisations need to maximise productivity at every step. Security controls need to be as frictionless as possible, particularly in a hybrid working environment. At the same time, they must present the biggest possible barriers to attackers to either prevent their exploits or increase the chance that they will be identified and stopped before achieving their goals.

Watch the Trust or Zero Trust? Going Beyond Privileged Access Management webinar here.
Download the Going Beyond the Vault with Zero Trust Privilege whitepaper here.

About the author

Joseph Carson is the chief security scientist & advisory CISO for ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify. Carson has over 25 years’ experience in enterprise security, is the author of “Privileged Account Management for Dummies” and “Cybersecurity for Dummies”, and is a cybersecurity professional and ethical hacker. He is a cybersecurity advisor to several governments and the critical infrastructure, financial and transportation industries.

Related stories
Top stories
Story image
Red Sift
Entrust expands strategic partnership with Red Sift
Entrust has expanded its strategic partnership with Red Sift to make it easier for businesses to adopt Brand Indicators for Message Identification (BIMI) standards for email identification and security.
Story image
Hybrid Cloud
Barracuda expands cloud-native SASE platform
"The expansion of Barracuda's cloud-native SASE platform for hybrid deployment models and IIoT environments solves a number of challenges."
Story image
Digital Transformation
Digital transformation increasing business complexities
A new survey suggests businesses must re-examine their digital transformation approach to better help employees adapt to change.
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
Innovation
Fastly acquires Glitch, enables faster developer innovation
"This acquisition brings together two of the worlds best ecosystems for application development into a single, seamless developer experience."
Story image
Rackspace
Skills shortages hold orgs back from capitalising on cloud 2.0
Organisations are becoming more comfortable with sophisticated 'cloud 2.0' technologies, even as they confront difficulties in hiring and retaining IT talent.
Story image
Cybersecurity
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Alteryx
Alteryx releases updates, empowers data insights for enterprise
Alteryx has released new advancements designed to aid enterprises with cloud analytics, democratise insights and ensure data governance.
Sift
Connected e-commerce apps are the future of retail and higher revenue growth. Read the new ebook by Sift to find out how to maximise your business potential.
Link image
Story image
DaaS
NetApp launches Spot PC, a new Desktop-as-a-Service solution
This is a new managed cloud DaaS solution with security, automation, observability and optimisation capabilities, designed for the needs of today.
Story image
Ransomware
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Sift
Having secure retail solutions can be a make or break factor for a customers satisfaction. Sift has the expert tools and expertise to keep retail practices safe and customers happy.
Link image
Story image
Ransomware
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
Logistics
Dematic robotic solutions win big at Singapore technology awards
Dematic has won the Robotics-Logistics award at the recently concluded Singapore Business Review Technology Excellence Awards.
SonicWall
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Training
Trojan cyber attacks hitting SMBs harder than ever - Kaspersky
In 2022 the number of Trojan-PSW detections increased by almost a quarter compared to the same period in 2021 to reach 4,003,323.
Sift
Knowing the mechanics of retail fraud can greatly improve your chances of preventing an online attack. Read the new infographic by Sift to discover how your business can be prepared.
Link image
Story image
Digital Marketing
Getty Images delves into the world of NFTs with Candy Digital
Getty Images and Candy Digital, the next-generation digital collectible company, have announced a new multi-year partnership agreement.
Story image
Vectra AI
Vectra’s inaugural Partner of the Year Awards revealed
APAC companies Baidam, Firmus, ShellSoft and Macnica have been recognised in Vectra AI's inaugural Partner of the Year Awards.
Story image
MEC
MEC spending for private cellular networks to reach $5.8b
A new ABI Research report finds the revenue for Multi Access Edge Compute (MEC) deployments for private cellular networks will reach USD$5.8 billion by 2030.
Story image
Ransomware
Ransomware hits 65% of organisations in Singapore
Next-generation cybersecurity firm Sophos has released its annual survey and review of real-world ransomware experiences in the State of Ransomware 2022.
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Ponemon Institute
Email revealed to be riskiest channel for data loss
More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
New Relic
New Relic launches vulnerability management platform
New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.
Story image
SpaceX
Australian space tech startup secures SpaceX support
Space Machines Company has secured the support of SpaceX as a launch partner in carrying SMC's Optimus Orbital Transfer Vehicle to space next year.
Story image
Manhattan Associates
Shortening the click-to-customer cycle through smart technologies
Speed of delivery without accuracy is a dealbreaker for consumers. How can retailers operating in an omnichannel environment overcome the challenge of click-to-customer cycle times.
Story image
Sustainability
Equinix announces milestones on sustainability commitments
Equinix has released its 2021 Sustainability Report which outlines progress, innovation and accomplishments on key ESG commitments.
Story image
DDoS
NT selects Radware to improve telecom cyber defenses
National Telecom Public Company (NT) has chosen Radware to strengthen the cyber defences of its international telecommunications infrastructure.
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.
Story image
Migration
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Sift
Navigating digital fraud and dispute can be tough. The Q4 2021 Digital Trust & Safety Index by Sift can give helpful insights to your business on keeping safe and prepared online.
Link image
Story image
Training
Infosec unveils role-guided cybersecurity training roadmaps 
Infosec Skills Roles maps hands-on training and certifications to the 12 most in-demand cybersecurity roles to maximise training efficiency.
Story image
CrescoData
SPS network now available to CrescoData eCommerce customers
CrescoData, a Pitney Bowes Company and PaaS business in the commerce space, says its customers can now connect to the SPS Commerce Retail Network.
Story image
Kubernetes
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Story image
Digital Signage
MAXHUB's Digital Signage range to bolster boardroom productivity
The new MAXHUB Digital Signage technology is purpose-built to make every kind of team meeting more effective.
Story image
ChildFund
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Surveillance
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.