IT Brief Asia logo
Technology news for Asia's largest enterprises
Partner content
Story image

Zero Trust means strong, frictionless PAM and other controls

It's no secret that cybersecurity has a reputation for generating friction. But as we saw with working from home – and will continue to see with hybrid working – strong security controls are necessary. Threat actors are increasingly taking advantage of flexible working environments where users log in from different locations and use a mix of work and personal devices.

Organisations must continue to step up their security controls to mitigate these risks. And Zero Trust strategies – implemented via a range of identity verification and privilege management solutions – offer an effective and adaptive approach. If only friction can be minimised to keep everyone productive! The fine balance between productivity and security is crucial.

To visualise how strong controls may or may not generate friction, imagine an organisation's information infrastructure as something like a bank's safe deposit box service, with security guards on the door.

The strictest control would be to have the guards check the ID of each and every customer, demanding reliable, government-sanctioned ID – passports and driver's licenses, not library cards. This approach has the highest chance of keeping out those who are not authorised, but it causes the most friction and can be frustrating for legitimate visitors.

A frictionless version would be to have the guards assess all the visitors by sight only. Anyone who seems legitimate is nodded through; anyone who appears suspicious needs to present their ID. This creates a much better visitor experience but creates risk if the guards cannot accurately identify everyone coming in.

A third option that also presents a frictionless experience is to continuously monitor how visitors use their access once they are in the safe deposit area, with individuals being challenged if they try to visit other areas or tamper with other boxes.

Think of Zero Trust as a digital polygraph test 

While helpful to see how security controls might work, these scenarios may not all be effective in a physical setting. In a digital environment, however, any or all of these approaches can be effectively implemented with a Zero Trust strategy.

Obviously, employees don't want to be constantly interrupted by security controls. Equally, organisations looking to minimise friction still want to accurately identify users and exclude unauthorised actors. Finding ways to move security controls into the background, but still be strong and effective, is the way to keep productivity and security balanced.

The solution to achieving this balance is a Zero Trust strategy using a risk-based approach with verification measures that vary based on factors such as the user's device or the systems and information they access. Think of Zero Trust as a digital polygraph test that adapts to the risk potential of each interaction and – if implemented properly – authenticates users with as little friction as possible.

Key to Zero Trust is the ability to adapt security measures and verify authorisation at every point, and there are many technologies and techniques that can minimise impact to users. Single sign-on (SSO), for example, significantly reduces friction because users only have to be verified once to gain access to different systems and information. With SSO, however, it is important that passwords are not the only security controls.

PAM, EPM and MFA's role in Zero Trust

Strong privilege controls are a vital element in reducing risk. A comprehensive Privileged Access Management (PAM) solution allows organisations to adopt the principle of least privilege so that users can only access the data and applications they need. In particular, PAM controls the privileges of admin accounts which adversaries target to gain full access to systems. It also controls access to valuable or sensitive information by privileged users who are targets for cybercriminals.

Endpoint privilege management (EPM) is an important tool that addresses risks associated with local admin access exploited by ransomware and other threats. EPM combines application control and PAM, so only trusted applications can be run on user devices. It allows security to be adaptive and evolve to address new threats as opposed to relying on usernames and passwords and trusting users to always do the right thing.

Multi-factor authentication (MFA) is also an effective way to enforce adaptive authentication and has become very user-friendly in recent years, thanks to biometrics. When users act suspiciously, such as attempting to access assets they don't usually need or logging in from new devices or locations, they can be challenged and have to verify themselves.

With MFA, behaviour can be continuously monitored in the background, and additional verification is required when a user exceeds their risk score limit.

A mindset to guide organisations on a journey

Zero Trust is not a single solution but more a mindset to guide organisations on a continuous journey of stepwise improvements. Each organisation needs to determine which controls will achieve the biggest risk reduction based on a clear understanding of the value of their assets and a dynamic assessment of potential risks and impacts.

Equally, organisations need to maximise productivity at every step. Security controls need to be as frictionless as possible, particularly in a hybrid working environment. At the same time, they must present the biggest possible barriers to attackers to either prevent their exploits or increase the chance that they will be identified and stopped before achieving their goals.

Watch the Trust or Zero Trust? Going Beyond Privileged Access Management webinar here.
Download the Going Beyond the Vault with Zero Trust Privilege whitepaper here.

About the author

Joseph Carson is the chief security scientist - advisory CISO for ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify. Carson has over 25 years' experience in enterprise security, is the author of “Privileged Account Management for Dummies” and “Cybersecurity for Dummies”, and is a cybersecurity professional and ethical hacker. He is a cybersecurity advisor to several governments and the critical infrastructure, financial and transportation industries.

Related stories
Top stories
Story image
Cybersecurity
Spike in demand for cybersecurity training amid skills shortage
"Organisations cannot just rely on cybersecurity professionals to safeguard the businesses’ infrastructure and protect their data."
Story image
Network Management
VMware announces CSP product innovations and partnerships
These additions enable CSPs to modernise networks and accelerate 5G core, RAN and edge deployments and lifecycle management.
Story image
eCommerce
New FedEx report reveals biggest trends in eCommerce
The report shows that SMEs and consumers agree that there's room for further growth in the already booming eCommerce sector.
Story image
Revenue management
BillingPlatform improves offerings to foster customer revenue growth
BillingPlatform has enhanced its platform and products with a focus on helping customers drive revenue growth through improved CPQ functionality, new B2B digital commerce capabilities and expanding its payment integrations to include Stripe, Stax Payments and Adyen.
Story image
Web Development
Kafkawize joins Aiven to further open source journey
The acquisition signals Aiven's evolution from an open-source contributor to a steward of open-source communities. As part of this transition, Kafkawize has also been renamed Klaw.
Story image
Artificial Intelligence
TeamViewer and Hyundai Motor sign new strategic partnership
TeamViewer and Hyundai Motor have signed a strategic partnership with the hopes of accelerating digital innovation within an automotive smart factory.
Story image
Sustainable IT
Adobe surveys sustainability at work in Hong Kong employees
The top three sustainability practices are reducing paper usage (46%), digital document storage and management (43%), and curbing electricity consumption (37%).
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Digital Transformation
NEC Corporation and Red Hat expand global collaboration
NEC Corporation and Red Hat have announced an expanded global collaboration to drive IT modernisation and digital transformation on Red Hat OpenShift.
Story image
Cloud Services
Workday shares a vision to transform the partner ecosystem
The firm will unveil an enhanced partner program in early 2023, including three consolidated tracks for innovation, go-to-market, and service partners.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Digital Transformation
How businesses can stay connected with their clients in a digital environment
Staying connected in a virtual world requires strong communication and collaboration, especially with many workplaces adopting a work-from-anywhere business model.
Story image
Cybersecurity
Continuous attack attempts discovered on Atlassian Confluence zero day
Following a coordinated disclosure of a zero-day vulnerability by Volexity in Atlassian Confluence, attackers went wild to exploit it.
Story image
Ransomware
Commonwealth tackling rising cybercrime threat in Asia
Ransomware, identity theft, and virtual security attacks identified as growing threats to security and economic growth.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Cloud
IBM releases Transformation Index to assist cloud innovation
IBM has released its Transformation Index: State of Cloud, commissioned by the company and conducted by an independent research firm.
Story image
Databricks
Qlik and Databricks partnership advances cloud analytics
Qlik has announced two significant enhancements to its partnership with Databricks that make it easier for customers to combine Qlik's solutions and Databricks.
Story image
Firewall
Forrester names Akamai as web application firewall leader
"We continually monitor and improve our capabilities to defend customers from new threats, while enabling customers to protect evolving attack surfaces."
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Artificial Intelligence
Exclusive: Uniphore shares how Conversational AI can be the key to business success
Conversational AI and Automation are vital tools to help further promote organisational cohesion and communication, and Uniphore is leading the charge.
Story image
Customer Relationship Management
NetSuite helps Australian bridal boutique to scale operations globally
Grace Loves Lace is now using Oracle NetSuite to create enhanced experiences for brides from Queensland, Australia, to locations worldwide. 
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
Subscriptions
Denodo targets mid-market with new subscription models
These new subscriptions will help mid-market companies to streamline data integration and accelerate speed to insights.
Story image
Sustainable IT
Equinix commits US$50 million to advance digital inclusion
Establishes the Equinix Foundation, an employee-driven charitable organisation, to advance digital inclusion through grants and strategic partnerships.
Story image
Artificial Intelligence
Zendesk adds AI capabilities to customer support solutions
Zendesk recently announced Intelligent Triage and Smart Assist, new artificial intelligence (AI) solutions empowering businesses with customer support.
Story image
IT Automation
Tech job moves - Adobe, Ambit, blueAPACHE, Cue & DC Blox
We round up all job appointments from September 26-,30 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
IT infrastructure
Kyndryl launches open solution, powered by co-creation
Kyndryl Vital is led by global teams of designers who work alongside customers and partners to define and solve complex problems with innovation.
Story image
Omnichannel
The need for purpose-built mobility in retail today
Against the backdrop of increasing competition, retailers are increasingly looking for ways in which they can take costs out of their business without sacrificing operational efficiencies.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Microsoft
A deep dive into a Corporate Espionage operation
In the last few years, we have seen a dramatic shift in the level of sophistication of cyberattacks, mostly thanks to the introduction of the profit-sharing business model for financially motivated threat actors.
Story image
Radio access network
Dell and Fujitsu team up on Open RAN solutions and initiatives
Dell Technologies and Fujitsu are working together to make it easier for CSPs to accelerate the adoption and simplify the deployment of Open RAN.
Story image
Cloud Services
Dell and Wind River transform telecom cloud deployments
Dell’s industry-first co-engineered solution with Wind River speeds the adoption of open, cloud-native network technologies.
Story image
Microsoft
Yubico research finds concerning trends around authentication security practices
A new global survey from Yubico has found that 59% of employees still rely on usernames and passwords as the primary method to authenticate their accounts.
Story image
Customer Relationship Management
Diagnostic: Does your tech stack up for growth?
It’s common for tech companies to encounter limitations in their tech stack as they experience growth. After all, at first, you only need to invest in systems to support the needs of an early-stage or single-entity business.
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Data Protection
99% of security experts unhappy with tokenisation investment
Cybersecurity experts are looking for a solution that provides the strength of tokenisation while removing the friction that has accompanied it in the past.
Story image
Artificial Intelligence
Fortinet advances AIOps to aid the hybrid workforce
"We’re continuing our commitment to AI innovation by delivering AIOps capabilities across our robust portfolio of enterprise networking technology."
Story image
eCommerce
Customer loyalty drops when brands don't innovate - report
Customers are quick to flee slow-to-innovate brands with lagging commerce experiences, with millennials and Gen Z leading the migration.
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Cloud
MYOB provides efficiency boost with new inventory solution
Premium Inventory is an integrated solution that helps goods-based businesses improve efficiency, reduce costs and increase cashflow.
Story image
Tax
BlackLine adds tax hyperautomation capabilities to its solutions
The extension to BlackLine's intercompany solutions comes in response to organisations facing increasing intercompany tax scrutiny globally.