Adopting a Zero Trust approach is the best strategy to control access
A new study conducted by Forrester Consulting found that organizations powering Zero Trust Security with next-gen access solutions reported twice the confidence to accelerate new business models and customer experiences.
The study of 311 IT decision-makers in North America and the UK finds that 67 percent of all enterprise resources are exposed to access-related risk, and that a Zero Trust Security approach is the best strategy to control access to enterprise resources.
Organizations using next-gen access solutions – including Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM), and Privileged Access Management (PAM) – also reported topline benefits including being 66 percent more confident in adopting mobile work models, and 44 percent more confident in securing DevOps environments. Those same respondents reported bottom line benefits of mitigating overall risk by 37 percent and reducing security costs by 31 percent.
According to Forrester, 58 percent of global enterprises have experienced a breach in the past 12 months. According to the study, “Security leaders are urgently scrambling to defend every entry point, but traditional approaches to security, based on keeping out the ‘bad guys,’ while letting in the good guys, have proven ineffective.” In response, many security leaders are turning to Zero Trust approaches that remove trust from the equation completely, shunning the traditional “trust but verify” approach and replacing it with a “never trust, always verify” mandate.
“The dissolving network perimeter is causing a complete rethink in how we approach security, taking into account a new enterprise reality defined by the cloud, mobility, and increasing demands for agility,” said Tom Kemp, CEO of Centrify. “This study reveals that two-thirds of enterprise resources are exposed to access-related risk, largely because organizations are approaching security in a way that no longer works and with solutions that are ineffective. Zero Trust Security, powered by next-gen access, reduces risk and costs, while ushering in a new era in customer experiences and business models.”
To enforce user access, a Zero Trust strategy requires that an organization’s security must have the capability to:
- Verify the identity of every user through a combination of identity governance, single sign-on, and multifactor authentication (MFA) to eliminate the risk of credential compromise.
- Validate every device with mobile device management to enforce secure policy, with local administrator privilege management to eliminate local admin compromise, and with device identity management to ensure that only trusted devices are allowed to access resources.
- Limit access and privilege using privileged access management to ensure a user has just enough access and only the necessary privileges to perform their job during any given time.
- Continually learn and adapt using behavior-based analytics and privileged access auditing/monitoring to automatically improve and personalize access policies.