CYBER SECURITY
Authentication best practice within a Zero Trust strategy For CISOs around the world it seems at every turn, they are being told to implement Zero Trust. BY NIC SARGINSON, PRINCIPAL SOLUTIONS ENGINEER, YUBICO IT’S TRUE that the principle of Zero Trust might be right for this moment; after all, work-from-home and hybrid work policies are becoming the norm, as are cloud applications. However, many organisations may struggle with the reality of what’s involved with a Zero Trust framework or infrastructure. Having protected the boundary for so long, it takes a change of mindset to verify every connection attempt. At its core, Zero Trust should start with strong user authentication and the chosen authentication method should not hamper user productivity. Therefore, organisations need to look first at how users establish their identity and consider the level of trust that can be attributed to that mechanism. The truth is, if authentication is by passwords alone, there is no
28
WWW.DIGITALISATIONWORLD.COM
l
ISSUE VI 2021
l
assurance of security, no matter how robust the rest of the Zero Trust strategy is. Yet despite this, a recent survey of work-from-anywhere cybersecurity practices at companies in the UK, France and Germany revealed that less than a quarter (22%) of respondents had implemented two-factor authentication (2FA). That’s a problem for Zero Trust, because going forward with such a model depends on having a strong level of trust in the authentication mechanisms of every user, from every device. Strong authentication needs to be a foundational building block of the Zero Trust strategy. With that in mind, what are the key strong authentication best practices organisations need to adopt in order to ensure Zero Trust is correctly supported?
COPYRIGHT DIGITALISATION WORLD