Why zero trust depends on solving identity proliferation
Join senior executives in San Francisco on July 11-12 to learn how leaders are integrating and optimizing AI investments for success. Find out more
The concept of zero trust is not new: the term was coined by John Kindervag at Forrester over a decade ago. But until recently, zero trust was considered a cutting-edge approach that only a few organizations were tackling.
In today's cloud-dominated, remote-oriented world, zero trust is rapidly moving from the edge to the most efficient way to secure access in an expanding digital landscape.
The approach is based on the concept "never trust, always verify". The decision to grant access takes into account a variety of factors - or attributes - which, taken together, verify that a user has the right to take specific action.
Rather than granting system-wide access simply for having the right credentials, the system takes a risk-based approach to evaluating users. Verification steps are determined by contextual signals such as location and device, as well as the importance of the resources accessed.
EventTransform 2023
Join us in San Francisco on July 11-12, where senior executives will discuss how they've integrated and optimized AI investments for success and avoided common pitfalls.
Register nowParadoxically, zero trust relies on access to trusted identity information. Identity is the keystone of a zero-trust approach, and a successful strategy requires access to high-quality, context-rich data about every identity within an organization. Inaccurate data can prevent legitimate users from doing their jobs, but even worse, it creates opportunities for threat actors to infiltrate the network.
Set identity dataIdentity data is at the heart of any modern digital organization. Yet many companies still have a surprisingly fragile understanding of the identities that underpin everything they do. A given user may have dozens of different accounts or personas spread across several unconnected systems.
Identity can also be a combination of user and device identity, and device identities are likely to explode with the growth of operational technology and IoT. It is not uncommon for a single car or lifting crane to have hundreds of sensors connected, all with a single identity.
Most companies don't have any mechanism in place to keep track of all these profiles and tie them together to form a cohesive identity. Without a clear picture of users and how they connect to different assets and devices, it is difficult to design an effective zero-trust data management strategy.
One of the most important aspects of zero trust is implementing a universal least privilege policy. All users should only be able to access the data and systems they need for their jobs, thereby mitigating the risk of a compromised account or a malicious insider. More than one organ...
Join senior executives in San Francisco on July 11-12 to learn how leaders are integrating and optimizing AI investments for success. Find out more
The concept of zero trust is not new: the term was coined by John Kindervag at Forrester over a decade ago. But until recently, zero trust was considered a cutting-edge approach that only a few organizations were tackling.
In today's cloud-dominated, remote-oriented world, zero trust is rapidly moving from the edge to the most efficient way to secure access in an expanding digital landscape.
The approach is based on the concept "never trust, always verify". The decision to grant access takes into account a variety of factors - or attributes - which, taken together, verify that a user has the right to take specific action.
Rather than granting system-wide access simply for having the right credentials, the system takes a risk-based approach to evaluating users. Verification steps are determined by contextual signals such as location and device, as well as the importance of the resources accessed.
EventTransform 2023
Join us in San Francisco on July 11-12, where senior executives will discuss how they've integrated and optimized AI investments for success and avoided common pitfalls.
Register nowParadoxically, zero trust relies on access to trusted identity information. Identity is the keystone of a zero-trust approach, and a successful strategy requires access to high-quality, context-rich data about every identity within an organization. Inaccurate data can prevent legitimate users from doing their jobs, but even worse, it creates opportunities for threat actors to infiltrate the network.
Set identity dataIdentity data is at the heart of any modern digital organization. Yet many companies still have a surprisingly fragile understanding of the identities that underpin everything they do. A given user may have dozens of different accounts or personas spread across several unconnected systems.
Identity can also be a combination of user and device identity, and device identities are likely to explode with the growth of operational technology and IoT. It is not uncommon for a single car or lifting crane to have hundreds of sensors connected, all with a single identity.
Most companies don't have any mechanism in place to keep track of all these profiles and tie them together to form a cohesive identity. Without a clear picture of users and how they connect to different assets and devices, it is difficult to design an effective zero-trust data management strategy.
One of the most important aspects of zero trust is implementing a universal least privilege policy. All users should only be able to access the data and systems they need for their jobs, thereby mitigating the risk of a compromised account or a malicious insider. More than one organ...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
