If we look back at the security landscape of 2018, there were some interesting highs and lows. There were a number of large-scale breaches in the news attributed to hackers, involving notable companies. All indications for 2019 don’t show any signs of this activity stopping or slowing down. In fact, if you’re one of 7.6 million users that play the online game “Town of Salem” you may want to check your account.
Last year we saw the announcement and enforcement of new regulatory controls for identity and data protection, including the European Union’s General Data Protection Regulation (GDPR), New York: Department of Financial Services Cybersecurity Regulation (NYDFS) and Australia’s Notifiable Data Breach (NDB) scheme.
Given that there is so much attention on security in this digital age that must mean that the threat landscape is changing, right? Based on the various 2019 market and industry predictions published so far, things don’t appear to be changing drastically.
If we consider the reality of the cybersecurity threat landscape there is a lot of effort to garner fear, uncertainty and doubt, pushing organizations to adopt solutions that may not provide a holistic approach to security. The fact is that attackers are still using the tried, tested, and true approaches of phishing, malware, botnets and ransomware, focusing their attacks on the weakest links of the IT security chain.
With the workforce on the go, workloads in many clouds, and devices outside corporate controls, knowing who and what to trust are still the biggest IT security challenges. Organizations need to shift their focus to protecting their entire environment and should look for solution providers that can be trusted security partners, not just a vendor.
With all of this in mind what is the outlook for 2019? It is clear that the C-suite and IT security teams need to have strategies in place to address the influx of bring your own device (BYOD) policies, shadow IT, platform decentralization and the migration to the cloud. Which means that not only do these teams need to effectively reduce the threat surface of their organization and meet industry compliance regulations, they need to balance risk reduction with usability – to eliminate user frustration and cause minimal disruption to workflows.
The concept of zero trust security, originally proposed by Forrester in 2010, is re-emerging as the methodology to address security risks and tackle these challenges. This approach to security has been leveraged by Google as part of their BeyondCorp initiative and Gartner has their framework called Continuous Adaptive Risk and Trust Assessment (aka. CARTA). Learn more about these various approaches here. These trust-centric approaches shift access decisions based on network topology to authorized users and devices, but often these approaches are regarded as an arduous undertaking due to the vast number of moving parts and aspects that need to be addressed.
The New Era of Trust
Cisco Trusted Access makes it easier and safer to grant and restrict access by establishing trust and software-defined perimeters based on dynamic context, not just static credentials or network topologies. The union of Cisco and Duo Security in 2018 means that IT and security teams have a comprehensive solution available to address the challenges being faced as we go into 2019, and helps organizations meet components of compliance and regulatory requirements with a secure, easy-to-use zero trust security platform.
The first step in successful implementation in our Trusted Access approach is to verify user identity with strong multi-factor authentication (MFA). Being able to assess device hygiene and have endpoint visibility before granting access to cloud and on-premises apps should also be factored into the initial phase of deployment. Knowing what is accessing applications and their health helps reduce the risk surface of these devices. To balance security and usability the adaptive authentication and policy enforcement options that Duo has to offer means that organization can effectively protect remote access and offer a secure single sign-on solution protecting both cloud and on-premises applications.
You can read more about how you can move towards a zero trust approach in an earlier post from this year. It is recommended that a robust solution should help you leverage the resources and technologies you already have in place to keep changes and costs to a minimum.
So as you embark on all of the excitement and adventures that 2019 has in store, feel free to give us a try to see how easy it can be to rapidly deploy a security solution that can help you establish a level of trust and start your own journey towards a zero trust environment.