“Access lets you in the door; connectivity is what happens once you’re inside.” – Almog Apirion, Cyolo CEO and Co-founder
Imagine leaving the front door of your home open. You wouldn’t, if you thought some malicious person might follow you in! So, why do we do leave ‘doors’ open in the digital world? It’s time to think about access control not only as unlocking and opening a door but as continuing to stay safe once we’ve stepped inside.
Network access points are the focal point used by cybercriminals to target sectors from banking to retail to healthcare. Trust can no longer be implicitly given, and identity is the new measurement that changes access control from a single event to a continuous process. As companies turn to the Zero Trust methodology to secure organizational assets, how can continuous protection be achieved once the ‘digital door’ is opened?
Identity for Access or Connectivity, or Both?
Identity-based connectivity and access are symbiotic. Used together, they form a 360-degree, always-on security mechanism that is an intrinsic part of the Zero Trust framework. Security is rarely an on-off switch; instead, it is a reaction to risk. Adjusting an environment to control risk is fundamental to getting Zero Trust right. But connectivity and access are not the same, they refer to two points of the security chain.
- Access (how do I enter?): What is needed to allow verified entry to an application, network, device, etc.
- Connectivity (what can I do after I enter?): What type of post-access controls are available, and how and when are they enforced?
Benefits of Identity-Based Access and Connectivity
Identity-based access and identity-based connectivity are two vital elements of a Zero Trust approach to security. Some examples of the use of identity-based connectivity to enforce security are:
Third-party vendors: Vendors in the supply ecosystem rely on access to resources that may be sensitive or contain personal data. But supply chain attacks are a severe risk to the enterprise. A survey from BlueVoyant shows that 97% of organizations have been “negatively impacted” by a cybersecurity breach originating at a supplier. In addition, a recent report from Sophos found that 83% of financial sector organizations regard a supply chain risk strategy as a top priority in handling the tsunami of cyber threats.
Complete visibility of vendor access and enforcing privileged access controls, including post-access, is vital to containing this threat.
Remote workers: Remote and home working are challenging longstanding cybersecurity protocols and increasing the attack surface for bad actors. Personal devices (BYOD) and insecure networks have created an alignment of planets that has resulted in out-of-control access and resource use. A report conducted by Tenable found that 80% of organizations feel increasingly exposed to risk because of remote work. The report also highlights visibility issues, with 71% of respondents blaming a lack of visibility into remote employee home networks for increased cyber-attacks on remote employees.
Visibility into disparate personnel devices is critical to controlling rogue access attempts. Always-on security, which includes connectivity, ensures that remote work environments are secure. In addition, identity-based access and post-access connectivity provide the continuous monitoring and audit needed to reduce risk and maintain security in this challenging environment.
Regulations and compliance: Data protection and privacy regulations are becoming the norm worldwide. The often-stringent requirements of these regulations create work overheads in heavily regulated industries such as finance, manufacturing, and healthcare. Digital transformation in these industries also adds a layer of complexity in maintaining compliance.
Access control to sensitive personal and financial data is a key requisite of data protection and privacy regulations. The Zero Trust framework, built upon identity, provides the mechanism to ensure always-on and continuous security of protected resources. In addition, the visibility, audit, and reporting offered by advanced Zero Trust solutions that facilitate identity-based connectivity ensure that compliance is achieved, and the evidence of compliance is provided to regulators in the form of reports.
Replacing Implicit Trust with Identity-Based Access and Connectivity
Employee performance should not suffer due to security, but finding the balance between security and usability has always been a challenge. By using advanced identity-based solutions designed to deliver better performance without sacrificing security, organizations can open the door to the right people while ensuring that no malicious actor enter behind them.