How should organizations reinvent themselves to drive transformation in the post- COVID-19 world? First, we need to understand that the traditional security model was designed for on-premise organizations with a well-defined IT perimeter. That no longer applies in the perimeter-less world. Why, because customers are everywhere; workers are everywhere and infrastructure and data are everywhere. The enterprise needs to be everywhere to support them.
Passwords based security, which assumed that users operated and accessed business information only form within the enterprise IT perimeter were adequate in the past. But in today’s IT environment, where users access data from a variety of untrusted devices, apps, networks, locations, and services – passwords alone are no longer sufficient. It should be no surprise that passwords are still the number 1 cause of data breaches. According to the Verizon Data Breaches Investigations report – 81% of breaches involved weak or stolen passwords. This is because passwords are easily compromised.
In the reality of today’s security world, how does an organization protect itself? With a Mobile Centric Zero Trust approach and framework to security. Zero trust assumes that bad actors are already in the network, and secure access is determined by an ‘always verify, never trust’ approach. The zero-trust method requires that you verify the device, user, apps, networks, and presence of threats before granting access. Also, you should have on-going enforcement. But with many theories about Zero trust, how do you ensure you’ve taken the right approach.
Alex Mosher, Global VP of Solutions & Strategy at Mobileiron gave us an in depth look at all things Zero Trust at our Transformational CISO Virtual Assembly this September.