• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Controlling access in today’s digital-first world: Why it really, really matters
Security

Controlling access in today’s digital-first world: Why it really, really matters

August 10, 2022No Comments8 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Controlling access in today’s digital-first world: Why it really, really matters
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


“Access” is an increasingly major part of day-to-day life. By the time I sit down at my desk to start the workday, I’ve already gone through a dozen points of access control — including disarming and re-arming my house alarm with a code, unlocking my iPhone with Face ID, opening and starting my car with a key fob, logging onto my laptop with a biometric like fingerprint touch, and joining my first meeting of the day with a secure Microsoft Teams or Zoom link.

Be it physical or digital, access (particularly controlling access) is at its simplest the ability to grant, deny or restrict entry to something. That “something” could be your car, house, bank account, computer, mobile phone, apps, or just about anything else in today’s digital-first world. 

Let’s focus on apps for a moment. They are at the heart of our daily digital lifestyle. The mobile app market is expected to generate over $935 billion in revenue by 2023. Perhaps that’s not surprising given the average person uses around 10 apps per day just on their smartphone.

Today’s enterprises are also heavily reliant on apps to drive their business as well as support it. And think of all the people who may access these business apps from their mobile phones or their home offices. With today’s hybrid work world, not to mention a hybrid-cloud-powered one, managing all these different apps (let alone securing and controlling access to them) has become increasingly complex.

The most serious web vulnerabilities today require a zero-trust model

We’re aware that with all the benefits of digital transformation there are also new risks to consider. But there are serious consequences today for businesses, their employees and their customers as this risk increasingly centers around bad actors targeting user identity and access. If you’re a fan of stats like I am, there are many out there to help drive home the enormity of this issue. For me, two of the more alarming findings are these:

  1. Between 2015-2020, stolen passwords and other credential-related attacks led to more incidents and more total losses — $10B — for businesses than any other threat action (Cyentia Institute IRIS 20/20 Xtreme Information Risk Insights Study). Given the modernization paths for digital fraud are only continuing to proliferate, and the use of credentials in both ransomware and digital fraud is high, the demand for stolen creds won’t slow down in the coming years.
  1. The #1 vulnerability of the 2022 OWASP Top 10: Broken access controls (OWASP Top 10). This includes the violation of least-privileged access to an app or resource.
See also  Street Fighter 6 World Tour opening movie confirms launch roster

Attacks targeting a user’s identity impact enterprises across the globe and across industries, though financial, IT and manufacturing are impacted the most. This, paired with the prevalence of broken access controls, make it critical to employ a zero-trust security model.

Never trust, always verify

The zero-trust mantra of “never trust, always verify” addresses today’s hybrid cloud, hybrid work and hybrid access scenarios. Securing access to all apps and resources, eliminating implicit trust, and granting least privileged access are all tenets of a zero-trust model. A key access vulnerability is in the breakdown of this approach. As OWASP describes, it’s the “violation of the principle of least privilege or deny by default, where access should only be granted for particular capabilities, roles, or users, but is available to anyone.”

Perhaps one of the biggest challenges businesses will face when it comes to avoiding this vulnerability is extending a zero-trust app access model across all their applications, specifically their legacy and custom ones. We’ve found some organizations can have anywhere from hundreds to thousands of legacy and custom apps that are critical to their daily business.

Many of these apps (for example, custom applications, long-running apps from vendors like SAP and Oracle, and legacy systems) leverage legacy protocol methods like Kerberos or HTTP headers for authentication. These apps often do not or cannot support modern authentication methods like SAML or OAuth and OIDC. ​And it’s often costly and time-consuming to try and modernize the authentication and authorization for these particular apps.

Many cannot support multifactor authentication (MFA) either, which means users must manage different credentials and various forms of authentication and access for all their different applications. ​​This only perpetuates the cycle for potential credential theft and misuse. There are also additional costs for the business to run, manage and maintain different authentication and authorization platforms. 

See also  Despot's Game: Dystopian Army Builder battles out of early access in September

How to enable zero-trust access within the hybrid enterprise 

Modern authentication is key to ensuring per-request, context- and identity-based access control in support of a zero-trust model. Bridging the authentication gap is one of the most critical steps an organization can take to avoid the “violation of least privilege” by enabling “never trust, always verify” (per-request, context- and identity-based app access) for their legacy, custom and modern applications.  

Having an access security solution that can serve as an identity aware proxy (IAP) will be key for extending modern auth capabilities like SSO and MFA to every app in the portfolio, including the legacy and custom ones. As mentioned earlier, it’s not feasible for the majority of businesses to modernize all their apps built with legacy or custom authentication methods.

The ability to take advantage of all the innovation happening in the cloud with IDaaS providers plus the improvements that come with OAuth and OIDC frameworks, all without having to modernize apps right away, is a game-changer for the business. It can reduce their risk exposure and enable innovation without disruption. The workforce can remain productive and securely access their apps regardless of what authentication method is used on the backend, no matter where those apps are hosted (or where the user is located). 

Going beyond access for a holistic zero-trust approach

While I’ve been stressing the importance of access in a zero-trust security model, having a truly holistic approach to zero trust requires organizations to go beyond access and identity alone. That’s because zero trust is the epitome of a layered security approach. There are many security technologies that need to be included as part of a zero-trust environment, including:

  • continuous diagnostics and mitigation
  • compliance considerations
  • integration of threat intelligence and risk factors
  • identity management
  • security information and event management

It’s also important to note that adopting a zero-trust approach and delivering a zero-trust architecture is best accomplished through an incremental implementation of zero-trust principles, changes in processes, and technological solutions (across various vendors) to protect data and business functions based off core business scenarios.

See also  4 steps to closing the cybersecurity skills gap in your organization

This zero-trust approach requires a different perspective and mindset on security, especially when it comes to access. Zero trust should, at best, augment what is already in place to secure and control access in your existing environment.

Businesses will need to protect against advanced threats, including encrypted threats (especially since 90% of today’s traffic is encrypted). It’s also critical to have visibility into the state of apps themselves, including how they’re performing, how secure they are, and the context within which apps are accessed. This also means protecting APIs which serve as the connective tissue between applications and have increasingly become too easily accessible and available entry points for attacks today.

All that said, how do you start to tackle this? There are a few clear steps you and your organization can take to begin your holistic zero-trust journey:

  1. First and foremost, make the choice to adopt a zero-trust approach. Keep in mind you cannot rip-and-replace your current infrastructure. As noted earlier, it’s an incremental process.
  2. Next, inventory the number of apps, both on-premises and in the cloud, your business runs and how often users access them.
  3. Select your trusted vendors to support key phases of your journey. For example, your IDaaS provider, reverse-proxy product, etc.
  4. Finally, decide if you should retire underused apps, replace some apps with SaaS, migrate others to the cloud, and identify which apps you want to modernize. To this point, given it can be a long and costly process to modernize apps, having that identity aware proxy (IAP) solution to bring modern authentication to your legacy and custom apps will be key for supporting a zero-trust model on your terms.

It may seem overwhelming to successfully control access and secure apps in today’s digital-first world. But it doesn’t have to be. If you start by taking simple steps to enable secure, least-privileged access to all your apps, you can then start phasing in a zero-trust model across your entire environment. In doing so, your business will be secured with zero trust faster than you realize.

Erin Verna is principal product marketer, access control & authorization at F5.

Source link

access Controlling digitalfirst Matters todays World
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Donald Trump’s Mug Shot Matters in a World of Fakes

August 25, 2023

Newsroom To Delivery Room, How These Journalists Help Today’s Families

August 24, 2023

The World Isn’t Ready for the Next Decade of AI

August 16, 2023

To Navigate the Age of AI, the World Needs a New Turing Test

August 14, 2023
Add A Comment

Comments are closed.

Editors Picks

Eight Ways To Prevent Work From Piling Up During Staff Vacations

August 10, 2022

Ikea Symfonisk Picture Frame Speaker review

August 4, 2022

Why And How You Should Live Stream On Social Media

September 25, 2022

Implementing blockchain: Why a security strategy must come first

October 12, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.