Zero trust: The modern approach to security


    by Daniel Mountstephen

    Last of two parts

    HOWEVER, company decision makers are still left with a mismatched idea of modern cybersecurity. In a survey conducted by the leading Privileged Access Management vendor Centrify and the Dow Jones Customer Intelligence team, 62 percent of CEOs inaccurately cite malware as the primary threat to cybersecurity yet only 8 percent of all executives said that anti-malware endpoint security would have prevented the “significant breaches with serious consequences” that they experienced.

    An AT Kearney survey last year emphasized that organizations in the ASEAN region must secure a sustained commitment to address the cybersecurity gap and build the next wave of cybersecurity capability. Compared to the global average spending on cybersecurity of 0.13 percent (as percent of GDP), the ASEAN region invests just 0.06 percent of its combined GDP in cybersecurity

    The region’s expanding digitalization only makes it an even greater target. According to a survey by global professional services firm Marsh and McLennan, organizations in Asia are 80 percent more likely to be cyber attacked.

    Bottomline: Something must change. Today’s security is not secure.

    The new reality: Never trust, always verify. Cyber attackers today are looking for the easiest way in. They no longer “hack” in – they log in using our own weak, default, stolen or otherwise compromised credentials against the organization. Identities can slip from good to bad at any point.

    With the explosion of new attack surfaces and unwieldy identities, the old cybersecurity adage of “trust but verify” no longer applies. The new mandate is “never trust, always verify” – a Zero Trust approach is paramount for all organizations today.

    Credentials, especially those for administrators with privileged access to critical systems, are the keys to your kingdom and your most significant vulnerability.

    Perimeter security is not enough to protect today’s world. It would be like continuing to invest in the moat when the castle of the kingdom no longer exists.

    Centrify is redefining the legacy approach to Privileged Access Management by delivering Cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying the identity of who is requesting access, the context of the request and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise.

    More than half of the Fortune 100, the world’s largest financial institutions, intelligence agencies and critical infrastructure companies, trust Centrify to stop the leading cause of breaches – privileged credential abuse. (Author is Regional Vice President, Centrify Asia Pacific & Japan)