Building resilient cyber security with a zero trust approach

Stockholm, Sweden

As the cyber landscape gets more complex, identity-first security strategy is gaining the recognition it deserves. The identity-based approach requires that every authorised user, device, or application must be assigned a verifiable digital identity. Before gaining access to protected corporate information, this digital identity must be validated using appropriate security mechanisms.

Simply put, all entities within the ecosystem are treated as untrustworthy until they can successfully authenticate themselves. This approach is more popularly known as the zero-trust security approach.

According to experts at Nexus, a zero-trust approach can help prevent attacks arising out of identity theft by, for example, implementing multi-factor authentication and limiting access to sensitive data based on a user's role and permissions. This simple, yet highly effective method can also be extended to external users such as contractors, suppliers, partners, and end-customers to ensure secure access across supply chains to enhance overall security posture.

Implementing a successful zero-trust strategy

Here, Nexus offers considerations for businesses on what should be taken into account to implement a successful zero-trust strategy.

Successfully adopting a zero-trust approach requires organisations to develop dynamic company policies that ensure secure work environments without hindering usability for employees. For example, use the same login method for all purposes instead of forcing your users to remember multiple insecure passwords.

Security mechanisms can also be applied at various levels. For example, if an authorised corporate device, connected to the domain, is authenticated to the corporate network with a certificate then for certain services and applications it does not require any additional authentication. But to access the same service from home or from the airport, multi-factor authentication is needed to confirm user identity.

Nexus also suggests that another great way to enhance usability is to leverage existing devices such as smartphones and laptops for user authentication rather than having them carry additional hardware tokens. Introducing passwordless authentication and single sign-on also go a long way in enhancing user adoption.

However, the company stresses to remember that physical and digital security are intertwined and cannot be separated from each other. Integrating physical access control with a solid identity management system and digital access ensures full control over corporate identities. Automation and self-service bring down costs by keeping manual work and helpdesk issues to a minimum.

The often-forgotten corporate devices – IT, OT, and IoT – must also be brought under the purview of zero-trust security. It is important to cover every connected device as even one unprotected device can be an opportunity for exploitation.

Create a secure cyber landscape with zero-trust

With the growing number of cyber attacks targeting operational disruption and reputational damage, organisations are forced to make robust cyber security a strategic priority.

Implementation of emerging technologies like artificial intelligence (AI) and machine learning, rise in digitisation initiatives leading to increased cloud adoption among other things, and strong regulatory requirements are all set to influence the cyber security strategies over the coming years. Nexus urges organisations to be mindful of potential risks and integration capabilities of the systems to develop sound security strategies.

An identity-based zero-trust approach can help organisations build long-term systemic cyber resilience.


Product Suppliers
Back to top