Zero Trust and user fatigue

SMART Access & Identity 2024 Access Control & Identity Management, Information Security

Paul Meyer.

When it comes to zero trust network access (ZTNA), Gartner defines it as products and services that create an identity and context-based, logical-access boundary encompassing an enterprise user and an internally hosted application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities, which limits lateral movement within a network.

Gartner1 adds that ZTNA solutions are rapidly replacing remote access VPNs for application access. This Market Guide, which includes a list of representative vendors and their products, will help security and risk management leaders evaluate ZTNA offerings as part of a security service edge (SSE) strategy. Gartner notes an increased focus by end user organisations on zero trust strategies/cloud adoption – and a desire to provide more secure and flexible connectivity for hybrid workforces – heightens interest in the zero trust network access (ZTNA) market.

Organisations identify VPN replacement as their primary motivation for evaluating ZTNA offerings, but find that justification comes from risk reduction, not from any cost savings. Agent-based ZTNA is increasingly deployed as part of a more significant secure access service edge (SASE) architecture or security service edge (SSE) solution to replace always-on VPNs that traditionally provide full network security stacks for remote managed endpoints.

A new study2 from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue which often lead users to risky computing behaviour at work and in their personal lives.

What is the perimeter today?

We live in a new world of widespread networking, remote access and rapid information exchange, with new technologies such as mobile devices and cloud, poking even more holes in the perimeter.

Today, cybersecurity is evolving again. Cyberattacks are dynamic, challenging to predict, and have higher stakes. Cybercriminals have the latest technologies at their fingertips. Machines are deployed against the enterprise’s defences, operating at a vast scale, with volume, speed and agility.

The attack surface grows daily, with two-thirds of employees3 said to be using their own devices for work, and some reported using more than one (e.g., cell phone, tablet, personal laptop, wearable technology). The unstoppable trend of bring your own device (BYOD) requires new security measures to manage these myriad endpoints.

So, the castle-and-moat approach to cybersecurity will not do the job. Vulnerabilities permeate all levels of business systems, and your cybersecurity strategies probably need a reboot. Today’s threats cannot be fought with yesterday’s strategies, and a zero trust approach to security is required.

Zero Trust is a network security model based on the idea of never trust, always verify. Users and endpoints are not trusted until they are authenticated; even then they only gain access to specific, limited applications and data. Additionally, they must reauthenticate periodically to maintain their access. Smart threat detection technologies patrol the network, analysing patterns and flagging anomalous or suspicious behaviour.

With holistic Enterprise Information Management (EIM) technologies, critical data is centralised and protected within layers of security, extending from the heart of the enterprise to all endpoints. Protection is complete against all attack vectors, external or internal. The latter ensures protection against mistakes, either deliberate or caused by internal user fatigue (one report by IBM found that 95% of cybersecurity breaches result from human error). In other words, human mistakes are so overwhelming in cybersecurity that 19 out of 20 cyber breaches result from human error.

Identity access management (IAM) authenticates and authorises each user. An IAM system includes automated lifecycle management for internal and external users, comprehensive identity governance, privileged access management and integrated multi-factor authentication (MFA) capabilities. It stops identity sprawl to third parties, centralising and protecting identities.

However, securing identities is just the beginning. One of the most common ways the bad guys circumvent enterprise security protocols is through endpoints. All edges are vulnerable – servers (on-premises and on-cloud), workstations, desktops, laptops, tablets, and mobile devices. This is why a Zero Trust security system must understand every unique endpoint and its security status, yielding complete visibility and control over any endpoint requesting access.

Find out more at iOCO, +27 11 607 8100, [email protected],




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Milestone Systems joins CVE programme
Milestone Systems News & Events Information Security
Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE) Programme as a CVE Numbering Authority (CNA), to assist the programme to find, describe, and catalogue known cybersecurity issues.

Defending against SIM swap fraud
Access Control & Identity Management
Mobile networks must not be complacent about SIM swap fraud, and they need to prioritise the protection of customers, according to Gur Geva, Founder and CEO of iiDENTIFii.

Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.