Since the emergence of COVID-19, fraudsters have launched fraud campaigns against critical services that serve as lifelines to the public. According to the Federal Trade Commission (FTC), Americans have lost more than $192 million due to COVID-related fraud this year, and we expect the amount to escalate further as the pandemic continues.
Given the massive shift to a remote-first workforce, it is very apparent how bad actors have begun using the backdoor to infiltrate the organization's network via employees’ personal devices or routers, which clearly lack stringent BYOD (Bring Your Own Device) policies and in turn are rarely patched. Due to the attack surface’s exponential growth, many organizations are left with no choice but to adopt a Zero Trust framework.
Just as you would imagine based on its name, Zero Trust requires authentication of each touchpoint connecting to an organization’s network, aiming to transform it into an impenetrable fortress. Regardless of its benefits, even Zero Trust has its limitations and can create friction unnecessarily, which could have a lasting effect on employee productivity and an overextension of security resources. Are there any alternatives? Is there another remedy that can provide a similar level of security as Zero Trust without the friction? Zero Trust 2.0 is the answer.
The Shortcomings of Zero Trust
With the sizable shift to a remote-first workforce, Zero Trust rapidly became the security remedy of choice for many enterprises with nearly 40% of cybersecurity professionals confirming accelerated adoption in the last year:
- Over 35% citing the remote workforce and insider threats
- Nearly 25% citing potential supply chain risks
- About 21% citing cloud risk management
Unfortunately, taking a Fort-Knox-like approach to network security ignites other issues, such as sustainability. Zero Trust requires significant funding and time to be implemented properly and thoroughly maintained, even for some of the biggest corporations and tech juggernauts that have a treasure trove of resources. However, it may be unattainable for smaller organizations due to limited funding and talent.
Organizations may encounter additional obstacles throughout the authentication process which can cause friction and hamper employee productivity. Earlier this year, 46% of executive spokespeople predicted a decrease in performance efficiency across their respective organizations. The new normal has increasingly eroded the typical constraints of the working day’s hours, meaning that instant access to the corporate network is now mission critical. If Zero Trust inhibits this workflow in any way (especially if the employee’s device is not properly classified within the network), organizations will then risk having both employee productivity and morale simultaneously impacted.
Zero Trust 2.0 is Here
Enter Zero Trust 2.0 – a solution for organizations that possesses robust cybersecurity measures while also ensuring employees maintain the utmost productivity and convenience. With Zero Trust 2.0, the same “Fort Knox” level of security is recognized, but through intelligent passive indicators rather than the layered authentication approach of its predecessor.
Intelligent passive authenticators operate on behavioral analytics, which is essentially information generated from a user’s digital transactions or general online activity. This consists of an employee’s interactions on the organization’s network alongside data from their laptop, smartphone, or tablet, which is combined with passive authenticators: intelligent swipe authentication, behavior PIN authentication and keystroke dynamics. In doing so, it determines “how” an employee accesses information within a network, using that data to confirm a user’s identity, and eliminates the need for passwords and prevents issues with BYOD.
Cyber Defense’s Next Chapter
With their access to next-generation technology, fraudsters have become increasingly sophisticated and obscure. But if organizations are powered by Zero Trust 2.0, its intelligent passive authenticators will enable employees to continue work with minimal friction, while enhancing security through behavioral traits that are impossible to replicate. Even with AI, it is impossible to perfectly mimic personal habits (e.g., holding a phone; the manner of keystrokes, the speed in which you type, etc.). It is these same unique mannerisms that are key to protecting your data as well as the organization’s data from unauthorized access.
Zero Trust 2.0 represents the next generation of anti-fraud and cyber defense, rendering passphrases obsolete. Organizations can more effectively combat fraudulent activity by leveraging authentic employee behavioral profiles. Zero Trust 2.0 also offers an enhanced user experience as employees will no longer have to enter passwords to access files. According to the World Economic Forum (WEF), employees spend roughly 11 hours entering or managing their password(s) each year, which can result in substantial productivity loss. That said, one question comes to mind: how can organizations make Zero Trust 2.0 a reality?
Ensuring Zero Trust 2.0 Compatibility
Many industries currently envision Zero Trust as the answer to the expanding threat landscape. A CISO will likely have this mindset, “If Zero Trust can elevate our infrastructure to withstand malicious fraud campaigns and the expanding threat landscape, then a little friction is worth it.” This is a reasonable mindset, but employees may not share the same thinking and will want a solution that adds convenience to their daily routine – enter Zero Trust 2.0.
Laptops, smartphones and tablets already leverage intelligent passive indicators for security measures. Zero Trust 2.0 is attainable on personal devices, but what about implementing on a larger scale? What would it take for organizations to properly implement and maintain this framework for potentially hundreds of thousands of employees nationwide - or even globally?
To ultimately reach success, the CISO must adopt a solution that does two key things:
- Use Machine Learning to Your Advantage. Unfortunately, not all authentication events are created equally. A user authenticating via fingerprint reader on a high-end device will likely be more secure than a user authenticating via a PIN on a low-end device. It is imperative that CISOs consider all factors when implementing any new capability. The perfect solution would be able to gather data from vast array of inputs and learn which events are more secure and require a closer review.
2. Manage Identity and Access via Orchestration Layers. Before orchestration layers, managing the constantly revolving user portal of devices and applications was almost impossible. Now, CISOs and IT managers can implement and adjust access control policies across different segments of their business and geographies with a few short clicks, removing their reliance on the scarce resource of development time and making the dream of a dynamic Zero Trust architecture a reality.
Zero Trust 2.0 Breeds Safety
If and when offices shift back to an in-person working regimen, the attack surface will still remain in its expanded state as many employees will opt to work remotely on a regular basis. With business continuity hanging in the balance, CISOs will need to consider technologies that not only insulate their entire infrastructure, but also meet employees’ newly-recognized preferences for consistent access and speed - namely, convenience.
There is one significant advantage to Zero Trust 2.0 - it is not a standalone solution and maintains a straightforward approach. The framework can also be installed with a single software development kit (SDK), meaning the enterprise can adopt Zero Trust 2.0 via a solo integration and acquire multiple layers of passive authentication in the process.
Through Zero Trust 2.0, businesses of all sizes can gain a Fort Knox-level security posture of Fort Knox paired with an increasingly sustainable solution capable of adapting to each employee’s respective need or preference. Zero Trust 2.0 is tipping the scale in favor of good and halt evil’s advancement across the landscape, while narrowing attack surface in the process.