Zero trust adoption grows as businesses suffer insider and privileged access breaches
Privileged credential theft and insider threats have each affected more than half of organizations in the U.S. over the past 12 months, according to research from ThycoticCentrify, which it says shows the importance of zero trust principles in digital identity and access management.
Cybercriminals were able to access critical systems or data in 85 percent of cases of privileged credential theft, and two-thirds of insider threats led to abuse of administrative practices seeking illegitimate access to critical systems or data, the company says. The survey, carried out by CensusWide by surveying 150 IT decision-makers, found 48 percent of organizations have suffered a data breach due to giving too much access to an employer or contractor within the past year.
Most survey respondents said they are ‘very familiar’ with zero trust (62 percent), and another third are ‘somewhat familiar’ with the concept.
Zero-trust should be increasingly familiar, after it was included along with multi-factor authentication in the Biden Administration’s plans to tighten digital ID security in the U.S.
More than three-quarters (77 percent) already use a zero trust approach within their cybersecurity strategy, though complicated or inadequate security solutions are still considered a barrier to doing so by 57 percent.
“There are many on-ramps to Zero Trust. But with privileged identities playing such a key role in most data breaches, it makes sense to begin that journey with a modern PAM solution built around a least privilege model of access control,” says Tony Goulding, cybersecurity evangelist at ThycoticCentrify.
The company has also launched a solution for privileged access management (PAM) and governance for cloud platforms built on AWS.
ThycoticCentrify’s cloud provider solution for AWS extends a set of PAM capabilities to continuously carry out an automated search for AWS EC2 instances for full visibility, including of elastic auto-scaling groups.
“The cloud is a game changer when it comes to scalability and availability, but it has also changed the game for cyber-attackers looking to leverage new vulnerabilities created by disparate controls and resulting identity management challenges,” comments David McNeely, chief technology officer at ThycoticCentrify. “Our cloud provider solution for AWS provides real-time visibility into cloud workloads as they are added and removed, automating privileged password and identity management that ensures administrative and access controls are enforced while reducing complexity and risk.”
ThycoticCentrify was created in a merger last month.
SecurID expands authentication and zero trust capabilities
SecurID launched a new set of new authentication capabilities at the RSA Conference 2021, in part to help organizations develop zero trust security.
SecurID Interactive Experience was introduced by the company to help customers select tailored digital ID authentication methods, build access policies and configure privileged access rules. The company also says its customers can now use any of the authentication services and methods provided by SecurID, including biometrics ad FIDO tokens, entirely from the cloud.
“In the post-COVID world, Identity and Access Management (IAM) is more critical than it’s ever been – and getting identity right is harder than ever,” says RSA CEO Rohit Ghai. “Businesses everywhere are striving to develop greater resilience and adapt to new paradigms in how we live, work, and, play, and SecurID has the unique combination of identity technology that organizations need to meet this urgent moment and thrive in the digital world.”