FB pixel

US federal agencies appear to be moving on zero trust but where are small businesses?

Multi-factor authentication lags behind for many
Categories Access Control  |  Biometrics News  |  Trade Notes
US federal agencies appear to be moving on zero trust but where are small businesses?
 

The U.S. federal government is not always the last to get a memo. That is certainly true when it comes to creating zero trust architectures.

A brief article in GovernmentCIO notes that federal agencies have until fall 2024 to put in place prescribed zero trust components (a cornerstone of which is two-factor authentication).

The deadline was only set in January, so it is impossible right now to say if the bureaucracy is meeting expectations or lagging but it is ahead of small to midsize companies worldwide.

The Cyber Readiness Institute has published a survey indicating that owners of smaller businesses are ill-prepared for the growing risk of digital theft and fraud.

The five-year-old institute, comprised of multinational businesses, government officials and cybersecurity leaders, says 46 percent of small business owners have deployed recommended multi-factor authentication products, much less architectures. Only 13 percent of small to midsize firms require employees to use MFA, according to the institute.

More than half of those surveyed reported being more or less unaware of multi-factor authentication. The same share does not use MFA in their businesses.

Half of respondents (again) who have adopted multi-factor authentication to whatever degree are only “encouraging the use of MFA.”

By definition, these organizations are diminutive, but by economic weight they are enormous: Small businesses in 2019 were responsible for 44 percent of economic activity in the United States, for example.

That is a lot of cybersecurity exposure.

The U.S. federal government, on the other hand, has access to “really strong two-factor” ID authentication tools, according to Dan Chandler, information systems security officer with the Office of Management and Budget, the agency charged with herding the government cats toward their deadline.

Chandler was speaking during an online panel earlier this month sponsored by the Advanced Technology Academic Research Center.

Also on the panel, Brian Hermann, director of cybersecurity and analytics for the Defense Information Systems Agency, said they are deploying secure access service edge to consolidate and understand data about users.

Hermann said his organization has learned that it is not enough to moving from basing security assumptions by location, for example. Systems have to free to consider any data relevant to securely granting access.

That may not be a novel insight for security-cautious multinationals, but it is years ahead of small to midsize businesses, one of the world’s biggest economic drivers.

Article Topics

 |   |   | 

Latest Biometrics News

 

Biden executive order prioritizes privacy-preserving digital ID, mDLs

In one of his last official acts as President, Joe Biden on Thursday issued a robust new executive order (EO)…

 

Problem with police use of facial recognition isn’t with the biometrics

A major investigation by the Washington Post has revealed that police in the U.S. regularly use facial recognition as the…

 

Sri Lanka considers another tender to solve passport crisis

Sri Lanka’s government is likely to open another tender for e-passports after a legal dispute caused a backlog of thousands…

 

Age assurance gets warm early response from U.S. Supreme Court

The U.S. Supreme Court appears to be leaning toward support for Texas’ age assurance law, as it weighs a host…

 

State of passkeys 2025: passkeys move to mainstream

More than 1 billion people have activated at least one passkey according to the FIDO Alliance – an astonishing number…

 

Ofcom publishes highly anticipated age assurance statement

Ofcom has published its Age Assurance and Children’s Access Statement. The much-anticipated statement includes guidance on “highly effective age assurance”…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events