Kimberly Johnson, VP of Product Marketing, BIO-key International
While I thought the conversation started 10 years ago, as early as 2004 we’ve been talking about the de-perimeterization of our cybersecurity thinking.
In organizations today there is no pre-determined security perimeter and organizations can be called “irresponsible” for automatically trusting anything. Changes to organizations, such as the rise of mobility, adoption of cloud services, and outsourcing to third-parties continues to stretch cybersecurity beyond any well-known perimeters. The impacts of the 2020 pandemic, such as the shift to a remote workforce, have also helped to accelerate those changes.
In 2020 72% of organizations reported they are planning to implement Zero Trust to lower their cyber risk. However, implementing Zero Trust is not something that happens overnight, and is often a long journey for organizations that many haven’t even started yet. So where do you begin when implementing a Zero Trust architecture? What is a foundational element that every organization must have to achieve Zero Trust?
The answer is multi-factor authentication (MFA).
Multi-factor Authentication is the First Control to Implement
Using a single authentication and automatically trusting credentials to gain access to resources are things of the past. Back in 2020, Microsoft’s Cybersecurity Solutions Group corporate vice president Ann Johnson explicitly provided this guidance, “The entire principle of zero trust is that you trust nothing. That’s the first thing that we tell organizations: they must use multi-factor authentication for 100% of employees 100% of the time. That is the first control to put in place as part of that Zero Trust architecture".
Intelligent, continuous multi-factor authentication is central to Zero Trust. Being able to authenticate and authorize the digital identity of a user or device is critical to verifying them before trusting them to access resources. With Zero Trust, however, your traditional MFA tactics may not support the continuous authentication that Zero Trust requires, or the successful implementation of MFA across 100% of your employees. More traditional and one-size-fits-all MFA tactics can be difficult to get your users to adopt.
5 Multi-factor Authentication “Must Haves”
Here’s a list of requirements to make sure you include when creating your MFA strategy and selecting a solution for Zero Trust:
Any Organization can Implement MFA
- Include a wide range of flexible authentication options to meet your security policies and give some control to users as to what methods they use to login
- Offer passwordless authentication & biometrics to avoid the risks of relying on passwords and providing a more convenient way for users to authenticate
- Add environmental and behavioral aspects to access requests to determine the appropriate controls and authentication for the situation.
- Make sure you can segment your policies to ensure fine-grained access controls for each individual and/or group
- Look for a single, unified platform to avoid any gaps in your security
Zero Trust architectures are often planned but quickly become a challenge to implement when organizations don't know where to start. On the journey to implementing a Zero Trust architecture the first step and foundational element is multi-factor authentication.