Introduction
The IT landscape is drastically changing before our eyes. Accessing data, applications, and services from anywhere and exchanging it with others has never been easier with the transition from the traditional “Castle Approach” architecture to a more accessible model.
The “Castle Approach” meant all data, applications, and services were inside the castle (on-premise) with a security perimeter surrounding it. The idea was that the castle could control what comes in and what leaves, and those inside the castle are trusted while those outside are not. But this wasn’t efficient, competitive, employee-friendly, or even possible in today’s COVID world. Employees and businesses now expect access to their critical applications anywhere, anytime, and from any device (I mean, who doesn’t love checking Salesforce and emails at night). Businesses and employees rely on IT to make this new paradigm both secure and easy to use, resulting in a huge dilemma for IT security professionals.
As with most things in life, all this power and access come at a price. Remote devices, IoT endpoints, and SaaS and IaaS solutions create a large attack vector for hackers with lots of entry points to try to exploit. Once a bad actor finds a weak point and enters with over-privileged access, they hang out and show themselves around. By the time the enterprise locates, isolates, and neutralizes the attack, data has already been compromised.
In true form, a Never Trust and Always Verify methodology was born and is referred to as Zero Trust Network Access (ZTNA). The ZTNA prescribes a need-to-know and need-to-access approach, breaking the IT infrastructure into small chunks and adding verification checkpoints to move around. If there is a breach, it’s much easier to isolate. In the new ZTNA world, by default there are no trusted:
- Devices
- Users
- Workloads
- Systems
This ZTNA strategy combined with multi-factor authentication (MFA) is being adopted by many, including the Biden administration and US government , as the modern remote access methodology. However, this is a critical component you NEED to consider as you move to a ZTNA architecture.
Are you really enforcing the Zero in Zero Trust if you aren’t leveraging biometrics for MFA? In this remote world, common MFA practices trust the identity of a user logging in based upon what they know (username and password) and what they have (registered device). As we know, these alone are not enough with security vulnerabilities such as SIM swapping, phishing, and exploiting weak operating systems. Even with 2FA security precautions, you are not out of the water yet like the Florida gentlemen who lost his retirement, daughter’s college fund, and over $1M in funds in seconds. Even the most tech-savvy, like Jack Dorsey (Twitter CEO), have become victims of cybercrimes even when leveraging 2FA methods. What would it mean to your business if a hacker gained entry into your critical systems?
Zero Trust identifies users based upon who they are. To combat these vulnerabilities, one method stops hackers at the gate, even if they have your information and device. That is biometric authentication, or who you are as your access key: face, palm, finger, voice, and even behavioral biometrics such as body movements and physical tendencies. Biometrics belong solely to you and cannot be stolen or used, stopping bad actors in their tracks. Even if an employee gave away their credentials, someone else could not access their systems, creating the ultimate level of security.
Modern-day IT infrastructure is changing, and IT security needs to transform with it. By combining a Zero Trust Network Access architecture with biometric authentication, enterprises have peace of mind that they can give their employees the resources they need while fending off attackers. If you would like to see ZTNA and biometric MFA in action, request a demo at https://imageware.io/demo-request/