Businesses Are Increasingly Adopting Zero-Trust Principles for Authentication in a Mobile World
Contrary to common assertion, the perimeter still exists. What has changed is the number of accesses through it required by outsiders (mobile workforce, contractors, third-party vendors), often using untrusted devices. The advantage is an always on, always connected workforce.
The disadvantage is that it is harder to know who is connecting from outside, whether their devices are healthy, what data is accessible from the internet and who and what can access that data. While the perimeter still exists, traditional perimeter defenses cannot adequately cope with this type and volume of access. The perimeter is porous.
For its 2019 Trusted Access Report (PDF), Duo Security analyzed data from nearly 24 million devices, more than 1 million applications and services and more than half a billion authentications per month from across its customer-base, spanning North America and Western Europe.
What it discovered is a marked shift towards zero trust authentication principles being used by organizations to solve the new always-on remote access problems. (It is important to note that the figures in this report refer only to existing Duo customers with access to existing Duo services.)
The zero-trust concept began in 2004 when the Jericho Forum was established to tackle the problem of 'de-perimeterization'. John Kindervag (Forrester) is credited with coining the phrase in 2010 when he described a security model that does not assume internal traffic is any more trustworthy than that originating from outside the perimeter. Google brought the concept to public notice with its https://w ..
Support the originator by clicking the read the rest link below.
