In the 1997 action film Face/Off, an FBI agent and a terrorist assume each other’s physical appearances, and go on to deceive family members and colleagues with their new identities.
Organisations face a similar threat today with remote working in the pandemic. “They can’t see who’s logging in from home, or identifying which users pose the greatest risks”, says Terry Burgess, Asia-Pacific Vice President of SailPoint.
As organisations move to cloud to ensure business continuity during Covid-19, a review of existing security policies is needed. Burgess discusses how Zero Trust will help governments secure the future of cloud and deliver quality services.
Antiquated systems in a changing landscape
When the pandemic hit, organisations turned to cloud to “keep the lights on”, says Burgess. Many on-premise systems shifted online and users started accessing private networks from remote locations and devices.
“Some of the systems that were set up in those companies were never designed for key users to be accessing them from home,” he adds.
Some organisations still use antiquated systems organisations to manage access and identity, says Burgess. “Some are still using spreadsheets.”
This makes it difficult for security teams to have visibility over access. They “don’t have a good grasp on who has access to what, and if that access is appropriate,” says Burgess.
The time for Zero Trust is now
Zero Trust embraces a new model for access and treats all users as possible threats. It shifts away from the perimeter-based model of security to a user-centric one – since cloud has made humans the new security perimeter.
Zero Trust ensures the user is who they say they are. A user’s identity, device, and location is verified every time they attempt to access a private network.
After verifying who the user is, a Zero Trust security framework goes on to verify what the user is doing, or asking to do. It defines and grants access that is appropriate for that user’s role, while removing inappropriate or outdated access.
With more digital projects in the pipeline, governments need to start putting aside some budget for zero trust, says Burgess. The security framework requires multiple systems and solutions, and governments must begin now.
Roles and processes in an organisation are always changing, especially during the pandemic, says Burgess. Manpower has been redeployed to the frontlines and back to cope with changes in demand.
Governments can’t “spend their time doing manual processes” and altering access everytime there is a shift in manpower, he adds. Security teams need to ensure that their identity solutions monitor, recognise and automate these changes.
SailPoint Predictive Identity uses artificial intelligence to learn and adapt according to organisational changes. As workers onboard, change roles or leave, it ensures access is automatically adjusted or removed. The technology also provides recommendations to help security teams determine if access should be granted to users or not.
Online food delivery service Delivery Hero grew to over 25,000 employees, making it difficult to set standards for onboarding and offboarding across different branches. SailPoint’s identity solutions helped the company scale its security capabilities and close security gaps.
Security must be a priority as governments accelerate digitalisation for better citizen services. The transition to Zero Trust will help to strengthen security postures and keep attackers from thwarting governments’ hard work.