Device trust is the process of analyzing whether a device should be trusted and therefore is authorized to do something. It’s critical that the devices accessing company data are trustworthy. Determining which devices should be trusted is a unique decision made by each organization depending on their risk tolerance and compliance requirements.
Related Category: Cloud Security
Type of Content: Articles
Owner: Beyond Identity
Device trust is the process of analyzing whether a device should be trusted and therefore is authorized to do something.
It’s critical that the devices accessing company data are trustworthy. Determining which devices should be trusted is a unique decision made by each organization depending on their risk tolerance and compliance requirements.
Different levels of trust are required for low-risk and high-risk resources. Furthermore, compliance requirements are dependent on industry regulations and types of company and customer data that the organization collects and needs to protect.
For example, healthcare professionals shouldn’t be able to access sensitive patient medical records from unmanaged, personal machines with unencrypted disks, because that violates HIPAA requirements. However, it doesn’t infringe on HIPAA requirements for healthcare professionals to access their HR benefits from their phone. Each organization has unique standards they need to enforce, but it’s difficult to maintain these standards on some devices.
Device trust is also a key building block for a Zero Trust security architecture. With Zero trust, until an endpoint device has been proven to be trustworthy, it should not be given access to any data or resources. As some have noted, the endpoint has become the “new security perimeter”, making it vitally important to establish device trust. With Zero Trust, don’t trust until you verify. As organizations embark on, or continue their Zero Trust journey, they must consider how to establish trust in endpoint devices.
“Device trust is the process of analyzing whether a device should be trusted and therefore is authorized to do something.”
Today, it’s a nightmare to control which devices can access cloud resources like software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a- service (IaaS). These cloud services are great because they’re turn-on-and-go, scalable, and easily accessible. Yet the bad news is that they’re easily accessible — from any web browser on any device!
Making matters more complicated, COVID-19 sped up the use of cloud services and spawned the move to a permanent hybrid workplace. Now that more and more sensitive, confidential information and important intellectual property resides in cloud services, there’s added complexity. Not to mention the workforce can log in from all types of devices, including personal computers, and shared computers, phones, and tablets.
If SaaS apps can be accessed from any web browser on any device, what’s stopping employees, contractors, or partners from accessing company data using unmanaged, insecure personal machines, or worse? Without proper controls employees can access critical cloud resources from shared machines that are very likely compromised, like a computer in a library or hotel lobby.
It’s the perfect storm and unmanaged devices are a huge blind spot.
Many CISOs know that employees are accessing sensitive company data on insecure personal machines and that they’re powerless to stop it.
Why? It’s easy for system admins to access critical infrastructure or for software engineers to access and commit code to GitHub from a personal machine, undetected and unmonitored. CISOs we’ve spoken to have asked these employees to stop, but they don’t have confidence their employees are complying with this security measure.
Even if companies have taken steps to control which devices can access cloud resources, CISOs are not satisfied, because these security measures can often be bypassed by more technical users (e.g., engineers or attackers). For them, it’s trivial to move a certificate issued by a centralized CA (and stored on the local hard drive) from one device to another device. Then a legitimate user can authenticate from an insecure, personal machine or an attacker can steal the certificate and use it.
“If SaaS apps can be accessed from any web browser on any device, what’s stopping employees, contractors, or partners from accessing company data using unmanaged, insecure personal machines, or worse?”
Security teams spend a lot of energy and resources locking down company- issued machines because the workforce has access to important data. They’re concerned by attackers potentially getting a foothold, installing malware on the endpoint, and gaining access to company data.
The accessibility of the cloud means company data can be moved onto personal machines. This opens up organizations to a lot of risk. Unmanaged personal machines could already be compromised and become an attack vector to company data and resources. Though this is a risk that a lot of CISOs have had to live with, it’s very problematic.
Historically, organizations have turned to managing devices to control access to company data. By managing devices, we mean the process of identifying, purchasing, configuring, and rolling out mobile device management (MDM) software.
In some circles, MDM has been re-named unified endpoint management (UEM) to incorporate all types of devices, including computers and tablets. Endpoint detection and response (EDR) solutions are also an important part of endpoint security, as they’re helpful in detecting threats after attackers get access.
>> Download Article to continue reading.
In today’s modern business world, one of the latest trends that creates a buzz is the Bring Your Own Device (BYOD) policy. As its name implies, it’s a practice that allows employees to perform their company tasks using their own devices. If designed and implemented correctly, BYOD can help your business maintain successful operations while improving employee satisfaction and productivity.
It’s no secret that the internet greatly transformed and changed how humans perform their daily tasks. For example, if you want to connect with the world, you may use social media apps. Additionally, you can check out some eCommerce platforms for a hassle-free online shopping experience.
FortiOS, the Fortinet network operating system, is the heart of the Fortinet Security Fabric. This operating system, or software, is at the core of the Security Fabric and ties all components together to ensure a tight integration across an organization’s entire Fabric deployment.
Ask a group of security analysts about the challenges of working in cybersecurity, and you’ll likely hear some common themes....
In order to stay competitive and reduce costs, smart enterprises are constantly on the hunt for disruptive ways to leverage technology. They’re moving towards hybrid IT environments because they recognize the benefits of faster implementations and high cost savings that come with moving from on-premises to cloud-based applications and infrastructure.
In the decades since “cloud computing” first achieved buzzword status, its benefits have been widely proven. And now that the shift to both dynamic work environments and digitized customer experiences has rapidly accelerated, migrating these applications to the cloud is more important than ever.
Organizations are rapidly adopting digital innovation (DI) initiatives to accelerate their businesses, reduce costs, improve efficiency, and provide better customer experiences. Common initiatives involve moving applications and workflows to the cloud, deploying Internet-of-Things (IoT) devices on the corporate network, and expanding the organization’s footprint to new branch locations.
There’s a lot of truth to the statement that all companies are technology companies. After all, the core focus of a technology company is to deliver software, whether internally to empower the workforce or externally to serve customers. Technology companies also maintain servers to create, collect, store, and access data—which is now the norm for organizations worldwide, whether public or private, commercial or enterprise.
The drawbacks of passwords are well known – simply put, they can be hard to remember, easy to hack and a general nuisance for both end users and security personnel. However, passwords remain a staple of many organizations’ security frameworks, despite the fact that the cybersecurity industry has been calling for the death of passwords for nearly 20 years now.
Retail banking includes traditional players such as brick-and-mortar banks that operate at community, national, or even international levels. It also includes many new players, such as challenger banks that only operate online, financial technology companies (FinTechs), and nonfinancial companies seeking to disrupt the status quo and compete for market share, such as Amazon, Apple, and Facebook. Unlike traditional banks, these new players are often digital natives that bring some strategic “big-tech” advantages to serving customers in an increasingly online world.