Today’s enterprises are being challenged to stay one step ahead of security threats. Data shows that in 2021, the average cost of a data breach reached US$ 4.24 million, up from US$ 3.86 million in 2020, and the highest in 17 years.
The surge in flexible and hybrid working arrangements (Working From Anywhere – WFA) is making an already challenging situation even more complex. Leaders now need to decide how to combine enterprise-level security with current working models. The timing could not be more critical.
Need for strong security for cloud-data storage
In 2021, the average cost of a data breach, where WFA was a factor was a million dollars higher, when compared to non-WFA related breaches and many organisations still need to adopt a stronger security strategy for cloud-data storage.
An important strategy attracting increasing attention is a Zero Trust approach to security
An important strategy attracting increasing attention is a Zero Trust approach to security. While organisations consider how to implement Zero Trust in their IT strategies, a first step could be to consider the role of biometric authentication for logical access control, throughout digital estates.
Zero Trust Security stratgey
First conceptualised over a decade ago, Zero Trust Security (Zero Trust) is a security model that is deployed to mitigate the complexities of today’s agile and technology-driven workplaces.
Essentially, Zero Trust entails constant ID verification, assumes breaches all the time, and puts digital estates on a ‘never trust, always verify’ footing, across all its aspects, including hardware, software, procedures, networks, databases, and humans.
Integration of secure enterprise digital estates
One of the reasons Zero Trust has been attracting attention is because of its role in integrating the highly secure enterprise digital estates with less secure environments. For many organisations looking to level up their security, in order to accommodate flexible working, this is a perfect solution, as it throws up a hard security ‘shell’ around employees, wherever and whenever they are working.
This is a key factor, as to why as many as three-quarters of organisations are looking to adopt Zero Trust. Zero Trust is a broad approach, with several overlapping elements that create robust security, throughout the digital estate. Among its key pillars supporting organisations are identity, endpoint, application, and infrastructure security, one binding technology that can help decision-makers to take the lead is biometric authentication.
A fresh start with Zero Trust: Getting authentication right
80% of breaches and hacks can be attributed to compromised credentials
As organisations develop plans to adopt Zero Trust, authenticating users that interact with digital estates is front of mind. The fresh thinking of Zero Trust brings an opportunity to migrate away from traditional authentication methods, like PINs and passwords. The rationale is obvious. 80% of breaches and hacks can be attributed to compromised credentials, and 60% of people think there are too many passwords to remember.
This is having a direct effect on attitudes towards password and PIN hygiene. 40% of people admit to reusing the same one across their personal and professional accounts, and many continue to still use highly predictable ones.
PINs and passwords not fit for purpose in WFA scenario
PINs and passwords are, therefore, not fit for purpose in a world with WFA, even before Zero Trust is adopted. They can be stolen by ‘shoulder surfers’, hacks and breaches can occur through unsecured domestic networks and devices, such as access cards, laptops, unencrypted data storage devices and tokens can be lost and stolen, putting the digital estate at significant risk.
As organisations prepare to adapt their IT strategies to ‘never trust, always verify’, solutions using well-established biometric authentication modalities, like fingerprints, can be a powerful tool.
Biometrics for logical access control
Using Biometrics for logical access control means strong resistance to spoofs, presentation attacks and seamless reliability at every turn while limiting the potential for attacks, especially scalable ones. The human factor has long been considered the primary weakness of cyber security, and one of the core objectives of Zero Trust is to address this vulnerability. Relying solely on PINs and passwords does little to support this.
Biometric authentication can shoulder this burden, whether on its own or as part of a multi-factor authentication approach and address the human element of a Zero Trust strategy.
Integrating Biometrics into the Zero Trust workflow
Many users are already familiar with Biometrics, using it as their go-to authentication method
Many users are already familiar with Biometrics, using it as their go-to authentication method, when using their smartphones. In PCs, Biometrics is gaining momentum and offering a golden opportunity for manufacturers to replicate the seamless authentication, which is already seen in smartphones.
Standards, such as Windows Hello from Microsoft, are also a key tool in supporting organisations move away from relying solely on passwords for authentication purposes.
Biometric-enabled peripherals
And biometric-enabled peripherals can support Zero Trust proliferation across workplaces. In access cards and USB tokens, biometrics supports secure, unified access control that’s portable across many uses. For example, logging onto shared PCs, accessing VPNs and other restricted spaces throughout the digital estate.
Biometric access cards can also bring the added benefit of combining logical and physical access control (using the same card when accessing the digital estate and unlocking doors, for example) that can’t be compromised, if lost or stolen, and works with existing infrastructures.
Levelling up security and access control with Biometrics
Organisations working to implement security strategies that protect digital estates wherever and whenever employees are working will have Zero Trust high agendas. This transition won’t happen overnight and, in some cases, will require a significant transformation of the existing IT strategy.
Considering biometrics as a core component of Zero Trust from the start of projects will smooth the process further down the line and bring a ‘never trust, always verify’ posture one step closer to success, with reliable, convenient and strong authentication throughout the digital estate. Interested parties can learn more about the benefits that Biometrics brings in Fingerprint Cards AB’s eBook - ‘Access your smart workplace.’