For security teams, the COVID-19 pandemic either introduced new challenges or magnified old ones. Because of this, many organizations are assessing new security technologies or speeding up the deployments of others, which have already been in the works. For businesses, the pandemic has made it necessary for security teams to protect widely scattered endpoints and mitigate the increased and evolving threats to their networks. For that, they need tools that enable better access control, threats identification, and more effective management of their security infrastructure.
In their Security Priorities Study conducted in November IDG seeks to show how the pandemic has changed the focus of security and the factors that will drive security priorities and spending in 2021.
Here are the 4 technologies that the organizations surveyed in the IDG study are looking into or implementing, and which you should too:
1. Zero trust
Zero trust means better access control across all devices and locations, especially with the rise of cloud storage. Many organizations have already been either revaluating or piloting zero-trust solutions even before the pandemic hit—if they’re not actually deploying them. The pandemic has directed the attention of even more organizations toward the possibility of implementing zero trust: Twenty-eight percent of respondents claimed to be either piloting zero trust or having it in production, while 40% are aware of it or evaluating their options.
2. Deception technology
Deception technology tricks attackers into believing that they are getting their hands on real data and systems. In truth, they are accessing dummy data and fake networks. Deception technology tools can also alert security teams to threats and help them with threat analysis. This gives your security team valuable time should there be a breach, as well as automate tasks. Thirty-two percent of IDG’s respondents indicated they are doing their homework on deception technology.
3. Cloud and evaluation services
With the shift in priorities, organizations are rethinking their security functions and services. The resulting changes will likely include outsourcing some of them for efficiency and cost reduction. In IDG’s study, 22% of respondents admitted to plans of or current outsourcing of cloud monitoring and cloud data protection, as well as such security evaluation services as penetration testing, risk assessments, and audits.
Meanwhile, access controls (27%) and application monitoring (25%) are also expected to contribute to an increase in security spend.
4. Authentication solutions
With remote work being permanently adopted by some companies for all or some of their employees, the chance that devices that don’t belong to an organization find their way into the corporate network has only increased. This has caused many organizations to look into upgrading their authentication policies and tools.
Companies are implementing multifactor authentication (MFA) and role-based authentication with more urgency. Most cases involve changes or updates to corporates authentication systems, and 32 percent of the IDG’s respondents indicated that they will be investing in for the coming year.
Enterprises need multifactor authentication even more now to ensure data security in the face of both new attacks and persistent older ones that are constantly being fine-tuned by cybercriminals. It offers multiple layers of security in your login processes through multiple means of authentication, as opposed to the more outdated authentication via username and password.
MFA requires multiple means of authentication by employing either three or all these factors:
- Knowledge (something you know): PIN, username and password, security question
- Possession (something you have): token, USB key, magic link, or smart card
- Inherence (something you are): biometrics—e.g., fingerprint, voice, palm veins, complex iris/retina patterns, behavior pattern, etc.
- Location (someplace you are): actual physical location determined through GPS tracking.
To take multi-factor authentication to the next level, consider adopting these two approaches:
Implement it together with Single Sign-on (SSO). MFA throws more obstacles in the path of cybercriminals attempting a breach. SSO allows users to execute a master sign-on to authenticate themselves on starting their work shift, and afterward, the SSO solution logs them in to any of the software systems they need for their work. SSO makes it more convenient for users to meet the additional authentication requirements of MFA.
Implement MFA as a purely passwordless authentication method. Passwords are vulnerable, particularly with users’ persistent poor password management habits. As such, they are ultimately costly. It makes perfect sense, then, to take them out of the picture altogether.
Ready to go passwordless?
It’s time to embrace a more complex authentication—but in a way that keeps out only the cybercriminals while making life easier for users and administrators alike.
Contact TraitWare today to learn more about our enterprise-class plug-and-play solution.