Hybrid work models have become a mainstay among Singaporean businesses, even as people return to their pre-pandemic routines. In fact, a report by the Center for Creative Leadership finds that 63% of organisations will continue to embrace this model for the next three to five years. One of the biggest challenges in building a seamless hybrid working experience is securing the organisation's most critical resources, while maintaining seamless access for employees.
Further complicating matters is the increased adoption of cloud-based resources which store files, apps and workflows in third-party servers. Their lack of visibility heightens the risk of data theft and compromise, making the need to review and update cybersecurity strategies greater than ever.
With today being World Password Day, it is crucial that organisations ensure credential management best practices across the board. This includes setting password policies that require a long and complex combination of letters, numbers and symbols as well as preventing them from being stored in a note-taking or a word-processing software.
However, attackers are continuously modifying their strategies while employees are faced with the mental struggle of having to remember multiple passwords. Not to mention that their exposure will only make attackers' jobs of getting into company systems easier. These issues call into question the necessity of passwords in today's security landscape.
In light of this, organisations stand to gain from the shift to alternative, password-less approaches. This is where zero trust comes into play.
Zero trust is the way forward
See also: Keys to achieving human-centred automation testing
Our survey delving into Singapore's zero trust journey found that 88% of IT leaders agree that the approach is important in reinforcing their security posture. That number is even higher for those in the public sector at 97% . Crucially, 89% of respondents say they have already adopted zero-trust solutions in some form or another, including authentication, compliance, and privilege management.
However, these measures alone are not enough to ensure security is robust in a password-less environment. Their functions should be complemented with key technologies that form the backbone of zero trust, such as centralized identity and access governance, single sign-on (SSO), and privilege management, including privilege account management.
These tools enable security teams to verify access requests against certain variables, such as what resource is needed, what device is used, location, and time since the last authentication.
See also: Human element still important for effective mass communication
By continuously ensuring the legitimacy of user and device identities, organizations can reduce the likelihood of attackers breaching in and moving laterally across the network.
Best practices in enabling zero trust
Organisations looking to maintain productivity and security need to start preparing for a future where user authentication transcends passwords.
This is because the risk of exposure and abuse by attackers can bypass even the strongest security tools the organisation has in their arsenal. Achieving this requires both C-level leaders and security experts to have a rich understanding of the solutions required for safeguarding critical files and operations, through zero trust.
Authentication tools are a crucial first step to ensure that only trusted users can access sensitive business resources. Before implementing them, IT teams need to take inventory of their assets and processes to identify those that are critical for their operations. From there, they can focus deployment in those areas and then gradually extend to other parts of the network.
Linking zero-trust solutions with a technology refresh lifecycle offers a cost-saving approach to ensuring consistent protection. Rather than waiting for hardware to break down, organisations can set regular schedules to install new services and components as well as retire old ones. Simply put, this method minimises attack risks and operational downtime, offering businesses a resilience boost that enables them to continue collaborating with their partners and serving their customers.
Ultimately, organisations need to understand that implementing zero trust is less of a destination and more of a never-ending journey. This is because attackers are constantly finding new ways to attack the network. Many organizations find it beneficial to start at a particular part of their IT infrastructure before gradually widening it over time.
Essentially, embracing zero trust and becoming truly passwordless significantly boosts risk mitigation, ensuring asset security. On the other hand, failing to prioritise the pivot to a password-less world will only hamper the organisation's future readiness and cyber-resilience.
Scott Hesford is the director for solutions engineering at Apac for BeyondTrust