PlainID, the Authorization Company™, announced the findings of its CISO Zero Trust Insight survey. The study, which questioned 200 CISOs and CIOs, revealed that the majority of respondents are on the road to implementing a zero trust framework in an effort to increase their overall security risk posture. However, only 50% said that authorization makes up their zero trust program - potentially exposing their infrastructure to threat actors.
Robust Security Cannot begin without First Implementing Authentication
Historically, a zero trust framework was focused on solving the challenges associated with authentication, end point and network access security. However, identity related breaches have increased exponentially, and the convergence of identity and access management with traditional security has accelerated the need for new technical capabilities for enterprise authorization and access controls.
Authorization is a broad and complex challenge requiring a solution that can provide a multitude of capabilities such as policy management, governance, control and policy enforcement across a disparate computing environment. Ultimately, to provide the most secure digital end user experience, authorization policies must allow for risk based decision making in real time. This extends the zero trust philosophy from time of authentication through to the final access point and target data set.
Following survey outreach, the results reflected how only 31% of respondents said they have sufficient visibility and control over authorization policies intended to enforce appropriate data access. Additionally, 45% of respondents indicated a lack of sufficient technical resources as a challenge in optimizing enterprise authorization and access control. Essentially, organizations may have implemented a form of zero trust but they do not have the complete tool set or the on staff expertise and knowledge to have true visibility and control of their network.
Building Without the Right Expertise Can Create Gaps in Your Security - Buy vs Build
Organizations are finding themselves building their own homegrown solutions which can appear cost effective. However, this leaves gaps within the overall security posture if not developed, deployed, and maintained properly – resulting in higher operational costs and enterprise risk over time.
In response to the survey, 41% of respondents said they use homegrown solutions (OPA-based) to authorize identities. Moreover, 40% of respondents also said they use a homegrown solution (fully custom) to authorize identities. Without true zero trust, organizations run the risk of leaving gaps in their security infrastructure. Security has to remain a fluid and ever evolving technology as cyber adversaries will repeatedly re-strategize and evolve to breach organizations and when there is a will, there is a way. Next generation authorization can be the differentiator between a headache for security teams and a full blown breach. It is never a discussion of if but when hence why having homegrown solutions that are not built with the evolved threat landscape in mind and without the technical staff capable of maintaining, there may be a false layer of confidence that could lead to a betrayal of trust from partners and customers when their data is stolen.
As the demand for risk based authorization and identity aware security rises, the deficiencies of legacy home grown authorization engines are exposed. The demands from business stakeholders to keep pace with digital initiatives, while ensuring the highest levels of security and user experience, is driving change to adopt next generation enterprise authorization solutions.
Security Threats are a Guarantee and They Are Constantly Evolving
Implementing an end to end zero trust architecture is a strategy that requires building a reference architecture that seeks to harden every threat vector possible. The next frontier is addressing the portion of the user journey post authentication, and beyond the borders of network access security. Next generation authorization is poised to provide identity aware security at every layer of an enterprise computing infrastructure, while also providing central policy visibility, manageability, and policy governance.
“Zero trust must treat all identities as potential threats. While zero trust boosts higher levels of confidence, it's imperative to pair it with a comprehensive authorization framework,” said Oren Ohayon Harel, CEO and co-founder of PlainID. “Enterprises today need continuous evaluation and validation across all tech stack interaction to mitigate data breach impacts”.
This survey was carried out by CensusWide, on behalf of PlainID, and questioned 200 CISOs and CIOs in April 2023 from companies with more than 500 employees across the UK and USA.
To learn more about PlainID, please visit https://www.plainid.com/.
PlainID Inc. The Authorization Company™, is the recognized leader in Authorization-as-a-Service powered by Policy Based Access Control (PBAC). PlainID’s simple, straightforward solution to authorization management enables organizations to create, manage and enforce authorization policies across an enterprise. By securely connecting identities to digital assets via PlainID Authorizers, firms can meet the digital demands of user journeys, enable zero trust architectures and provide data security. The PlainID Authorization Platform enables rapid business growth by connecting new and legacy technologies with the latest and most advanced authorization features.