The Zero Trust Security Gap No One Talks About and How to Fill It

Written by

There was once a world where people worked in the office, on the office network, from a company managed device, and only used the work apps provided by the company.

That is a world that no longer exists.

Today, many employees can work from anywhere, use personal devices to get some of their work done, and use personally preferred SaaS apps that help them get their work done – company approved or not. Recent research has shown that more than half of employees admit to working on a personal device, and 20% admit to having worked on public computers, or from a friend’s or family member's device.

This new way of working is exposing businesses to unseen risks. Afterall, if an employee is using shadow IT (apps unmanaged by the company), there’s no way for the IT and security teams to even know what information may have been exposed. The same risk applies to unmanaged devices. When access occurs from an unmanaged device, there’s no way of knowing if the device has been compromised or if its health meets security requirements.

Zero Trust is an approach to cybersecurity that attempts to address this shift. After all, the premise behind Zero Trust is “trust nothing, and verify everything”. The challenge facing security teams is if you don’t have visibility to or the ability to secure unmanaged applications or devices, you’re fundamentally failing on that premise. And while having security policies that state unmanaged applications and devices shouldn’t be used is great, 59% of security professionals say they have no way to monitor or enforce them.

Why is this so hard? Because traditional identity and access management (IAM) solutions were designed for that world of work that no longer exists.

Traditional IAM solutions are incapable of securing unmanaged apps and devices because knowing who and what you have to secure is a prerequisite. That’s also why more than two thirds of security pros' say single sign-on (SSO) tools alone are not a complete solution for securing employee’s identity.

IT and security teams are tasked with securing identity, devices, apps, network infrastructure, and critical business secrets. But pulling together a variety of existing legacy solutions creates a patchwork quilt of security rife with gaps – leaving businesses exposed to risk. In the past year, one in three security teams have switched security tools or vendors to ones that provide more complete end-to-end solutions. Unfortunately, there hasn't been a complete solution – yet.

Introducing Extended Access Management (XAM)

Moving beyond traditional security solutions, Extended Access Management (XAM) solves the gaps left by existing IAM solutions. XAM accepts that shadow IT and bring your own device (BYOD) are now the norm of hybrid and remote work, and makes it possible to secure every sign-in for every app from every device – even those unmanaged by IT or security.

It’s clear that employees will use whatever tools they have access to – approved or not – if it means they can do better work for their company. Extending access management makes it possible for security and IT teams to empower employees to use those tools while still maintaining the visibility and control required to keep the organization secure.

Newer security tools, such as 1Password Extended Access Management, embrace the fact this is the new reality and make it possible for organizations to embrace shadow IT and BYOD while still being secure.

The world has evolved beyond corporate provided devices and applications. Businesses need to adjust their security approach and move away from legacy solutions if they want to keep their organizations safe from unseen and unmanaged threats.

Extended Access Management is the future for today’s world of work.

Learn more about XAM and 1Password Extended Access Management.

Brought to you by

What’s hot on Infosecurity Magazine?