CYBERSECURITY
Third-party risk
According to Third-Party Risk and Cybersecurity Program Management provider ProcessUnity , in the third-party risk management context , a zero-trust strategy generally involves ensuring that the organisation has comprehensive controls in place to limit vendor access to the minimum resources required to perform the job .
Zero trust can minimise vulnerabilities created by insufficient security practices of outside vendors , with continuous verification ensuring that compromised vendors are notified immediately , in near real-time .
“ Increasingly , identity-centric Zero Trust frameworks will be the best choice for any security-conscious organisation ,” says Marc Rogers , Senior Director Cybersecurity
Though an organisation may have strong cybersecurity measures in place and a solid remediation plan , outside parties , such as third-party vendors , may not uphold the same standards . According to cybersecurity software company UpGuard , these third-party relationships can increase vulnerabilities by providing an easier way for potential threats to attack even the most sophisticated of security systems .
Strategy at Okta . “ The principle of Zero Trust architecture is simple : all network traffic should be considered untrusted until validated . Using this ‘ don ’ t trust , always verify ’ approach is particularly helpful when managing remote and hybrid workforces , especially as the threat of ransomware continues to grow .
“ We ’ ll increasingly see organisations switch to a Zero Trust approach in the coming years ,
cybermagazine . com 45