Security controls that verify users and devices protect agencies from insider threats
Zero-trust security models are helping large organizations to protect against malicious users, including those who have already infiltrated their networks, a new report says. Government agencies will benefit from stricter security controls if they shift to a zero-trust approach, according to experts from Duo Security. Zero trust assumes from the outset that all users and data traffic are operating in an open and unsecured environment. The focus on security then shifts to giving authorized users access to designated applications and data based on their identity and to devices based on their level of trustworthiness. “Achieving Zero-Trust Security in Federal Agencies” breaks down the methods to build zero-trust practices, including continuous authentication, device assessment, user controls and application access. Continuous authentication is a user-specific approach that doesn’t rely on privacy-protected information. The security environment protects from threats by taking note of typical behaviors and then denying access when it senses off-pattern […]
The post Security controls that verify users and devices protect agencies from insider threats appeared first on Cyberscoop.