Enterprises should adopt ‘always verify and never trust’ approach to ensure safety: PwC

“In the past, securing an organisation was about establishing walls around the data centre.”

July 31, 2020 02:09 pm | Updated 02:11 pm IST - Bengaluru

Employees are increasingly using their own devices.

Employees are increasingly using their own devices.

Security risks have increased for enterprises as any place and every place is being turned into an office with the pandemic forcing people to Work From Home (WFH).

With the continued focus on WFH and digital transformation kind of work being done at homes, companies need to adopt a perimeter-less security approach to gear up for the ‘new normal’, warns PwC.

“Applications, data, users and devices are moving outside the organisation’s perimeter. As a result, attackers on the outside can penetrate an organisation’s network through various means,” said Siddharth Vishwanath, Partner and Cyber Advisory Leader at PwC India.

Moreover, under the ‘bring your own device’ (BYOD) policy, employees are increasingly using their own mobile and other semi-trusted and untrusted devices to access critical information, as per a PwC report, Securing the Future of Business.

“Organisations should move towards the ‘future of business’, they will no longer be able to address the changing threat landscape using conventional approaches,” Mr. Vishwanath added.

The report says, in the past, securing an organisation was about establishing walls around the data centre that housed the core data and applications.

“But with the growing use of emerging technology coupled with mobile platforms, cyber attackers are resorting to attacks such as credentials hacking, targeted phishing and data mining malware in order to obtain credentials and gain access to an organisation’s network,” he added.

PwC report suggests organisations to adopt zero trust architecture (ZTA) to fortify their network architecture. ZTA principles are based on the concept of ‘always verify and never trust’ anyone. This approach requires every user, account or device attempting to gain access to the organisation’s infrastructure to undergo verification prior to obtaining access.

ZTA aims to enforce granular perimeters on data, user and location. This lowers the potential for data breaches, as per the report.

“It is important for organisations to foster a culture that is risk aware. Thus, there is a need for a comprehensive security awareness programme that encompasses virtual training sessions and phishing, vishing, and smishing campaigns for development, continuous adaptation and sensitisation around security practices,” Mr. Vishwanath who authored the report further said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.