Connect with us

Business

Why dynamic authorisation is the key to unlocking true zero trust security

Source: Finance Derivative

by Gal Helemski, co-founder and CTO, PlainID

In little more than a decade, ‘zero trust’ has gone from an industry buzzword to the cornerstone of every cybersecurity programme worth its salt. The concept is a simple but effective one – trust makes you vulnerable, so nobody/nothing should be automatically trusted – and in today’s fast-paced, highly data-driven business world, it makes a lot of sense. But like so many things in life, the true effectiveness of zero trust lies in its implementation, and it is here where there remains room for improvement.

Trust must be earned, not given

Security programmes based on zero trust are designed to remove some of the key assumptions that make alternative approaches weak by comparison. Perhaps the best and most common example of such an assumption is that if someone logs into a network with certified user credentials, they are indeed who they claim to be (and will therefore operate responsibly at all times). As many organisations find out to their detriment, user credentials are all too easy to steal and/or lose, meaning the longer a set is used unchallenged, the higher the chance that they may become compromised by someone with malicious intent.

Security should match the way we work today

With the rise of remote working over the last few years making modern workplaces more fragmented than ever before, zero trust has become increasingly important. This is because the ‘walled garden’ approach that traditional perimeter security programmes rely on is no longer applicable to most organisations, particularly those with large, highly dispersed workforces.

Instead, zero trust architecture focuses around one key decision – whether to grant, deny or revoke access to a resource, each and every time a user requests it. While there are a variety of ways to implement this, the U.S. National Institute of Standards and Technology (NIST) has set out a useful framework that emphasises zero trust should never be an exclusive agent of the network alone. Instead, for zero trust to be fully implemented, it must apply three levels of access control:

  1. Access to the network
  2. Access to applications
  3. Access to intra-application assets.

Without this kind of approach, true zero trust protection simply can’t be achieved. Why? Because of the dynamic nature of risk. Today’s digital enterprises are driven by intricate environments containing hundreds of applications, numerous different systems, hybrid legacy and “cloudified,” microservices-driven infrastructures. Such environments support hundreds — or even thousands — of continually evolving roles, which require the constant creation of new access scenarios.

Zero trust technology is still maturing

The good news for security professionals is that there’s an ever-growing range of powerful technologies now available that address some of the basic tenets of zero trust, particularly around advanced authentication and network access control.

However, these technologies still do not address each of the three critical levels of zero trust access control. In fact, the current focus of available zero trust offerings is primarily on the network and does not include adequate reference to, nor support for, zero trust at the application level, or within applications themselves.

For instance, the solutions that are most heavily touted as supporting zero trust include gateway integration and segregation, secure access service edge (SASE), and secure SD-WAN. The problem is, these are all focused on network-centric zero trust when what’s really needed is a solution that addresses each of the three access control levels in turn.

Dynamic authorisation holds the key

For many, the solution is dynamic authorisation – an advanced approach that grants fine-grained access to resources, including data assets, application resources, and any other asset based on the specific context of that session, in real-time.

Dynamic authorisation completes zero trust by powering two of the main processes that are vital to its full and complete realisation: runtime authorisation enforcement and high levels of granularity. When a user attempts to access a network, application or assets within an application, this initiates the evaluation and approval process that focuses on a range of key attributes, including:

  • User level attributes – such as current certification level, role and responsibilities, and whether they can access confidential and personally identifiable information (PII)
  • Asset attributes – such as data classification, location assignments and any relevant metadata
  • The location that a user is authenticating from – including whether from an internal or an external system
  • The number of authentication factors being used – i.e. with single, two factor or multifactor authentication
  • Additional external attributes – such as the risk level of the system and more

The policy engine evaluates each of these and all other relevant attributes, before making a real-time decision on whether to grant access. Furthermore, each time access is attempted, a new decision is made. This process is designed to be extremely granular, evaluating all the attributes that are updated to that specific point in time, as well as the real-time context and environment, rather than attributes that were already predefined by the application.

The business landscape is rapidly evolving, which means cybersecurity must as well. Many organisations have already recognised the importance of a zero trust approach for keeping sensitive data safe in increasingly fragmented working environments. However, the way it is implemented is critical to overall effectiveness. By using dynamic authorisation to address each of the three levels of zero trust access control (access to the network, applications and intra-application assets) business leaders can be confident that users accessing sensitive data are not only who they claim to be, but that they also have the right to do so.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Driving Business Transformation Through AI Adoption – A Roadmap for 2024

Author: Edward Funnekotter, Chief Architect and AI Officer at Solace

From the development of new products and services, to the establishment of competitive advantages, Artificial intelligence (AI) can fundamentally reshape business operations across industries. However, each organisation is unique and as such navigating the complexities of AI, while applying the technology in an efficient and effective way, can be a challenge.

To unlock the transformational potential of AI in 2024 and integrate it into business operations in a seamless and productive way, organisations should seek to follow these five essential steps:

  • Prioritise Data Quality and Quantity

Usefulness of AI models is directly correlated to the quantity and quality of the data used to train them, necessitating effective integration solutions and strong data governance practices. Organisations should seek to implement tools that provide a wealth of clean, accessible and high-quality data that can power quality AI.

Equally, AI systems cannot be effective if an organisation has data silos. These impede the ability for AI to digest meaningful data, and then provide the insights that are needed to drive business transformation. Breaking down data silos needs to be a business priority – with investment in effective data management, and an application of effective data integration solutions.

  • Develop your own unique AI platform

The development of AI applications can be a laborious process, impacting the value that businesses are gaining from them in the immediate term. This can be expedited by platform engineering, which modernises enterprise software delivery to facilitate digital transformation, optimising developer experience and accelerating the ability to deliver customer value for product teams. The use of platform engineering offers developers pre-configured tools, pre-built components and automated infrastructure management, freeing them up to tackle their main objective; building innovative AI solutions faster.

While the development of AI applications that can help streamline infrastructure, automate tasks, and provide pre-built components for developers is the end goal, it’s only possible if the ability to design and develop is there in the first place. Gartner’s prediction that Platform Engineering will come of age in 2024 is a particularly promising update.

  • Put business objectives at the heart of AI adoption – can AI deliver?

Any significant business change needs to be managed strategically, and with a clear indication of the aims and benefits they will bring. While a degree of experimentation is always necessary to drive business growth, these shouldn’t be at the expense of operational efficiency.

Before onboarding AI technologies, look internally at the key challenges that your business is facing and question “how can AI help to address this?” You may wish to enhance the customer experience, streamline internal processes or use AI systems to optimise internal decision-making. Be sure the application of AI is going to help, not hinder you on this journey

Also remember that AI remains in its infancy, and cannot be relied upon as a silver bullet for all operational challenges. Aim to build a sufficient base knowledge of AI capabilities today, and ensure these are contextualised within your own business requirements. This ensures that AI investments aren’t made prematurely, providing an unnecessary cost.

  1. Don’t be limited by legacy systems

Owing to the complex mix of legacy and/or siloed systems that organisations employ, they may be restricted in their ability to use real-time and AI-driven operations to drive business value. For example, IDC found that only 12% of organisations connect customer data across departments.

Amidst the ‘AI data rush’ there will be a greater need for event-driven integration, however, only an enterprise architecture pattern will ensure new and legacy systems are able to work in tandem. Without this, organisations will be prevented from offering seamless, real-time digital experiences, linking events across departments, locations, on-premises systems, IoT devices, in a cloud or even multi-cloud environment.

  • Leverage real-time technology

Keeping up with the real-time demands of AI can pose a challenge for legacy data architectures used by many organisations. Event mesh technology – an approach to distributed networks that enable real-time data sharing and processing – is a proven way of reducing these issues. By applying event-driven architecture (EDA), organisations can unlock the potential of real-time AI, with automated actions and informed decision making using relevant insights and automated actions.

By applying AI in this way, businesses can offer stronger, more personalised experiences – including the delivery of specialised offers, real-time recommendations and tailored support based on customer requirements. An example of this is in predictive maintenance, in which AI is able to analyse and anticipate future problems or business-critical failures, ahead of them affecting operations, and dedicate the correct resources to fix the issue, immediately. By implementing EDA as a ‘central nervous system’ for your data, not only is real-time AI possible, but adding new AI agents becomes significantly easier.

Ultimately, AI adoption needs to be strategic, avoiding chasing trends and focusing instead on how and where the technology can deliver true business value. Following the steps above, organisations can ensure they are leveraging the full transformative benefit of AI and driving business efficiency and growth in a data driven era.

AI can be a highly effective tool. However, its success is dependent on how it is being applied by organisations, strategically,  to meet clearly defined and specific business goals.

Continue Reading

Auto

Preparing for the Surge: Meeting the MCS Requirements of Electric Trucks

John Granby, Director of eTruck & Van, EO Charging and Erik Kanerva, Sales Director at Kempower

Auto electrification is moving at a rapid pace, with electric vehicles (EVs) going from a passion project for early technology adopters to the mainstream – especially when you consider the need to electrify consumer and commercial vehicles ahead of the government’s 2035 Zero Emission Vehicle mandate.

Electrification is also starting to play a vital role in public policy and commercial plans, leading to vehicle availability and a variety of improvements and increasing interest among commercial fleets’ prospective customers. As a result, all of the main car and van manufacturers have a respectable EV offering, and the eBus industry is well on its way to proposing a similarly credible offering for citizens.

Heavy-duty vehicle electrification has progressed slowly, but the pace has picked up over the last year, with several of the major truck manufacturers testing completely electric heavy trucks that are now near-ready to enter the general market.

This is a critical shift in the move towards net zero, given that heavy commercial vehicles account for around 25% of CO2 emissions from road transport emissions in the EU and approximately 6% of the region’s overall emissions. It’s a similar situation in the US, where medium and heavy-duty trucks account for around 29% of total road transport emissions or approximately 7% of the country’s total but make up fewer than 5% of all vehicles on the road.

Having clear goals and objectives in place for fleet electrification will be vital to ensuring the transport sector is on track. For example, Scania’s goal is that 50% of all vehicles it sells annually by 2030 will be electric. Despite Scania being the slowest into the market with battery electric vehicles, other vehicle manufacturers are following the same target, with Volvo Trucks setting itself a target for 50% fully electric vehicles by 2030 and the same with Renault, for example.

Meeting this ambitious goal will require the appropriate charging infrastructure in place so customers have the confidence to invest in the large-scale electrification of their fleets. That is one of the reasons why charging system manufacturer Kempower expects the commercial vehicle DC charging market in Europe and North America to have a 37% compound annual growth rate until 2030.

Trucks require substantial battery packs to provide a similar range as traditional engines, and having the right infrastructure in place to keep them regularly charged is certainly a key factor to consider when electrifying truck fleets. According to the European Automobile Manufacturers’ Association (ACEA), trucks will require up to 279,000 charging outlets by 2030, with 84% located in fleet hubs. By 2030, buses will require up to 56,000 charging outlets, with fleet hubs accounting for 92% of the total.

The Charging Interface Initiative (CharIN) is a global organisation that has been working on a standard for the rapid charging of trucks for several years. CharIN developed the Megawatt Charging System (MCS) concept, which serves as the foundation for the ISO and IEC standards which govern the design, installation, and operation of truck fast charging infrastructures.

The MCS is intended to standardise the quick delivery of enormous amounts of charging power to vehicles and provide stronger communication, which minimises downtime caused by unsuccessful charging events.

Customers who drive commercial vehicles follow particular driving habits. By taking advantage of the required break time from the hours-of-service restrictions governing their drivers, customers can travel further each day thanks to the increased charge rate that MCS offers. Better electrification of commercial cars is made possible by legislation that mandates that drivers take rest breaks. As a result, shorter charging durations to accommodate these breaks are beneficial.

The MCS will operate at up to 3,000A and 1,25 KV at its final development stage, delivering up to 3,75 MW of power when charging. With the backing of a significant segment of the industry, MCS is founded on an international consensus on technical standards. An internationally recognised standard is essential to promote harmonised solutions that reduce costs and boost interoperability without sacrificing safety and uptime.

Trucks on the highway are a key focus of the MCS, not only depot pricing. Large truck units operating long-haul routes and some smaller rigid trucks operating cross-border short-haul deliveries—such as logistics organisations operating deliveries between the United Kingdom and continental Europe—pay particular attention to this issue.

Most MCS charging occurs while drivers take breaks from their routes, but some depots may have a single MCS charger on site to do a flash charge if a truck needs to be turned around quickly. In order to balance this unit’s demand against other chargers on site, load management is crucial because it will require a power supply of at least 1 MW+.

Fleet operators should look to consider incorporating MCS into their whole charging ecosystem and solutions, regardless of whether they are thinking about how electrification will affect their fleet of vehicles on the road or how their depots will operate.

Adopting cutting-edge energy management technology solutions will enable effective fleet electrification, particularly at depots. Investing in effective load management technologies will be critical to maximising existing grid infrastructure capacity while decreasing the need for additional investments in generation or distribution capacity.

Investing in and deploying effective energy management technologies is the key to a smoother, more efficient shift for commercial fleet operators. They are critical in lowering energy expenses, both economically and environmentally.

Energy management solutions for charging electric fleets will also help maximise existing grid capacity, reducing the need to invest in new generation or distribution capacity. This will be an essential factor for fleet managers to consider as eTruck fleets expand and other commercial vehicle fleets, such as buses, increase demands on infrastructure.

With unprecedented energy and investment going into electrification, 2024 looks to be a pivotal year for picking up the momentum of progress around MCS in the logistics sector. If done right, it will create a shift of optimism in the market to accelerate the electrification of commercial fleets and promises to positively impact other sectors, such as marine and aviation, contributing significantly to reducing carbon emissions.

Continue Reading

Business

Three ways beauty and personal businesses can gain back lost revenue due to admin, ahead of summer

Attributed to: Samina Hussain-Letch, Executive Director, Square UK

The entrepreneurial beauty and personal care sector in Britain amounts to a whopping 36 billion pounds, but the pressure of manual labour endured by business owners is an obstacle for converting revenue and growth.

Our recent industry study highlights that nearly half (43%) of British barbers, spas, nail salons, personal trainers, tattoo parlours, and piercing studios are not using digital platforms or tools to automate bookings, ultimately losing over a full working day each week to administrative tasks alone. This equates to approximately two months lost per year, to manual admin tasks for beauty and personal care businesses.

We’ve listed three ways beauty and personal care businesses can gain back revenue ahead of summer:

  • Detoxing manual admin

Admin tasks are the equivalent to Pandora’s box for beauty and personal care businesses. The tasks may constitute using paper diaries to schedule appointments, manually rescheduling appointments, or taking bookings and sending reminders by message or phone call.

These seemingly minor chores can be a large time drain for businesses that rely on manual processes. The research found filing down time between client appointments to be one of the most difficult challenges, with 39% of the sector facing this over the last year, alone.

Businesses should identify how they could set timings to the specific duration of each service and still build in cleaning time after the appointment. Digital tools like an appointment booking software play a crucial role. By automating manual admin, owners can offer bookings with a wide booking window, allowing them to spend devoted time on each customer, resulting in the allowance to foster a loyal relationship that will keep them coming back, while giving their workforce time to clean up after the appointment.

  • Tapping into the power of technology

The solution here may sound simple, but business owners should again lean on technology to transform manual labour.

With time back, salons can give their workforce time to speak to customers on what other services they can offer to expand business offerings.

With the integration of tech tools for beauty and personal care businesses, nearly half (48%) of business owners would like staff to treat themselves to finishing work on time, while identifying new training for their team. Adopting a technology solution can unlock efficient management for businesses as appointments can be booked online and reminders can be sent using the software.

With the research showing that 42% of consumers want to book appointments on the weekend or after hours, working with the software promises ease for customers that are looking to make reservations after businesses are closed for the day.  But how can beauty and personal care business owners look to drive up their revenue when switching to an appointment software?

  • Driving up the revenue road

Our research also highlighted that only 1 in 5 of beauty and personal care businesses are automating marketing campaigns or inventory management. This sheds light that not all beauty and personal care businesses are optimising their toolset.

The time gained back from using automated appointment software allows businesses to think more strategically about marketing and pricing. Integration of an automated software readily links up with an online store that allows salons to not only manage inventory more effectively, but offer new products to clients on different channels of their choice.

With new offerings, businesses have extra opportunities and routes to drive up revenue. Selling products online is a sure-fire way of creating new business, as well as keeping their back end organised and offering consumers more options when it comes to buying products that are used within or after their appointment – as take home collateral.

Having an automated booking software for beauty and personal care businesses is a great way to unlock further revenue, train a workforce with time back, spend more time connecting with clientele and ensuring the business is driving bookings even while the salon is closed. It’s a win-win situation that will position businesses for success this year. Because as we all know, a business is only as successful as their customer satisfaction.

Continue Reading

Copyright © 2021 Futures Parity.