While IT departments have often historically erred on the side of too much access, the new model is quickly shifting toward the notion of heavy restrictions, greatly limiting what the user can see or use without seeking additional permissions, says an article in Infosecurity Magazine. For companies, this can result in large changes to the handling of access, to ensure their cybersecurity systems aren’t unnecessarily exposing them to risk.
With systems being increasingly connected, and with many companies having seen a rapid increase in points of attacks due to offsite work, trends are pushing toward a zero-trust model, pushing the burden of proving identity to the user, rather than depending on automated models for access. Similarly, the importance of least privilege access is growing, ensuring users are limited to only the tools or data necessary to their core duties, and limiting what could be exposed should their accounts be hacked. Critically, the securing of endpoints has also received great attention, as remote devices provide increasingly attractive targets.
As company resources continue to expand into the cloud, or outside traditional borders, the limiting of access without comprehensive authorization will grow in importance.
Source:
https://www.infosecurity-magazine.com/next-gen-infosec/principles-tech-next-cyber/
