Attackers have long targeted users and their devices and access to applications, yet we’re still dealing with those same problems today. We’re failing at the security fundamentals, and breaches are still happening, day after day.
Part of the reason is, security was often approached as a bolted-on feature, added onto our systems as an afterthought - solutions like antivirus and firewalls alone no longer work to protect an increasingly complex attack surface with a disappearing network perimeter.
Applying security after the fact isn’t helpful to protect against the same security problems anymore. That’s partly because we’ve moved from on-premises everything to a mass migration to cloud-based web applications. Our data and apps are living not only on infrastructure we own, but also on servers that we don’t own. We don’t know exactly who is accessing what, and how.
Allowing access to these web applications involves two major components - verifying the identity of users accurately, and ensuring the security health of their devices. Ensuring their devices are secure has become a more challenging task, as employees are increasingly using their own smartphones, tablets and laptops to access work apps and data from remote working locations, from many different networks.
Within the information security industry, we’ve long built security technology for technology - but at the end of the day, our users are human, after all.