PlainID, the Authorization Company™, has released the findings of its CISO Zero Trust Insight survey, revealing that the majority of CISOs and CIOs are implementing a zero trust framework to enhance their overall security risk posture. However, only half of the respondents stated that authorization is a component of their zero trust program, potentially leaving their infrastructure vulnerable to threat actors.
In the past, zero trust frameworks primarily focused on addressing the challenges related to authentication, endpoint security, and network access. However, with the increasing number of identity-related breaches and the convergence of identity and access management with traditional security, there is now a demand for new technical capabilities in enterprise authorization and access controls.
Authorization is a complex challenge that requires a solution capable of providing various capabilities such as policy management, governance, control, and policy enforcement across different computing environments. To ensure a secure digital end-user experience, authorization policies must enable real-time risk-based decision making from the time of authentication to the final access point and target data set.
The survey results showed that only 31% of the respondents believed they had sufficient visibility and control over authorization policies to enforce appropriate data access. Furthermore, 45% of the respondents cited a lack of technical resources as a challenge in optimizing enterprise authorization and access control. This suggests that while some organizations have implemented some form of zero trust, they do not possess the necessary tools or expertise to truly have visibility and control over their networks.
Organizations may be tempted to develop their own homegrown authorization solutions as a cost-effective option. However, this approach can create gaps in the overall security posture if not properly developed, deployed, and maintained. According to the survey, 41% of the respondents use homegrown solutions based on the Open Policy Agent (OPA) to authorize identities, while 40% use fully custom homegrown solutions. Without a comprehensive zero trust approach, organizations risk leaving vulnerabilities in their security infrastructure, which cyber adversaries can exploit.
As the demand for risk-based authorization and identity-aware security grows, the limitations of legacy homegrown authorization engines become apparent. The need to keep up with digital initiatives while ensuring high levels of security and user experience is driving organizations to adopt next-generation enterprise authorization solutions.
Implementing an end-to-end zero trust architecture requires a reference architecture that strengthens every possible threat vector. Next-generation authorization solutions can provide identity-aware security at every layer of an enterprise computing infrastructure, while offering central policy visibility, manageability, and governance.
Oren Ohayon Harel, CEO and co-founder of PlainID, emphasized that zero trust should consider all identities as potential threats. While zero trust can instill confidence, it is crucial to complement it with a comprehensive authorization framework. He also highlighted the importance of continuous evaluation and validation across all technology stack interactions to mitigate the impact of data breaches.
The survey, conducted by CensusWide on behalf of PlainID, involved 200 CISOs and CIOs from companies with over 500 employees in the UK and USA in April 2023.
For more information about PlainID and its services, please visit their website: https://www.plainid.com/
About PlainID:
PlainID Inc., known as the Authorization Company™, is the industry leader in Authorization-as-a-Service powered by Policy Based Access Control (PBAC). Their straightforward solution to authorization management enables organizations to create, manage, and enforce authorization policies across their entire enterprise. By securely connecting identities to digital assets through PlainID Authorizers, businesses can meet the digital demands of user journeys, implement zero trust architectures, and ensure data security. The PlainID Authorization Platform facilitates rapid business growth by integrating new and legacy technologies with advanced authorization features.