Recent mass cyberattacks that exploited vulnerabilities in software such as MOVEit, Log4j and SolarWinds Orion have served as prime examples of why companies must extend their zero-trust policies to third-party users, devices and infrastructure. But more work needs to be done, especially around identity and access management, for organizations to reach the level of zero-trust maturity they need to securely collaborate with third parties, said Greg Rasner, author and speaker at InfoSec World 2023 in Orlando, Florida.  “The identity and access piece is the one that has the largest barrier; it’s the one that folks are struggling with,” said Rasner in an interview with SC Media prior to his conference presentation on this very topic. Rasner penned the instructional books “Cybersecurity & Third-Party Risk” and “Zero Trust and Third-Party Risk,” and he also serves as SVP, cybersecurity third party risk at bank holding company Truist Financial — though he was not presenting in the latter capacity.  IAM “is a core component of any zero-trust deployment, because if you don’t know who’s on your network or what’s on your network, then you’re over-trusting,” Rasner continued.

Source: SC Magazine