SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: Ping Identity exec on why security system updates are critical during COVID-19
Wed, 8th Apr 2020
FYI, this story is more than a year old

As organisations and businesses settle into lockdown and get used to working from home, many are discovering that the peripheral issues that were put on the backburner are now being thrust into the spotlight as the drawbacks of remote working kick in.

One of the primary issues cropping up in businesses across the world is cybersecurity – how to get employees to work productively from home while also safeguarding the company's IT security posture, which becomes vulnerable as soon as workers go remote.

Though it's been around for a while now, cybersecurity experts are advocating for zero-trust and identity-centric security models more than ever now that new threats are emerging in conjunction with this new wave of remote working.

TechDay spoke with Ping Identity country manager for ANZ and Japan, Ashley Diffey, on how zero-trust is favourable over perimeter-based security, and what the changes in work mean for businesses in a post-COVID-19 world.

Why should perimeter-based security models be scrapped in favour of an identity-centric model?

What we're living in at the moment is the culmination of roughly 20 years of evolution mobiles, cloud and applications all impacting how people connect into the corporate environment.

Going back to the early 2000's, data centers were in a physical place and the traditional architecture had a strong perimeter around it to stop anyone coming in.

But now, with the proliferation of many different mobile devices and applications needing to connect to systems, traditional architecture is no longer viable.

For example, I could have all the architecture in the world to lock down my environment, and provide access to people who meet certain requirements.

But if I'm a bad actor and I can impersonate someone with these requirements, then these measures no longer serve their purpose.

This is why we see identity as core to security. Verifying identity, rather than granting access based on certain other requirements is very important.

How important is it for IT professionals to prioritise updating their systems, especially security systems, in the wake of the pandemic?

Large organisations in particular have been hesitant to change or re-platform security and access management systems, because these are inherently critical infrastructures and core systems, so there is a degree of risk.

But the companies we're working with have reduced that risk by using Ping Identity.

We're helping them to build future-proofed platforms that can adapt and establishing really clear controls for employees handling customer data.

We're continuing to see more applications in the hybrid environment space in the legacy on-premise space.

Working with customers on these platforms is a key differentiator for us in the market. 

What do you think the wider implications of remote working will be?

I'd like to see the good that has come from the change continue. For example, giving people greater flexibility around how they interact with their business.

Accelerating technology and systems that we thought could possibly work, now we're actually testing these systems and finding that that they actually work.

People will work more from home and have more flexible hours, and employees will have more freedom to say they prefer working from home.

But they've got to get their identity and access authentication right first, or it's not going to work.

A lot of companies are realizing that if they don't get their digital footprint right in this critical moment, then they won't be here in the long term.

It's really been a catalyst for change. We won't ever go back to exactly what we had before – we'll continue to move on and evolve.