• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Resources Blogs

PodChats for FutureCISO: Securing corporate online relationships with zero trust

allantan by allantan
October 20, 2023
PodChats for FutureCISO: Securing corporate online relationships with zero trust

PodChats for FutureCISO: Securing corporate online relationships with zero trust

Share on FacebookShare on Twitter

One of the characteristics of the recent decade is an increasingly connected global community with some events that occur in one region that would impact other parts of the world. In the business community, a recurring theme of the digitalisation era is improving the engagement with the customer.

One of the revelations of the COVID pandemic is just how reliant enterprises are on ecosystems of suppliers and partners to support the new customer engagement paradigm.

Yubico’s regional vice president for Asia Pacific and Japan, Geoff Schomburgk, says with an increasingly connected world comes a higher risk. “And this (risk) is part of the challenge,” he quips.

The new security perimeter

The accelerated transition to the cloud during the early days of the pandemic has revealed just how unprepared enterprises are for the always-connected digital society.

As more organisations prioritise cloud strategies, the lack of foresight, or experience around the ‘how to’ of cyber readiness, has exposed just how organisations, and their customers, are vulnerable to threats that thrive on the internet.

With the rise in cyberattacks against consumers and enterprises, organisations have realised that strong authentication measures are necessary to protect sensitive information. One approach is around the use of multi-factor authentication (MFA).

Schomburgk cautions, however, that not all MFA technologies are created equal. Reflecting on the growing sophistication and persistence of attacks, he suggests moving to a phishing-resistant form of MFA, such as a security key based on the FIDO standard, or passkeys.

For Schomburgk, securing that identity with strong authentication protocols is a very good start.

Of passkeys and FIDO standards

Back in 1961, MIT computer science professor, Fernando Corbato, created the Compatible Time-Sharing System (CTSS), to allow multiple users to access a single computer system simultaneously. This is the beginning of what we now refer to as passwords – digital credentials used to authenticate a user’s identity and his or her right to access information or facilities.

Related:  AI-driven cyber threats: A US$212 billion security investment by 2025

Over the years, human behaviour has put into question just how effective passwords are in securing the very systems and data they were meant to protect. In recent years, organisations like Google, Yubico and the FIDO Alliance, have worked to define more secure models for authenticating user access.

In May 2023, Google unveiled plans to encourage the adoption of passkeys by users of its services. According to Schomburgk, with Apple and Microsoft also indicating support for passkeys, that is about 90% of the world’s online systems work on one of these platforms.

“If you think about the purpose behind passkeys and the FIDO alliance is to make logins highly secure, phishing-resistant and to make it easy to use and available at a global scale,” he opined.

Hurdles to passwordless adoption

Schomburgk is cognizant that universal adoption of passkeys or passwordless technologies will take time. He pointed out that on the supply side, the technology industry is coming together to say, passkeys are a good thing. They are secure, convenient, and are available.

He conceded that the challenge is on the demand side – for consumers to take up passkeys.

“It is about awareness, and do we force that (adoption) top down? How do we encourage adoption? That, I think, is the challenge that we're now facing,” he continued.

Security in 2024

Asked to share his thoughts on what security will look like in 2024, Schomburgk believes that the adoption of passwordless technologies will continue. He acknowledged that it is still early days for the passwordless trend.

Geoff Schomburgk

“As an industry, we want to sort of take those cases and share that knowledge. We want to get people to understand that the change is not so hard, and it does bring with it quite a lot of benefits,” he continued. “From an economic point of view, it does bring a real positive business case so that's going to be a lot of the focus.”

Related:  PodChats for FutureCISO: Predicting the unpredictable

Click on the PodChat player as Schomburgk details how users and enterprises can maintain a trusting relationship digitally and online.

  1. When we think of ‘online relationships’, people tend to think about it in a traditional sense but why should businesses and their employees be wary of their online relationships with suppliers, service providers or even customers?
  2. Speaking of digital identity, are online service providers generally expected to keep our accounts and personal data secure?
  3. In the security space, the term security perimeter. How does Zero Trust negate the shortcomings of traditional authentication methods?
  4. Why are you encouraging a call to action aimed at the providers of online services that they should be doing more to keep their online services safe and secure from predators?
  5. How secure are passkeys based on FIDO2 standards?
  6. What does the broad move towards passkeys spell for businesses and end-users in Asia Pacific?
  7. What are some key hurdles to a passwordless future, and how could they be overcome?
  8. In your opinion, why and how should industries and organizations in Asia Pacific see wider adoption of and access to passkey security?
  9. What are the major tech companies doing to make us change how we protect our online relationships?
  10. For CISOs, any best practices for introducing and even demanding from suppliers the use of passkeys? How can they get buy-in from CIOs, IT and the C-suite?
  11. 2024 is around the corner. What is your expectation of the security landscape?
Tags: AppleFIDO AllianceGoogleMicrosoftPodchatsYubico
allantan

allantan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl