Interested in Adopting a Zero Trust Approach to Cybersecurity but Not Sure What to Do? 
Hui Chi Wai, V-Key Global Enablement Engineer

Interested in Adopting a Zero Trust Approach to Cybersecurity but Not Sure What to Do? 

The Zero Trust approach to cybersecurity has now become mandatory for modern networks. Essentially, Zero Trust is a strategic approach that secures an organisation by eliminating implicit trust and continuously validating every stage of any digital interaction. Although it is a part of many recognised standards such as NIST SP 800-2071 (which outlines the basis of the Zero Trust Architecture as envisioned by the US National Institute of Standards and Technology),  many security leaders, often do not know where to begin their Zero Trust journey.

 V-Key has developed a simple Zero Trust Maturity model which can be used as a roadmap to simplify the adoption of Zero Trust. These levels are outlined below:

 Level 1 (Simple Protection): The organisation is just beginning its Zero Trust journey. Only 1FA (or a weak 2FA, e.g. using an easily-intercepted SMS OTP) has been implemented.  However, using V-Key’s App Protection solution to protect critical applications from untrusted devices can help organisations prepare for Multi-Factor Authentication. V-Key’s V-OS Mobile App Protection is a multi-layered, mobile-first solution specifically designed to prevent attackers from gaining insight into an app’s source code and modify or extract valuable information from it.

 Level 2 (Strong User Identity): The organisation has basic Multi-Factor Authentication such as V-Key’s OTP Smart Token (The V-OS Smart Token family is a versatile and highly secure second-factor authentication and authorization solution for mobile devices). This not only mitigates the SMS OTP phishing threat,  but sensitive transactions can also be protected by transaction signing and a challenge response from the V-OS Smart Token.

 Level 3 (Bridge All Trust Gaps): The organization proactively addresses security issues and challenges by using V-Key’s App Identity solution to secure contextual access to APIs. The organization’s server(s) only accepts requests with a valid digital signature available only from V-OS protected applications. V-Key's V-OS App Identity solution creates an app-based software secure element that is bound to every relevant app to ensure an app’s identity and integrity and to establish a trusted communication channel between apps and endpoints.

 Level 4 (Comprehensive Digital Identity): The organization has committed to an adaptive approach to security which cover seamless and secure onboarding (and even the turnover/changing of user devices) by using V-Key’s Universal Digital Identity. A combination of OTP, PKI and Face Token allows this adaptive authentication approach (according to the relevant risk level) to address issues of Identity theft while respecting user privacy,  protecting Personally Identifiable Information (PII), and using secure archiving to prevent data loss. In this Zero Trust level, passwords have been eliminated to provide the most seamless user experience possible.

 Why V-Key?

V-Key is a software-based digital security company whose technology powers security solutions that deliver the highest level of defence and control for digital identity, user authentication, access and authorisation without compromising user experience. It is trusted by government, banking and mega-app clients across the region to connect people, organizations, and devices everywhere by securing the global digital economy.

 At the heart of V-Key’s product suite is V-OS, the world’s first Virtual Secure Element to be FIPS 140-2 Level 3 validated (US NIST), achieve FIDO security targets, and be  Common Criteria EAL3+ certified. It has also been accredited by the Infocomm Media Development Authority of Singapore (IMDA). V-OS creates an isolated virtual environment within mobile applications to safely store cryptographic keys and other important information.

Using V-Key’s product suite can allow organisations to easily advance to higher levels in this simple Zero Trust Maturity Model, while satisfying the requirements of NIST SP 800-207. This method assures that investment is minimised while achieving maximum security benefits.

 Reference:

1.    Rose, Scott; Borchert, Oliver; Mitchell, Stu; Connelly, Sean. NIST SP 800-207 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics