Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

An Analyst’s Take: The Essential 8 & Using Zero Trust to Avoid Compliance-as-a-Strategy

February 21, 2022

  • Blog
  • Archive

It’s old news now – the pandemic spurred a “quantum leap” in digital transformation. Yet, the fact remains, security has yet to catch up.

Work-from-home (WFH), and even work-from-anywhere (WFA) is now commonplace, and cloud /multicloud footprints continue to rapidly expand. Within this “new normal”, there are plenty of operational tasks we are now performing from home, or on the go, that require privileged access. This runs the gamut, from administrating servers, databases, applications, and SaaS solutions, to even managing the organisation’s social media accounts.

As a consequence, we are allowing unsecure home and public Wi-Fi networks to be an extension of our information technology ‘perimeters’ to perform tasks in our business environments. And threat actors are gleefully taking advantage of the opportunities presented, as witnessed by the surge of ransomware and other attacks over the last couple years.

This environment is compelling organizations to embrace a zero trust model and Australia’s Essential Eight risk mitigation strategies to better manage cyber risk. Privileged access management (PAM) is foundational to both of these initiatives. A Forrester Report, Embrace Zero Trust For Australia's Essential Eight lays out how organizations can align and optimize roll-out of these initiatives for maximum risk reduction.

Read on for key insights from the report.

What is the Essential Eight?

Maintained by the Australian Cyber Security Centre (ACSC), the Essential Eight came into being in 2017, with updates to the strategies being released just last year. The Australian government has made it mandatory for federal government departments and agencies to meet the requirements of the Essential Eight. However, while these cybersecurity best practices honed by the ACSC were primarily created for Australian organizations, the principles have universal appeal, and thus, have seen strong interest and adoption across the globe.

While the Essential Eight distills highly effective cybersecurity controls, as Forrester notes in the report, “The Essential Eight requirements set the minimum standard, not the high bar. They address some, but not all, elements of a ZT [zero trust] framework, such as the capabilities relating to user authentication and workload validation. Achieving compliance is a necessary step in the right direction, but it's not the end state.”

Going Beyond the Essential Eight with Zero Trust

The relative security of the corporate network, with its firewalls and known users sitting inside it, has, for much of the business community, disappeared since the start of COVID. In its place are hastily arranged solutions that were created as stopgap measures for a pandemic that was set to only last a few months, not a few years. There are countless stories of organisations that have been impacted by attacks perpetrated by sophisticated criminal syndicates and nation states.

The reasons for aligning to the Essential Eight are simple enough: it represents a solid foundation in cyber security best practices that cover the prevention of malware delivery and execution, limiting the extent of cyber security incidents, recovering data, and assisting with system availability.

While zero trust predates the Essential Eight, its prominence has increased significantly, given the changes to the way we’ve been working over the past two years. According to a 2021 survey by the non-profit Identity-Defined Security Alliance (IDSA), 93% of security and identity professionals now say zero trust is strategic to securing their organization.

Increasingly, resources that require authentication, privileges, and access may reside outside of corporate governance. Zero trust improves security by defaulting to a “never trust, always verify” mindset, which requires continuous authentication, grants time-limited access based on context, enforces least privilege, and layers on continuous monitoring and session management.

Those organisations who are well down the path of zero trust and also looking to align themselves to the Essential Eight will find this alignment made easier because zero trust often exceeds the requirements of the Essential Eight. As new compliance regimes are introduced, zero trust places the organisation on a strong footing to meet any additional requirements.

As noted by Forrester in their report, achieving compliance is not the end state but a step in the journey. By making zero trust the strategy, Forrester emphasizes, organisations can meet compliance requirements as they go.

Privileged Access Management and Zero Trust

Privileged access management is a fundamental, and essential, piece of enabling a zero trust architecture (ZTA) and in meeting the Essential Eight.

PAM solutions enable the elimination of persistent trust, enforce continuous authentication, apply least privilege, enable adaptive access control, implement segmentation / microsegmentation to isolate resources, and monitor every privileged session—whether human, machine, vendor, employee, on-premise, or remote.

For more insights on using zero trust to align with and go beyond the Essential Eight, access the Forrester report here.

Learn more about BeyondTrust and how our solutions support your projects on:

  • The Essential Eight
  • Zero Trust


Photograph of Scott Hesford

Scott Hesford, Director of Solutions Engineering, APJ

Scott Hesford has over a decade of experience in IT security. Before joining BeyondTrust in 2019, he worked as Principal Consultant for CA Technologies and other large enterprises in Australia and New Zealand. A trusted cyber security advisor to enterprise customers, his experience spans across several industries such as banking, insurance, energy and utilities, in addition to state and federal governments. At BeyondTrust, Mr Hesford is an essential contributor in the regional security engineering department, helping enterprises and government agencies improve their security posture against internal and external threats.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From February 18, 2022:
Monitor, Log, & Audit Remote Support Activity with BeyondTrust
From February 22, 2022:
Remote Support 22.1 Introduces Greater Protection of Privileged Credentials Through Enhanced Vault

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.