November 11, 2022 Digital Identity: The Supply Chain’s Key to Zero Trust

A digital identity strategy can help supply chains achieve zero trust efficiently.

By Mark McArdle, Chief Products & Design Officer, Imprivata

Supply chain digitalization has become essential to many companies’ bottom lines. Organizations must have visibility into and control of the entire supply chain process, from production to procurement to delivery. In recent years, the expansion of remote work accelerated connectivity and led to greater collaboration beyond the four walls of an establishment…but at what cost?

As critical industries embrace digitalization, attackers are finding ways to breach the broadened attack surface. Now, supply chains are being mandated to bolster security in response. The key to doing so without sacrificing productivity requires a security renovation grounded in digital identity.

Digitalization’s Double-Edged Sword

Keeping supply chain operations smooth and efficient depends on a variety of workstations, applications, servers, and vendors. Businesses apart of the supply chain, like manufacturers and transportation and logistics companies, also require hundreds of users – digital identities – from various locations to access their network regularly. However, if there’s a breach at one organization, connectivity can backfire.

The repercussions of a breach can quickly ripple through businesses connected to the supply chain – just as we saw with the SolarWinds attack, causing over 18,000 customers to download compromised software that led to breached public and private information. Following this and other attacks targeting critical infrastructure, the Biden Administration issued an executive order requiring organizations to adopt zero trust. This reality has created the need for vendor risk management.

The Burden of Zero Trust

With so many digital identities moving through an interconnected network, zero trust architecture (ZTA) sets the best security principles for critical industries. The key (and the hardest part) is implementing it without jeopardizing workflow efficiency.

For example, zero trust denies users access into the network or specific applications until their identities (and potentially other attributes) are verified. This ensures that only properly verified identities are provided access to permitted resources.  Without a solution that streamlines the authentication process into on-premises and cloud applications, ZTA becomes a burden to users. Manufacturing plant employees (often decked out in personal protective equipment) don’t want to enter their username and 30-character password every time they use a different application. While they may technically achieve zero trust, you can imagine how this verification process leads to a clunky and frustrating workflow. Using technology securely should not come at the expense of the user’s experience. So, what makes this a better process? It all comes down to securing the number one vector for attacks: compromised digital identities.

Meeting Zero Trust with Digital Identity

A user’s login credentials make up their digital identity – and they are possibly the most lucrative information a bad actor could get their hands on. Take the Colonial Pipeline attack, where one compromised password led to a $4.4 million ransom payment. Understandably, if a user has to verify a dozen times a day by entering their password, they might create a simpler password – or worse – write it on a sticky note near the workstation. To achieve zero trust, critical industries need to secure credentials and borderless networks without disrupting user access. What they really need is digital identity management. For businesses involved in supply chain operations, here are four steps to follow to get started:

1. Utilize identity governance and administration to implement and enforce access policies through role-based controls. Automate your user provisioning and deprovisioning processes to verify each digital identity’s access to specific systems and applications.
2. Make passwords invisible and discourage workarounds with a single sign-on solution that enables no-click access into on-premises and cloud applications.
3. Consider using biometrics, push notifications, and no-click access options for multifactor authentication. The less often a user enters their credentials, the less likely it is they’ll be compromised.
4. Implement privileged access management for all internal admins and external vendors. Provide the least amount of privilege to third parties through granting only the access necessary for them to complete a specific task, at a time and method of your choosing.

As supply chains embrace new advances in technology, businesses must remember that with more connectivity comes more responsibility. Following ZTA is a step in the right direction for protecting critical infrastructure, but without considering end-user access and digital identity, supply chains will not reach their full potential. Digitalization is a necessary evil for supply chains. Ensuring that it’s built for longevity, productivity, and security depends on digital identity.

This article is sponsored by Imprivata.

Mark McArdle is the Chief Products and Design Officer at Imprivata. Mark is responsible for leading all product management and product design activities across the portfolio. He has over two decades of experience in SaaS leading cybersecurity product development organizations.

Mark holds a Bachelor of Science degree from the University of Waterloo and has completed the Ivey Executive Program from the Ivey Business School at Western University. Mark holds six patents in cybersecurity.

Media Contact:
Amy.koczera@imprivata.com
Sr. Media Relations & Communications Specialist
www.imprivata.com

Subscribe to Industry Today