Adopting Zero Trust Adopting Zero Trust: Nonfederated Apps
Last episode, we brought to you a wild story of a victim who was SIM-swapped four times, and this week we’re back to basics with some fresh research and a closer look at a critical piece of Zero Trust: Non-federated applications.
Cerby’s Chief Trust Officer, Matt Chiodi, was kind enough to add a bit of color to a research report they released at RSA that helps validate what they’ve been building the past 3 years. Before we get to that, it’s worthwhile to define what nonfederated applications are, as, like many cybersecurity concepts, it’s going through an identity crisis.
Nonfederated applications are essentially the opposite of how organizations should be inventorying, tracking, and providing access to applications (SaaS platforms are a good example). To align with Zero Trust, or really any modern cybersecurity strategy, SSO, SAML, and other solutions designed to scale are necessary so IT and security teams can properly manage access. However, there are always outliers, which the business still needs access to, such as managing admin access to a social media profile.
This brings us back to Matt and the Ponemon Institute, who produced the recent research report: The Hidden Cybersecurity Threat in Organizations: Nonfederated Applications.