<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2810433&amp;fmt=gif">
CAREERS
INVESTOR LOGIN

Thought. Leadership.

Innovations, investments, strategies and opportunities introduced at the speed of business.

Companies across the globe are playing an instrumental role in addressing COVID-19 by offering their resources, services and expertise to support customers, employees, partners and local communities. Thoma Bravo’s Portfolio Spotlight Series recognizes some of these efforts and initiatives taking place across our portfolio of companies.

Insights

Security Gets Personal - Why Employees are the First Line of Defense

Security has been pushing to the edge for a while with the new normal accelerating the move. Remote and mobile, users are using unknown devices connecting to the network and Software as a Service (SaaS) platforms in the cloud, often through insecure ...

Read More »
Portfolio Spotlight

Today’s Portfolio Company Spotlight features Aternity, a digital experience provider that helps global enterprises optimize digital relationships with key stakeholders as they interact in a remote environment. To support its clients, Aternity is prov...

Read More »

Security has been pushing to the edge for a while with the new normal accelerating the move. Remote and mobile, users are using unknown devices connecting to the network and Software as a Service (SaaS) platforms in the cloud, often through insecure residential Internet connections. Organizations no longer have visibility and control into the infrastructure running their most critical workloads. Never before have we seen so many gaps and blind spots in enterprise security strategies, and these are gaps that malicious actors know how to exploit.

"The existing hub and spoke security model is broken,” says Hatem Naguib, COO of Barracuda, a leading provider of cybersecurity solutions in the cloud. “Organizations need to rethink how they do enterprise security—starting with a strategy that focuses first and foremost on the user."

Zero Trust IS the New Normal

Traditional security approaches worked when users, applications and data were static and located inside the network perimeter. Traffic ran on infrastructure that was controlled by the organization, allowing security teams to monitor for malicious content and apply the appropriate security policies. Once users log on from outside the network perimeter at scale, security teams lose visibility and control.

Users that log on from outside the office can be the first line of defense for organizations. Smart organizations know that and embrace a user-centric security strategy. For other organizations, malicious actors can lay in wait for a user’s device to be compromised and eventually gain access to the network and spread, badly exposing a traditional security model.

Instead, a user-centric security strategy takes a zero trust approach to security—an approach that prevents any user, device or application from connecting to the network unless it can be strongly authenticated first. The way to do this, according to Vijay Takanti, senior vice president of innovation and informatics for Exostar, a provider of cloud-based secure business collaboration solutions for highly-regulated industries, is through a verify and trust model based on two-factor authentication (2FA) to more confidently confirm user identity and access privileges.

Authenticate the device: Organizations need to make sure the device is allowed to connect. It needs to be a known device, it needs to be up to date on the latest software updates and firmware patches and it needs to be secured. This accounts for the first factor, where the user typically provides a username/password combination.

Authenticate the user: Once the device is authenticated and given permission to connect to the network, organizations need to make sure the user who is making the request really is who they say they are. This represents the second factor and is done through a variety of methods; the most well-known is by sending an authentication key to a second device that is associated with the user via a native security app, text message or phone call.

End user security is a critical capability in today’s security toolkit. Knowing exactly who is attempting to access applications and data in the network allows organizations to ensure appropriate user access and promote productivity while keeping the bad guys out.

Users demand the ability to work and collaborate wherever business takes them, and without added complexity. Zero trust and user-centric security design enables organizations and needs to be a central part of every security vendor’s solution.