Recent mass cyberattacks that exploited vulnerabilities in software such as MOVEit, Log4j and SolarWinds Orion have served as prime examples of why companies must extend their zero-trust policies to third-party users, devices and infrastructure.
But more work needs to be done, especially around identity and access management, for organizations to reach the level of zero-trust maturity they need to securely collaborate with third parties, said Greg Rasner, author and speaker at InfoSec World 2023 in Orlando, Florida.