Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • New Venture Aims To Help Propel Growth For Start-Ups
  • Building community, one cause at a time
  • How to build a £1 million pension and ISA portfolio
  • 5 Reasons Why Every Office Should Include Flexible Spaces to Work and Their Key Benefits
  • Pension reforms risk higher prices, fewer jobs and slower growth, FSB warns
  • Building Trust in AI Through a Decision-Centric Approach in Manufacturing
  • In Profile: Michael Stausholm, founder and CEO of SproutWorld
  • A beginner’s guide to growth shares (and why they’re so popular right now)
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Features»How zero trust can help SMEs keep their operations secure.
Ryan Weeks, CISO at Datto
Ryan Weeks, CISO at Datto

How zero trust can help SMEs keep their operations secure.

0
Posted By sme-admin on June 10, 2021 Features, Technology

Despite the regular cadence of ransomware attacks on unsuspecting victims, poor password practices are still very much alive. This is of increasing concern, as many ransomware attacks are the result of poor credential and password management practices, as well as a lack of using multi-factor authentication (MFA). Although many SMEs regard MFA as costly and technically challenging, MFA is now table stakes and a key component to achieving zero trust.

While there are easily accessible open-source alternatives to MFA that don’t require any
investment, there are other affordable and practical alternatives that can help SMEs secure
their business operations,  Ryan Weeks, CISO at Datto explains.

When are passwords necessary and are there affordable alternatives?

When discussing passwords from an identity and access management perspective, there are
three factors that comprise authentication and identity. The first being ‘something you have’,
the second ‘something you know’, and the third ‘something you are’. Since a password is
something you know, the question for SMEs is “what are the areas where ‘something you
know’ is absolutely necessary in securing your business operations?”

From a user perspective, programmes and systems are more accessible through the use of
passwords. Typically, usernames and passwords are required for most SaaS applications, unless
users have a single sign-on platform like Azure AD or Okta for example. When using single sign-
on platforms, passwordless technology can be used if it’s native to the platform, otherwise it
can be easily integrated into the single identity found in the access management layer.
What’s more secure: passwords or passwordless technology?

Like a password, passwordless technology still has to protect the underlying biometric
information. For example, if a malicious user is able to modify or swap biometric information,
they will be able to change the criteria for the user that is able to authenticate. While
passwordless technology is more complex, a breach is still a possibility that SMEs need to take
into consideration.

To create a more secure operation, the combination of hardware-based MFA and biometrics is
recommended. SMEs need to keep in mind that it’s possible to implement passwordless
security either securely or insecurely – remember it’s just technology. However, by adding
biometrics instead of a password and keeping a user’s multifactor authentication workflow,
SMEs will be in a position to gain access to a world where zero trust security models are a
possibility.

Is zero trust the most secure option?

Zero trust encompasses more than just user authentication, it includes the device, as well as
the user. To illustrate, in today’s world when a machine enters a secure network, it may only
authenticate the user, not the device itself. However, zero trust strives to authenticate both.
This type of authentication is similar to certificate-based authentication using a public key
infrastructure. With zero trust, the idea is that there is a continuous revalidation of trust. What
this means is that implementing passwordless access in a zero trust mode is easier for users and
more secure for the operations since the ‘something you have’ and the ‘something you are’
factors are much more difficult to attack.

When implementing zero trust security measures, SMEs need to remember that passwordless
is not synonymous to zero trust. Users can have zero trust with passwords and MFA tokens, an
SMS one time password, time-based one-time password (TOTP), or a hardware token. The
reality is that passwordless accessibility will reduce friction in a zero trust model since the user
only needs to touch the hardware token, touch a fingerprint scanner, or glance at a camera.
This can be challenging for people whose fingerprints can’t be read or their face can’t be
recognised, as they will encounter access difficulties. When difficulties with passwordless
technology occur, password-based workflows will help them gain access. The most important
point for SMEs to remember is that there needs to be a layer of multiple factors, meaning using
two of ‘something you know’, ‘something you have’, and ‘something you are’.

Building a zero trust security model in the SME environment

While zero trust security models aren’t new, the ongoing and increasing security breaches are
highlighting their significance. It’s important for SMEs to continuously seek to revalidate and re-
trust the operational state of assets and individuals, which means that users shouldn’t have an
asset that is implicitly trusted all the time.

There is a lot for SMEs to consider when building a zero trust security model. Building and
implementing it on their own can be a daunting task; this is why managed service providers are
actively working with SMEs to help them adopt a zero trust security methodology and improve
their operational security.

Ryan Weeks, CISO at Datto 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

5 Reasons Why Every Office Should Include Flexible Spaces to Work and Their Key Benefits

Building Trust in AI Through a Decision-Centric Approach in Manufacturing

Brits lose £11.4 billion to scams: these are 5 of the most dangerous

Comments are closed.

Follow SME Today on Linkedin and share all the topics you find interesting
Verify your identity for Companies House

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
Events Calendar
    • Marketing
    July 7, 2025

    Bold Business Marketing Specialist Speaks In Swindon This Week

    July 4, 2025

    How Generative AI is Giving SMEs a Marketing Edge

    • Finance
    July 10, 2025

    How to build a £1 million pension and ISA portfolio

    July 10, 2025

    Pension reforms risk higher prices, fewer jobs and slower growth, FSB warns

    • Health & Safety
    July 1, 2025

    Temperatures Soaring: Is Your Workplace Becoming Unsafe?

    January 29, 2025

    UK takeaways guilty of shocking hygiene failures:

    • Events
    July 4, 2025

    £20k grant for female-founded SME up for grabs

    July 2, 2025

    As Seen on BBC Panorama – Brad Burton to Headline The South West Expo in Swindon

    • Community
    July 11, 2025

    Building community, one cause at a time

    June 23, 2025

    Celebrating One Year In Fairford Supporting The Community

    • Food & Drink
    June 23, 2025

    England Cricket Captain, Ben Stokes OBE, takes a stake in Spencer Matthews’ alcohol-free spirits brand, CleanCo

    June 16, 2025

    Hospitality industry risks collapse

    • Books
    April 24, 2025

    Values-Driven Professionalism: A Path to Client Loyalty

    December 2, 2024

    Banish the banshee boss: how to lead without fear – addressing the issue of fear-based management and how NOT to be this manager

    About

    SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

    Join Our Mailing List

    Receive the latest news and updates from SMEToday.
    Read our Latest Newsletter:


    Sign Up
    X (Twitter) YouTube LinkedIn
    Most Recent Posts
    July 11, 2025

    New Venture Aims To Help Propel Growth For Start-Ups

    July 11, 2025

    Building community, one cause at a time

    July 10, 2025

    How to build a £1 million pension and ISA portfolio

    July 10, 2025

    5 Reasons Why Every Office Should Include Flexible Spaces to Work and Their Key Benefits

    July 10, 2025

    Pension reforms risk higher prices, fewer jobs and slower growth, FSB warns

    Categories
    • Books
    • Community & Charity
    • Education and Training
    • Environment
    • Events
    • Features
    • Finance
    • Food and Drink
    • Health & Safety
    • HR & Recruitment
    • In Profile
    • Legal
    • Marketing
    • News
    • Property & Development
    • Sponsored Content
    • Technology
    • Transport & Tourism
    • Wellbeing & Mental Health

    Copyright © 2020 SME Today.

    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact
    Copyright © 2025 SME Today.
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact

    Type above and press Enter to search. Press Esc to cancel.