Fresh Thoughts #94: What is Secure Access?

tricycle with 2 wheels

There's an old business trope.
Good. Fast. Cheap.

It's why sufficiency and "good enough" are essential to business conversations about IT and cybersecurity.

I recently thought about this trope when implementing a secure access project. Because, at its core, secure access has three competing priorities.

What is Secure Access?

To secure access into modern business infrastructures, one needs to answer two fundamental questions:

  1. Who has access to the data?
  2. From where?

The first question is a solved problem - using directories like Google Workspace, Microsoft Entra ID and multi-factor authentication.

But the "From where?" is a trickier question, especially when using cloud services.

On the surface - the question is about locations. Remote or office-based working?
But there's depth to this question.

It also covers what types of devices can access the data - for example, phones, tablets or laptops.
And - who owns the device. Is it a company-owned and managed device or a personal device?

The combinations of these details increase rapidly. And all combinations need to be considered to provide secure access.

This means the context of the access request is crucial.

Finally - for each device type working in an approved context - you must know that your minimum security standards are met.
Does the device use a firewall, antivirus and so on? Are the security patches up to date?

For business-owned devices, the answer is simple. Use a device management platform to gather the crucial details to help in context-based access decisions.
A similar approach can be used for personal devices.

The Secure Access Trinity

This leads to the Secure Access Trinity. The three competing priorities at the core of secure access.

  1. Identity
  2. Context-based access decisions
  3. Device management

Next - I'll discuss if the business need to address all three is possible.

Or if we are forced into an uncomfortable choice of picking only two.

November 28, 2023
2 Minutes Read

Related Reads

Dice with letters on showing the word GAME.

Fresh Thoughts #78: The Password Game

Cybersecurity isn't great with empathy. Choosing correct over compassionate. Here's how you explain this to cybersecurity pros...

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868