Zero Trust & MFA are key to securing private files, say experts

Industry experts identified the adoption of Zero Trust architecture and multi-factor authentication as the primary best practices for securing access to private files. They emphasized that establishing a definitive proof of presence and utilizing modern regulatory frameworks remained essential to safeguarding the digital ecosystem against evolving manipulation and unauthorized access.

UIDAI Champions Zero Trust Architecture

Speaking to ANI on the sidelines of the Cyber Security India Expo, Akshay Yadava, Director at UIDAI, noted that Zero Trust became a central focus for the organization due to the critical nature of verifying credentials. He explained that the process of an entity proving its identity was a fundamental requirement for establishing a formal presence in any digital transaction.

“I think Zero Trust is something that is now close to our hearts. The reason it is close to our hearts is that the factor between an entity establishing who they are and proving those credentials is something that becomes very essential and is one of the most important part for the formal establishment of the presence of that entity,” Yadava stated.

The authority provided a comprehensive trust architecture that allowed businesses to enhance their operations through multiple channels. Yadava highlighted that these frameworks enabled organizations to establish a proof of presence that extended beyond simple OTPs, offering more robust security through integrated processes.

“Now from UIDAI’s point of view we are giving you a complete trust architecture and we are giving you multiple options for you to utilize this architecture to enhance your business. You can come on board as an Aadhaar authentication user agency or you can come on the offline verification seeking entity channel. Why I make these two statements or mentions is for the simple reason that we are giving you an opportunity to utilize our frameworks to establish a proof of presence and this proof of presence is not restricted to OTPs. That means you’ve got an option to use multi-factor authentication and build it into your processes to verify the end users whom you will be onboarding or providing a service to,” Yadava said.

Countering Threats with AI and Data Protection

Addressing the role of Artificial Intelligence, Upendra Upadhyay, Director of Analytics at MyGov, stated that proper AI development served as the only effective countermeasure to the improper use of the technology. He also urged the swift implementation of Digital Personal Data Protection (DPDP) guidelines to secure sensitive information and improve organizational efficiency.

“Implement DPDP guidelines as quickly as possible because when you fully implement these guidelines, you are able to protect, first of all, your most important data. Secondly, the speed and the execution of the systems also become much faster. And why it is most important to implement it now because the threat levels of the applications have increased beyond their permissible limit. Once you implement these DPDP laws, strictly in your organization, the efficiency of the organization increases and also the data gets secured,” Upadhyay said.

Modernizing Authentication and Access

Upadhyay further noted that traditional passwords lacked the capacity to secure data across various modern systems and devices. He advocated transition towards common authenticator-based applications and restricted, role-based access permissions to ensure that users only interacted with relevant data points.

“Increase the usage of authenticator-based applications, which use a common authentication. Secondly, the access-based permissions need to be increased and encouraged at all the levels so that the only access based permissions are allowed to the particular users and all the users does not have the access to all the data points,” Upadhyay concluded.

(Except for the headline, this story has not been edited by Asianet Newsable English staff and is published from a syndicated feed.)