Why CISOs should consider a CARTA approach

As cybersecurity is evolving rapidly, businesses can find it difficult to keep up with the changes - while hackers seek to exploit these vulnerabilities and outdated security policies. Agility is urgently needed in information security and risk management to keep pace with the digital enterprise. This is exactly what the CARTA model advocates, gaining traction among enterprise IT teams.
IT-laptop-security

What does CARTA (from Gartner) stand for?

CARTA = Continuous Adaptive Risk and Trust Assessment

The CARTA framework is a strategic approach introduced by Gartner that pushes organizations to embrace a continuously adaptive approach to information security. To cut a long story short, Gartner sees CARTA as a way for organizations to manage risks arising from the digital world by deploying an agile security posture that evolves at the speed of digital business.

Zero Trust as a key pillars of CARTA’s approach (Gartner)

One can wonder what’s the difference between CARTA and the Zero Trust model. Both frameworks share several common attributes as they aim to reduce risk and improve access and attack protection.

But CARTA takes the Zero Trust network security model further with among others: adaptive security decisions, contextual access control and continuous monitoring, assessment, discovery and risk prioritization.

Read our article on the Zero Trust model

Why switch to the Gartner CARTA model

Cloud, Mobile technology and Internet of Things (IoT) are all part of the digital transformation with a common impact: they make static approaches to enterprise security completely irrelevant. As such, to assess, prioritize and remediate vulnerabilities and risks, there is no doubt in the fact that a dynamic and continuous approach is needed.

CARTA's roadmap is a useful way to implement a security program that will defend an ever-expanding attack surface, which is often perimeterless.

Transform user authentication with a CARTA approach

Building a strategy based on the CARTA approach involves looking for products and services that can provide a resilient response to advanced threats and improve the user experience.

Gartner has identified 4 main forces that drive the user authentication market: Cloud, mobile, experience, digitalization. And, as illustrated in the figure below, CARTA is a core component of user authentication.

User_Authentication_Gartner_CARTA-MFA
Looking closely at the figure, MFA is far from being disconnected from Gartner's CARTA framework. Quite the opposite in fact as it is involved at several levels of the confluence of forces driving the user authentication.

inWebo MFA aligned with CARTA security model

Zero Trust

Although there is no distinct solution for building a Zero Trust environment, Multifactor authentication (MFA), or strong authentication, is a key component to achieving Zero Trust. But for that, it is important to go for a MFA that is natively 2 factor - most legacy “MFA” tools are really only “+1FA” tools.

inWebo MFA is a real 2 factor solution that, thanks to its patented technology, provides the highest level of security on the market while improving the user experience.

72% of organisations are considering adopting a Zero Trust policy in the future or have already done so

Statista

Cloud security

Cloud security is becoming an increasingly important investment as companies rapidly adopt cloud services, increasing their exposure to phishing and other attacks. Multifactor Authentication (MFA) is an excellent cloud security tool for professional workforces.

Delivered in SaaS mode, inWebo MFA can be implemented not only on all cloud applications, but also on VPN, PAM, SSO and IAM. A single solution is enough to secure all data entry points, whether internal or external.

Smartphonesless MFA / MFA

MFA strategies usually come with a focus on smartphones. But “mobile MFA” can be a constraint for organizations, users and integrators. inWebo’s technology is the only MFA solution that features a browser token, also known as Deviceless MFA.

This means that end users can authenticate and access their apps, network and data only by using any browser, without the need to have a physical key, a smartphone or company-owned computer, or to install specific hardware or software.

Another advantage of Deviceless MFA is that the same browser can be used by different users who will each have their own authentication. This is very useful on shared computers in order to maintain a high level of connection security and distinguish the various users using the accesses.

Passwordless MFA

One of the challenges of MFA solutions is clearly the login experience. IT teams are looking for a way to provide a fluide and simple user authentication experience for greater user acceptance and to prevent users from bypassing security policies.

85% of IT professionals want their organisation to reduce the number of passwords used on a daily basis

LastPast report

Choosing a passwordless MFA solution (passwordless) like inWebo is not only more convenient for users to connect to data, it is also more secure, both in its technical design and because it removes the need for password management, one of the weakest links in access security.

A passwordless connection can be made by means of biometric authentication or by using a PIN code, which is more cyber user-friendly and easy to remember.

See our blog post on "How to migrate to passwordless authentication in 3 lines of code".

Don't settle for just any MFA solution

Get in touch for a demo or to request a free trial of our multifactor authentication solution

Highest level of security on the market

inWebo MFA features the unique and patented technology of dynamic random keys. This ensures the highest level of security on the market. Solution certified by the French National Cybersecurity Agency (ANSSI).

Easy integration and deployment

Accessible in Saas, rich in connectors, API and SDK, a solution that adapts to your technical architecture, without imposing new constraints. Deploy MFA quickly and on a very large scale, without human contact or logistics.

Passwordless and deviceless user experience

inWebo allows you to offer a simplified user experience, extended to all dimensions of authentication, from enrolment to login thanks to its universal, passwordless and deviceless tokens.

Receive all the latest news on strong authentication

Our latest news

Request a demo