In addition to zero trust, automation is crucial for NIS2 compliance. ”Customers need higher security and demand lower costs. At the same time, you need user-friendliness for the solutions to even be used. Automation is key for all three of these points,” says Per Majak, Sales Director Nordics, Nexus.
Nexus works with identity and security solutions for people and connected devices. A cornerstone of the company's identity management strategy is zero trust. “It is a model primarily for cybersecurity, but the same principle can be applied to physical security: you cannot access anything or any premises until you have verified your identity. Previously, there was a security concept called perimeter security, meaning that you have a high fence around what you want to protect, but once you are inside, you can do anything,” says Per Majak. With zero trust, however, you must always identify yourself to gain access to anything. “We see ourselves as enablers of zero trust in both digital and physical environments.”
Per Majak points out that NIS2 involves developing a security culture with, for example, stricter requirements for security, incident reporting, and risk management. “We believe that zero trust is a fundamental requirement in NIS2, and this is how security is managed today. We believe that it aligns with both our strategy and how our customers need to develop.”
Another important part of NIS2 is securing your supply chain. “We are seeing more and more that our customers are placing demands on us regarding security, code of conduct, and such. Because they operate in an NIS2 environment, they need to ensure that we, as a subcontractor, also meet NIS2 requirements. This will impact many companies, and we believe that the management of the entire supply chain will be affected. Verification of companies, employees, and subcontractors is important. As a company in areas such as critical infrastructure, you need to have full control over your suppliers and who is present in the premises.”
He gives an example of a construction project where a construction company has many subcontractors and a multitude of people, often from different countries, needing access to spaces, facilities, and even IT systems. “How do you manage the constant flow of people in and out of the project? We are now developing solutions to secure identities and digitally onboard and offboard the right person with the right permissions at the right time. Even the verification of ID documents can be done remotely, contributing to automation.”
And it is precisely automation that he emphasizes strongly. “Security can be quite cumbersome to implement. But if you implement it in a way that makes it automated and easy to use – easy for the administrator, easy for the security chief, simple for the user – this way you will both increase security and reduce your relevant costs for it since you decrease manual handling.”
The foundation is the trusted identity – that the correct identity is issued to the right person and that it is secured all the way, meaning handling throughout the entire lifecycle. ”The day you end your employment, the automated process should be triggered by HR to revoke all access at a specific date, and you should no longer have access to anything.”
Nexus works extensively with the defense industry, where the requirements regarding the origin of products and components are high. “We build our services on European clouds, and we have developed Europe-based suppliers for, for example, key fobs, plastic cards, RFID cards, and so on. The instability in the world and the geographical security aspect of being a European supplier and having a European mindset will be important for quite a while, I believe, if one is to assess what is happening in geopolitics right now.”
AI is a potential threat to identity management because it is possible to fake being someone else in very sophisticated ways. Another threat is quantum computers that may be able to crack encryption in the future. Per Majak mentions what is called 'harvest now, decrypt later' and argues that it is a real threat today. “Imagine a hacker stealing encrypted data today, but being unable to crack the encryption; however, it may become possible later when quantum computing technology is in place. So even if you encrypt your data today, you must somehow also consider: how do I ensure that this data is not relevant in five years?”
In other words, it is important to have a post-quantum strategy right now to implement new algorithms and encryption methods to secure the data in the future. This is an opportunity to stay one step ahead, and we have a test system today because we want our clients to have the chance to start testing new algorithms and security strategies, concludes Per Majak.
Published
26/08 2025
This is an auto-translated article from a series on the theme of identity management & access control published by trade magazine Detektor in collaboration with Securityworldmarket.com. Read the original article, published in Swedish, here.
Per is an international business leader with a strong track record in high-tech environments.
He leads Nexus' Nordic sales team, helping present and future customers secure society through trusted identities. By combining deep product knowledge with a strong commitment to service, he ensures that organizations across the region are equipped with the tools and expertise they need to build secure, resilient infrastructures.