Cybersecurity is in the news daily, and very much on the minds of anybody with valuable data to protect. Attacks such as those experienced by SolarWinds, JBS USA, and Colonial Pipeline, as well as raised levels of threat spinning out of the Ukraine conflict, have heightened tensions and proved two things. One is that absolutely any organisation is vulnerable. Secondly, there’s the uncomfortable truth that traditional perimeter-based safeguards are no longer enough to protect critical systems and data.
If you rely on a wide area network then you have to face the possibility, perhaps even likelihood, that bad actors have already got past your defences, such as they are. The job now is to limit damage.
Who can fix this? What measures can stem the tide? Governments are doing their bit, in the form of the US’s Cyber Incident Reporting for Critical Infrastructure Act, and the European Union’s Rules for Common Cybersecurity and Information Security Measures. These new rules are a clear indication that the old philosophy of ‘trust and verify’ is no longer applicable. In an era where threat is ubiquitous, perhaps even resident on our networks, then the only sensible approach is one of trusting nothing and nobody until 100% authenticated. Even then, watch out.
A Zero Trust approach, meaning that access to applications and data is denied as a default, is the only realistic way forward. This is about granting access to networks and workloads via strict adherence to policy and continuous, contextual, risk-based verification that takes in all users and all of their devices.
So what does Zero Trust achieve that other security models do not? For starters it offers the best chance of keeping malware from entering your network, and it offers remote workers a high grade of protection without affecting their productivity. It simplifies the management of security operations, and it provides a degree of automation of security. It also extends visibility allowing potential issues to be spotted before harm is caused.
It moves on from conventional notions of what a network perimeter is, making it based less on location and more on identity and access. This approach works well in an age of cloud computing, remote work and digital transformation. Plus it can help the security professional to reduce complexity, lower costs, decrease the number of security tools they need, and at least partially solve the shortage of experienced cyber talent.
To hear about these topics in more detail the link below will take you to a recent lively discussion featuring a panel of expert voices:
The discussion features the following people, each a acknowledged leader in their field:
MAURICIO SANCHEZ, Research Director, Network Security & Data Center Appliance, SASE Market Research Dell’Oro Group. Mauricio is one of the leading analyst authorities on cybersecurity issues, with considerable knowledge of the various ways in which contemporary network security solutions are being adopted and deployed.
RYAN HAMMER, Chief Information Security Officer, Ciena. Ryan is well known through the security sector as a leader in the field of software and technical consulting, as well as development and design.
JOHN KINDERVAG, SVP, Cybersecurity Strategy, ON2IT. Before entering industry, John spent many years at Forrester Research and is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust strategy.
- RONALD LAYTON, Vice President, Converged Security Operations, Sallie Mae Bank. Before joining the banking world, Ron served as Deputy Assistant Director of the United States Secret Service and was the first presidentially appointed White House Technology Liaison to the Obama Administration.
BEN DE BONT, Chief Information Security Officer, ServiceNow. Ben has been CISO with many leading organisations, and currently co-leads the Technology & Innovation Council for Business Executives for National Security, and is a founding member of the Cybercrime Support Network (CSN).
SRINIVASAN CR, Executive Vice President – Cloud and Security, Tata Communications. Srini is the Chief Digital Officer for Tata Communications, responsible for the overall digital and security strategy and execution for the company. A technologist and a business leader, Srini is also the global business head for cloud and security businesses at Tata Communications, enabling digital transformation initiatives for customers.
By Guy Matthews, Editor-in-chief of the Business Innovation Leaders Forum