Intelligent CIO APAC Issue 18 - Page 43

FEATURE : ZERO TRUST attempting to access assets they don ’ t usually need , or logging in from new devices or locations , they can be challenged and have to verify themselves . With MFA , behavior can be continuously monitored in the background and additional verification required when a user exceeds their risk score limit .
A journey made one step at a time
Of course , no organization can ever be made 100 percent secure . Zero Trust , like security , is a journey which is best made one step at a time based on clear objectives . It requires a solid understanding of the value of an organization ’ s assets and a risk assessment of potential impacts . And , in a changing environment , this process should be dynamic , not just an annual audit .
Organizations then need to decide what controls will achieve the biggest risk reduction and break their Zero Trust strategy down into steps . Start with smaller use cases to get quick wins , and build on early successes to gain support and acceptance to protect the entire organization . A mature Zero Trust implementation will extend from endpoint systems and cloud environments to the supply chain and whatever the future brings .
At every step of the way , risk reduction must be achieved without increased friction for users . That is particularly important in supporting a hybrid work environment so employees can remain as productive as possible . And while users may thank

IN HYBRID WORKING ENVIRONMENTS ,

EMPLOYEES DON ’ T WANT TO BE CONSTANTLY

INTERRUPTED BY SECURITY CONTROLS .

you for it , Zero Trust strategies will have the opposite effect on threat actors , making it as difficult as possible for them to achieve their objectives and far more likely that they will be identified and their exploits averted . p
www . intelligentcio . com INTELLIGENTCIO APAC 43