CIO OPINION
What does Zero Trust mean today ?
When putting trust into something , we should always have a rational reason for doing so . However , this has not always been the case in IT . Instead , for years IT teams have used approximations for trustability , often because mechanisms to support trust-measurement were not practical in the past . This could be because an organization owns a system , if a user is an employee or if the network has previously been secure .
By introducing micro-segmentation , which separates data , assets and applications and represents a key pillar to ZTA , organizations can stop one compromised device becoming an entirely disrupted network .
One famous instance is the Las Vegas casino that was hacked through its IoT thermometer in an aquarium in the foyer . From here , the attacker was able to access the casino ’ s entire network . How can businesses protect themselves from this level of threat ?
Yet these are not actual trustability measurements , instead they are gross approximations often based on assumptions . When that trust assumption fails , risk is introduced . And when a threat actor recognizes those assumptions are part of an organization ’ s security strategy , they can use them to evade network controls and cause problems for cybersecurity .
Zero Trust changes this . It measures dynamically whether something is trustworthy by analyzing how it works and assessing whether an organization has a rational basis for trusting it and allowing the connection .
This is not only the case for entire systems , but also for individual devices , security mechanisms and users . Given the prominence of BYOD policies and remote working , it is essential that trust is earned rather than given freely , and all users should be considered threats until proven otherwise . In a world where the workforce has shifted significantly to a ‘ work anywhere , work anytime ’ model , embracing a ZTA simply makes sense .
With IoT expanding , and adversaries clearly using more innovative tactics and techniques to breach a system , Zero Trust has to be part of the security strategy .
Deep observability
The cornerstone of ZTA is visibility . A clear view across all data in motion , from the cloud to the core , means that IT teams can best understand any threat to their network . From here they can authorize safe activity , as well as detect undesirable application behavior and analyze the metadata that will detail the origin and movement of an attack .
Given the prominence of BYOD policies and remote working , it is essential that trust is earned rather than given freely .
www . intelligentcio . com INTELLIGENTCIO APAC 45