Intelligent CISO Issue 34 | Page 41

Zero Trust assumes there is no implicit trust granted to assets solely based on their physical or network location . to manage , monitor and secure the infrastructure , data and applications . And while the impact of the pandemic is at once sobering and humbling , bad actors have not given up on what they have perhaps perceived as a huge opportunity to take advantage of a strained , tested and constrained InfoSec team and infrastructure .
EXPERT OPINION

Zero Trust in the time of COVID-19

Vijay Babber , Channel Manager at Gigamon Middle East
In a world where the workplace is continuing to shift towards a ‘ work anywhere ’ model , moving towards a
Zero Trust architecture simply makes sense . This is the message from Vijay Babber , Channel Manager at Gigamon Middle East , who tells us how organisations can embrace a Zero Trust strategy with a few key steps .
he COVID-19 pandemic forced

T companies to completely rethink their workplace . Work-from-home ( WFH ), which used to be a model mostly for remote employees or something granted as an exception , has very quickly become the norm across many large organisations , for all employees . And while we hope the pandemic to subside in the months to come , some of these working habits may never revert back to how it used to be .

This sudden and significant shift imposed a substantial burden on IT and InfoSec teams . Legacy approaches to IT have required a different infrastructure and a different security framework for employees accessing applications and services when on the Intranet vs . when on the Internet . One example of this is having a dedicated VPN infrastructure for remote employees .
With the sudden push towards WFH , this approach severely tested the limits of traditional IT and security frameworks , not just in terms of scaling the infrastructure to accommodate the rapid shift towards WFH , but also in terms of the human resources needed

Zero Trust assumes there is no implicit trust granted to assets solely based on their physical or network location . to manage , monitor and secure the infrastructure , data and applications . And while the impact of the pandemic is at once sobering and humbling , bad actors have not given up on what they have perhaps perceived as a huge opportunity to take advantage of a strained , tested and constrained InfoSec team and infrastructure .

As an example , fake COVID-19 maps were being stood up that acted as a dropper for malware . Unsuspecting users who were seeking information on the COVID-19 spread were being enticed to download these maps , resulting in their systems being compromised . The end goal in many cases was credential theft such as stealing usernames and passwords . These same users may then come in on the Intranet , and with the implicit trust of being on the Intranet , gain access to systems that can then be easily compromised . Many other such www . intelligentciso . com
41