Intelligent CISO Issue 43 | Page 43

EXPERT OPINION
The first step is to understand your IT environments . Start by getting visibility into how your applications , workloads and users communicate with each other and the Internet . This can help you understand how vulnerable different parts of your network are and help you prioritise what to secure first .
You can also shut down communications on particularly risky ports to immediately isolate critical assets from a threat .
It ’ s also important to secure board backing to ensure there will be adequate budget and resources available . Then , security teams should determine what their most critical assets are ( i . e ., customer data , source code , etc .) and implement Zero Trust controls to protect them first .
Finally , expand your Zero Trust implementation throughout other parts of your environment .
Segmentation and scalability are key
It ’ s important to remember that no one technology alone gets an organisation to ‘ achieve ’ Zero Trust . Zero Trust is a philosophy , a strategy and a way of operating . With that said , a critical pillar of any Zero Trust strategy is segmentation .
Our research found the majority of organisations already implement some form of segmentation , with most using legacy methods such as virtual firewalls and network-based approaches .
Others have adopted more modern options such as segmenting by workload identity or environment .
Firms should look to begin moving towards these newer approaches , as they provide a more granular level of control that is important for Zero Trust . They also benefit from better scalability , crucial in today ’ s flexible , fast-moving IT environment . Fine-grained control of network infrastructure is not only important for Zero Trust , but it also prevents threat actors from moving around your environment and blocks other critical threats such as ransomware .
At a time when ransomware is running rampant , we cannot let misconceptions about critical security practices prevent us from making our organisations , data and communities more secure and resilient .
Zero Trust architecture helps an organisation to reduce the risk exposure created by an increasingly dispersed workforce and network infrastructure . With this security assurance behind them , firms can confidently expand and pursue their Digital Transformation agendas without being held back by the impacts of devastating cyberthreats . u www . intelligentciso . com
43