�
PREDICTIVE INTELLIGENCE new devices or locations , they can be challenged and have to verify themselves . With MFA , behaviour can be continuously monitored in the background and additional verification required when a user exceeds their risk score limit .
A journey made one step at a time
Of course , no organisation can ever be made 100 percent secure . Zero Trust , like security , is a journey which is best made one step at a time based on clear objectives . It requires a solid understanding of the value of an organisation ’ s assets and a risk assessment of potential impacts . And , in a changing environment , this process should be dynamic , not just an annual audit . Organisations then need to decide what controls will achieve the biggest risk reduction and break their Zero Trust strategy down into steps . Start with smaller use cases to get quick wins and build on early successes to gain support and acceptance to protect the entire organisation . A mature Zero Trust implementation will extend from endpoint systems and cloud environments to the supply chain and whatever the future brings . At every step of the way , risk reduction must be achieved without increased friction for users . That is particularly important in supporting a hybrid work environment so employees can remain as productive as possible .
And while users may thank you for it , Zero Trust strategies will have the opposite effect on threat actors , making it as difficult as possible for them to
ABOUT THE AUTHOR
Joseph Carson , Chief Security Scientist , ThycoticCentrify
achieve their objectives and far more likely that they will be identified and their exploits averted . u
Joseph Carson is the Chief Security Scientist and Advisory CISO for ThycoticCentrify , a leading provider of cloud identity security solutions formed by the merger of Privileged Access Management ( PAM ) leaders Thycotic and Centrify . Carson has over 25 years ’ experience in enterprise security , is the author of Privileged Account Management for Dummies and Cybersecurity for Dummies and is a cybersecurity professional and ethical hacker . He is a cybersecurity advisor to several governments and the critical infrastructure , financial and transportation industries . www . intelligentciso . com
35