Intelligent CISO Issue 49 | Page 44

industry unlocked


Security leaders will be familiar with the term ‘ Zero Trust ’ – an approach crucial as vulnerabilities and attacks are becoming more damaging to organisations . Hila Meller , BT Vice President Security , Americas , EMEA and APAC , discusses some of the guiding principles for Zero Trust in banking and financial services .
hen it comes to

W adopting a Zero Trust approach , many organisations in the financial services sector already have most of the constituent parts required . In fact , we estimate organisations already have between 60 %– 80 % of the security building blocks that banking and financial services organisations need to adopt a

Hila Meller , BT Vice President Security , Americas , EMEA and APAC
Zero Trust approach . But moving from existing approaches to a new security model is a challenge . What needs to come next is a change of stance and a unification process to protect the business as it evolves .
In the following whitepaper , Why you need to turbo-charge your Zero Trust journey , we identify eight guiding principles for Zero Trust in banking and financial services .
# 1 Identify your goal and pull it through your planning
Form your security strategy around the fundamental assumption that you will always be operating a dynamic network in a hostile environment . Centre your thinking around how you can best use automated processes to create security rules that change dynamically in response to context . But remember that automating a broken process is a swift route to failure ; make sure you ’ re training your AI to make correct decisions about risk so it can automate the appropriate response .
# 2 Assess existing capability before investing in more
Don ’ t rush to spend money on ‘ Zero Trust ’ point products because you may be duplicating capability or investing in areas that aren ’ t a priority for your organisation . Instead , optimise the value you already have in your security estate by establishing what latent capabilities you possess . For example , layer one , two and three segmentations along with very narrow access lists could be a fruitful first step on your Zero Trust journey .
# 3 Focus on removing peer-topeer protocols
Segmentation is your key defence in a Zero Trust environment , but you won ’ t be able to segment your network if you ’ re running peer-to-peer protocols . A vital part of any attacker ’ s kill chain is the ability to pivot from one host to another , but if you limit their ability to move easily , then you neutralise entire classes of attack . Think about how 5G architectures cut out peer-to-peer
44 www . intelligentciso . com