Intelligent CISO Issue 57 - Page 68

We have over 150 global data centres processing over 250 billion secured transactions per day ( about 20x the amount of Google searches per day ). when it comes to adopting a Zero Trust approach and defining which cloud strategy to use .
decrypting myths apps that will effectively adapt to the complexity of the modern environment , embrace hybrid workplace and protect their people , devices , apps and data wherever they ’ re located .
What do you think is the biggest risk an organisation will face with reluctance in utilising the Zero Trust approach and expanding their cloud adoption solutions ?
The most common use case is user experience being traded off to maintain security in a hub and spoke network . This means users will often bypass any security inspection and connect straight to the Internet when they ’ re off the corporate network , heavily increasing the risk of cyberthreats .
Also , the increasing use of VPN technology pre- and post-COVID has become a threat vector for organisations as it connects users to random networks which increases the risk of lateral movement and attacks from infected devices or bad actors .
What should organisations consider when adopting a Zero Trust approach and defining which cloud strategy to use ?
When I speak to CISOs and CIOs , there are three notable steps I break down

We have over 150 global data centres processing over 250 billion secured transactions per day ( about 20x the amount of Google searches per day ). when it comes to adopting a Zero Trust approach and defining which cloud strategy to use .

Firstly , adopt an anchor security policy on identity where all personal data is not disclosed to any person who has no right to receive it . This is done by taking all reasonable steps to confirm identities before providing details or any personal information the organisation holds about people .
Secondly , inspect all SSL traffic . This will intercept and review SSL-encrypted Internet communication between the client and the server . The inspection of SSL traffic has become critically important as most of the Internet traffic is SSL encrypted , including malicious content . This added layer of security , helps protect sensitive information , but it can also conceal malicious communications that play a role in cyberattacks such as phishing , data breaches , Distributed Denial of Service ( DDoS ) and many others . Remember the same tool that confers security can also nurture insecurity .
The last step will be to reduce attack surface by never publishing internal applications . So , while you design , code and configure your application to prevent and defend against cyberthreats , most importantly understand that internal apps generally contain more valuable data and are just as vulnerable to attack as external apps .
Unlike legacy networking and other security products , Zscaler
68 www . intelligentciso . com