Intelligent Data Centres Issue 47 - Page 63

UNCOVERING THE LAYERS adapt to the complexity of the modern environment , embrace hybrid workplace and protect their people , devices , apps and data wherever they ’ re located .
What do you think is the biggest risk an organisation will face with reluctance in utilising the Zero Trust approach and expanding their cloud adoption solutions ?
The most common use case is user experience being traded off to maintain security in a hub and spoke network . This means users will often bypass any security inspection and connect straight to the Internet when they ’ re off the corporate network , heavily increasing the risk of cyberthreats .
Also , the increasing use of VPN technology pre- and post-COVID has become a threat vector for organisations as it connects users to random networks which increases the risk of lateral movement and attacks from infected devices or bad actors .
Lawrence Morrison , VP of Middle East and Africa at Zscaler
What should organisations consider when adopting a Zero Trust approach and defining which cloud strategy to use ?
When I speak to CISOs and CIOs , there are three notable steps I break down when it comes to adopting a Zero Trust approach and defining which cloud strategy to use .
Firstly , adopt an anchor security policy on identity where all personal data is not disclosed to any person who has no right to receive it . This is done by taking all reasonable steps to confirm identities before providing details or any personal information the organisation holds about people .
Secondly , inspect all SSL traffic . This will intercept and review SSL-encrypted Internet communication between the client and the server . The inspection of SSL traffic has become critically important as most of the Internet traffic is SSL encrypted , including malicious content . This added layer of security , helps protect sensitive information , but it can also conceal malicious communications that play a role in cyberattacks such as phishing , data breaches , Distributed Denial of Service ( DDoS ) and many others . Remember the same tool that confers security can also nurture insecurity .
The last step will be to reduce attack surface by never publishing internal www . intelligentdatacentres . com
63