This The Transform Technology Summit begins October 13 with a low-code / no-code: Enabling Enterprise Agility. Register now!
This article was written by Mittal’s CISO Arvind Raman.
The epidemic has accelerated the evolution of Chief Information Security Officers (CISOs) from traditional gatekeepers to business-capable and strategic advisers in our new, increasingly cloud-centric hybrid work environment, but that doesn’t mean we secondary security. In contrast, it increases the need for CISO skills. Large-scale changes in cloud adoption are leaving legacy organizations vulnerable to potential breaches, and security chiefs must find solutions that both protect important information and provide access that leads to decisive business decisions.
Many people are turning to the “Zero Trust” model to protect the critical data on which businesses run – in fact, 82% of senior business leaders are in the process of implementing this model, and 71% plan to expand it next year. . Why? The name says it all. Zero Trust does not regard anyone as a threat. It’s about testing and minimizing threats on both internal and external hybrid clouds and edge devices.
From traditional IT security to zero trust
With the new business model, CISOs are moving away from the traditional, more active and responsive to IT security strategies that support long-term business goals. Traditional IT security models rely on users who are within a network of organizations. Zero Trust checks users at multiple checkpoints to make sure the right person is getting the right receiving access.
In traditional IT environments, hackers can easily crack a firewall with stolen / compromised usernames and passwords that can lead to data theft and damage to reputation. When implemented effectively, Zero Trust allows authorized users to access company information seamlessly and securely from any device anywhere in the world.
Think about zero confidence like airport security checks, especially for international travel. To minimize threats and limit potential risks, we go through several security checkpoints before boarding. Once authenticated, the Zero Trust model gives users access to only the data they need to do their job. This limits the extended data surfaces and reduces the areas of attack, which is important when weighing data growth while with the challenge of understanding where the data resides. The epidemic accelerated the rate of data creation yet according to IDC, only 2% of that data was saved and retained in 2021.
One of the biggest hurdles for organizations when implementing zero trust is the lack of organization visibility and full visibility in the initial assets. Organizations with legacy infrastructure may have a hard time implementing Zero Trust but it is certainly doable. The Biden administration’s recent executive order on the zero trust model, in response to the post-epidemic safety landscape, has made doing business inevitable.
CISOs should establish maximum visibility in their organizational assets and work with internal teams to apply the principles of zero trust. What is most important to the organization for security? Balancing business needs and user experience are key components to customizing Zero Trust. To effectively meet both needs, CISOs may ask the following questions:
- What are the objectives of the business? What are the top security risks affecting business objectives and how can they be managed?
- What are the most important data assets in our organization? Where is the information stored and is it sensitive?
- What is our current access management process? What is our device access access management policy? What should it be?
- What security gaps do we need to fill, and in what order?
With these answers, CISOs can begin to build an effective risk management framework using zero trust in applications, networks and endpoints. A well-thought-out zero trust plan allows security presidents to analyze, provide critical data, and advise senior business leaders on strategic decisions that affect organizational goals.
While IT professionals and CISOs cannot control the physical environment, we can control the digital environment and enable secure business, seen as the opposite blocker. Zero trust is the right way.
Mittel’s CISO Arvind Raman is a cyber security and zero trust expert who thinks so and can provide guidance to business leaders on what they can do to effectively implement the practice.
VentureBeat’s mission is to become a digital town square for technology decision makers to gain knowledge about changing technology and practices. Our site delivers essential information on data technology and strategies to guide you as you lead your organizations. We invite you to become a member of our community, access access:
- Up-to-date information on topics of interest to you
- Our newsletters
- Gated idea-leader content and discount access access for our precious events, such as Transformation 2021: Learn more
- Networking features, and more
Become a member