Why zero trust?
For an industry that has traditionally relied on the perimeter, security strategies to protect valuable resources, every new type of attack has revealed that hackers just need one small weakness to penetrate the greatest of defenses. With remote working becoming the normal way of working and the rise of multi-cloud models, the traditional boundary for security has evaporated.
Now this means exponentially more endpoints for IT teams to support, and that too with reduced visibility. Not to forget it’s all interconnected – devices, users and data are inter-linked like never. This increases the risks and chances of a breach.
How do CISOs minimize the impact of a breach?
Every new attack opens new questions about an enterprise security posture. In a changing dynamic landscape, zero-trust security has emerged as a promising option to protect from advanced cyber threats, as it assumes that every entity, connection, or endpoint is a threat.
“Zero trust is not a product it’s a security strategy based on three key principles. The first is never trust always verify, second is enable least privilege, and third is assume breach.” says Shivaswaroopa NS, Consulting and Delivery Leader, IBM Security Services. “Zero trust is the new normal in today’s perimeter-less world where users are accessing data from anywhere, any place, and any device,” he adds.
Shivaswaroopa believes that “Lateral movement within the enterprise causes maximum damage. Zero trust essentially helps you in minimising this lateral movement by examining every transaction that happens, this minimizing the impact of a breach.”
It is time to go fearless with zero trust
Zero trust approach can help resolve top security challenges that CISOs face today:
- Reimagine hybrid cloud security: Move to hybrid cloud with confidence using a zero trust security approach.
- Preserve customer privacy: Use zero trust to make data access limited and conditional.
- Address rising insider threats: Continuously verify users and reduce data exposure with zero trust.
- Protect remote workforce: Use zero trust to enable your anywhere workforce with everywhere security.
There is little doubt that zero trust is the new normal of cybersecurity. It is seeing increased adoption globally, as more enterprises realize the value it brings.
Not surprising then that studies suggest over 78% of organizations surveyed across the world are considering adopting the zero-trust approach.
How to get started with zero trust?
It’s important to remember that the approach aims to wrap security around every user, every device, every connection — every time. Hence it takes time to build and is continuously adaptive.
Shivaswaroopa says, “While the benefits are profound, putting zero trust into action requires careful planning and thinking.”
As first steps, it is important to define and tailor the zero-trust approach to the organization’s business goals. To do so, CISOs need to build a detailed zero trust security roadmap that is aligned to the enterprise’s unique security, industry compliance and investment strategy requirements.
Secondly, it is important that security leaders shift into a business outcomes mindset, rooted in a unified security strategy that accelerates business and IT objectives, rather than focus on one functional area of security. This requires integration across multiple security domains, even as security programs in many organizations are still operating in siloes.
Thirdly, CISOs need to prioritize zero trust projects and initiatives to ensure demonstrable success. Now, implementation of zero trust principles results in different technical solutions and approaches for different uses cases. Thus, it is important to assess current security gaps for a specific use case scenario against zero trust framework.
It can be challenging for businesses to seem to know where to start or how to merge their existing solutions into their zero-trust security strategy. The early stages of implementing a zero-trust strategy can seem daunting, as there can be multiple projects across different parts of the security team.
“That is where IBM Security comes in,” Shivaswaroopa added. “Zero Trust is not a sprint, it’s a marathon – a gradual process, as Forrester describes it. IBM Security can help simplify and progress an enterprise’s zero trust journey with an actionable, flexible and a programmatic roadmap.” he concluded.
Shivaswaroopa NS
Consulting and Delivery Lead –
Security Services,
IBM India Pvt Ltd