Dave On Cyber

Cybersecurity as an Art

CISSP

Trust on Zero Trust Security

By Dave Krunal

This article is based on theĀ  Cyberedge webinar by Steve Piper and my personal insights.

The before-and-after comparison is not limited to the cosmetic and real-estate industries.

Cybersecurity is no exception.

The security before and after COVID-19 has also changed.

“Then: Trust but verify.”

Zero-trust Security may have been a fancy consideration before the pandemic. However, compliance standards such as PCI-DSS, ISO27001, and HIPPA are significant factors in implementing Zero-Trust Security.

What has changed?

Remote work wasn’t an alien concept before COVID-19, but no mass adoption existed.

Traditional cybersecurity relied on perimeter-based defense for user and device security.

The pandemic has punched a big hole in the traditional cybersecurity model.

The hole has accelerated the adaptation of Zero-TrustĀ  Security as a framework. It’s built upon a principal that threats could be internal or external.

We have a new mantra.

“Now: Never trust, always verify.”

Never trusting anything or anyone seems harsh. But there are reasons:

Zero-trust is all about giving right people right access from right location to right application.

Despite this, the Cyberedge Group report shows that 9% of companies have not considered zero-trust security. Surprisingly, only 35% of companies have implemented zero-trust in their production systems.

It’s essential to debunk a few myths for zero-trust security.

Myth# 1 Zero-trust is not a product or platform. It’s a framework.

Be aware of vendors who market “Zero-trust ready solutions” during sales, but the product has friction in available security.

Myth# 2 Zero-trust is for small to medium businesses.

Most big organizations don’t have financial constraints for implementing zero-trust security. Small to medium companies often consider zero-trust a fancy feature, but it has become a norm.

Myth# 3 Zero-trust is about leveraging what already exists in the environment.

To implement zero-trust security, you don’t need to reinvent the wheel. Most companies already have firewalls, Active Directory, and mobile device management software. Consider how you can blend data and network security with device and identity verification.

The Return on Investment (ROI) for Zero-trust is like a car insurance. You will only realize the benefit when your car breaks.

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *