The The Transform Technology Summits begin October 13 with Low-Code / No Code: Enabling Enterprise Agility. Register now!
This article was written by Arvind Raman, CISO at Mitel.
The pandemic has accelerated the evolution of Information Security Officers (CISOs) from traditional gatekeepers to business enablers and strategic advisers in our new, increasingly cloud-centric hybrid work environment, but that doesn’t mean we’re making security a priority. On the contrary, it has increased the need for CISO expertise. The massive shift to cloud adoption makes legacy organizations vulnerable to potential breaches, and security managers must find solutions that protect and provide access to important information that underpins critical business decisions.
Many turn to a “zero trust“model for protecting this critical data that the business operates on – in fact, 82% of business leaders are implementing this model, and 71% plan to expand it over the next year. Why? It’s all in the name. Zero trust does not see anyone as a threat. It’s about verifying and mitigating threats across hybrid clouds and edge devices, both internally and externally.
From traditional IT security to zero trust
With a new business paradigm, CISOs are moving from a traditional, reactive and reactive IT security strategy, to one that is more proactive and supports long-term business goals. Traditional computer security models trust users who are inside organizations’ networks. Zero Trust checks users at multiple checkpoints to make sure the right person is getting the right access.
In traditional IT environments, hackers can easily break through firewalls with stolen / compromised usernames and passwords, causing data theft and damaging reputation. When implemented effectively, zero trust enables authorized users to seamlessly and securely access company information from any device, anywhere in the world.
Think of zero trust like security checks at airports, especially for international travel. To reduce threats and limit potential risks, we go through several security checkpoints before boarding. Once authorized, a zero trust model allows users to access only the data they need to do their jobs. This limits sprawling data surfaces and reduces areas of attack, which is important when comparing data growth to the challenge of understanding where the data resides. The pandemic has further accelerated the rate of data creation, but according to IDC, barely 2% of this data was backed up and retained in 2021.
One of the biggest hurdles organizations face when implementing zero trust is the lack of full visibility into an organization’s data and assets to begin with. Organizations with legacy infrastructure may have difficulty implementing zero trust, but it is certainly doable. The recent decision of the Biden administration decree on the zero trust model, because responding to the post-pandemic security landscape has made it a business imperative.
CISOs should establish maximum visibility into their organizational assets and work with internal teams to implement the principles of zero trust. What is most important to the organization when it comes to safety? Balancing the needs of the business and the user experience are the key elements of personalizing zero trust. To effectively meet these two needs, CISOs can ask themselves the following questions:
- What are the business goals? What are the main security risks impacting business objectives and how can they be managed?
- What are the most important data assets in our organization? Where is the information stored and is it vulnerable?
- What is our current access management process? What is our device access management policy? What should it be?
- What security gaps do we need to fill and in what order?
With these answers, CISOs can begin to create an effective risk management framework using zero trust between applications, networks, and endpoints. A well-thought-out zero trust plan enables security managers to analyze, deliver critical data, and advise business leaders on strategic decisions that affect organizational goals.
While IT pros and CISOs cannot control the physical environment, we can control the digital environment and promote business security, instead of being seen as a blocker. Zero trust is the right way to go.
Arvind Raman, CISO at Mitel, is a cybersecurity and zero trust expert who thinks so and can share advice on what business leaders can do to implement the practice effectively.
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more