Zero Trust: A Promising Approach
Nearly every cybersecurity solution vendor emphasizes the concept of “zero trust” on their websites and in their marketing materials. Essentially, this means that your cybersecurity strategy and network infrastructure should be designed with the assumption that no one and nothing can be trusted.
Of course, completely locking out all access to the network is not a feasible option. Instead, the alternative path to zero trust involves challenging and validating anyone or anything attempting to connect to the network, including devices and individuals within the corporate perimeter.
Three Major Challenges of Zero Trust
Implementing a zero-trust cybersecurity approach presents several challenges, mainly revolving around the Internet of Things (IoT), the cloud, and user behavior.
- The IoT: Many IoT devices lack proper enterprise-grade cybersecurity features, with some even lacking basic password protection. Even if you prevent these devices from entering your networks, it doesn’t guarantee their absence.
- The Cloud: Cloud-based services require multiple layers of cybersecurity, especially concerning public cloud connections. Regular security updates are crucial, as vulnerabilities often arise from delayed installations.
- User Behavior: As your computing resources evolve, it is essential to engage and inform users about their roles in maintaining security. Users and their devices can be both the weakest links and the first line of defense. Effective user engagement lies in the hands of network and cybersecurity managers.
Best Practices for Zero Trust
During my work at Huawei USA with Andy Purdy, the Chief Security Officer, and former Acting Director of the National Cybersecurity Division of the U.S. Department of Homeland Security, I learned a valuable approach: “A, B, C.”
- Assume nothing.
- Believe no one.
- Confirm everything.
Adopting this mindset should guide your decision-making process when selecting, deploying, and managing all aspects of your cybersecurity infrastructure. Reject any components that lack credible features or benefits.
As you choose and implement solutions, ensure that your security technologies, practices, processes, and communication methods align with the following principles:
- Automated: Keeping up with network growth and cybersecurity threats is impossible without automated tools and processes.
- Bespoke: Tailor the deployment and integration of chosen solutions to fit your organization’s unique business needs and user requirements. Document these solutions and processes using a more personalized and user-centered approach.
- Clear: Explain what you do and why you do it in terms that focus on your users, not just your technologies or business objectives. Treat users as valuable participants in your defense strategy, encouraging their cybersecurity efforts through clear, credible, and consistent communication.
Another suggestion: Always Be Communicating. Throughout your cybersecurity journey, ensure that your users and superiors understand your actions, their responsibilities, and the reasons behind them.
Seeking Assistance
From March 23rd to March 26th, you have the opportunity to evaluate vendors’ claims regarding zero trust. The Zero Trust Demo Forum will hold a series of demonstrations with the participation of esteemed cybersecurity professionals such as Dr. Chase Cunningham of Forrester, Dr. Anton Chuvakin from Google Cloud, and Richard Stiennon, a renowned cybersecurity expert and author.
Preview this event through an 11-minute video featuring Richard and Chase on Vimeo. Over two dozen vendors are expected to participate. For more information and registration, visit The Demo Forum website. This event promises to be a worthwhile investment of your time and attention.
Conclusion: So above is the Cybersecurity: Essential Knowledge for 2021 and Beyond article. Hopefully with this article you can help you in life, always follow and read our good articles on the website: Megusta.info
