the Transform Technology Summits begins October 13 with Low-Code / No Code: Enabling Business Agility. Register now!
This article was written by Arvind Raman, CISO of Mitel.
The pandemic has accelerated the evolution of Chief Information Security Officers (CISOs) from traditional gatekeepers to business enablers and strategic advisers in our new, increasingly cloud-centric hybrid work environment, but this does not mean that security is secondary. Rather, the need for the expertise of a CISO has increased. The massive shift toward cloud adoption is leaving legacy organizations vulnerable to potential breaches, and security managers must find solutions that protect and provide access to the important information that drives critical business decisions.
Many are turning to a “zero trust“Model for protecting this critical data that the business runs on; in fact, 82% of senior business leaders are in the process of implementing this model, and 71% plan to expand it over the next year. Why? The name says it all. Zero trust does not rule out anyone as a threat. It’s about verifying and mitigating threats across hybrid clouds and edge devices, both internally and externally.
From traditional IT security to zero trust
With a new business paradigm, CISOs are moving away from a traditional reaction and response IT security strategy to one that is more proactive and supports long-term business goals. Traditional IT security models rely on users within organizations’ networks. Zero Trust verifies users at multiple checkpoints to ensure the right person gets the right access.
In traditional IT environments, hackers can easily break through firewalls with stolen or compromised usernames and passwords, leading to data theft and damaging reputation. When implemented effectively, zero trust enables authorized users to seamlessly and securely access company information from any device anywhere in the world.
Think of zero trust as airport security checks, especially for international travel. To lessen threats and limit potential risks, we go through several security checkpoints prior to boarding. Once authorized, a zero trust model gives users access only to the data they need to do their jobs. This limits sprawling data surfaces and reduces areas of attack, which is important when weighing data growth against the challenge of understanding where data resides. The pandemic further accelerated the rate of data creation, but according to IDC, only 2% of that data was saved and preserved in 2021.
One of the biggest obstacles organizations face when implementing zero trust is the lack of full visibility into an organization’s data and assets to begin with. Organizations with legacy infrastructure may have a more difficult path to implementing zero trust, but it is definitely doable. The recent Biden administration executive order in the zero trust model in response to the post-pandemic security landscape has made doing so a business imperative.
CISOs must establish maximum visibility into their organizational assets and work with internal teams to implement the principles of zero trust. What is most important to the organization for safety? Balancing business needs and user experience are the key components to personalizing zero trust. To effectively meet both needs, CISOs can ask the following questions:
- What are the business objectives? Which are the main security risks impacting business objectives and how can they be managed?
- What are the most important data assets of our organization? Where is the information stored and is it vulnerable?
- What is our current access management process? What is our device access management policy? That should be?
- What security gaps should we fill and in what order?
With these answers, CISOs can begin to create an effective risk management framework using zero trust in applications, networks, and endpoints. A well-thought-out zero-trust plan enables security managers to analyze, provide critical data, and advise senior business leaders on strategic decisions that affect the organization’s goals.
While IT professionals and CISOs cannot control the physical environment, we can control the digital environment and be a safe business enabler, rather than being viewed as a blocker. Zero trust is the right way to go.
Arvind Raman, Mitel CISO, is a zero-trust and cybersecurity expert who believes so and can share guidance on what business leaders can do to implement the practice efficiently.
VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain insight into transformative technology and transact. Our site offers essential information on data technologies and strategies to guide you as you run your organizations. We invite you to become a member of our community, to access:
- updated information on the topics of your interest
- our newsletters
- Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
- network features and more