Why Zero Trust architecture will disrupt the cybersecurity industry, the same wa...
source link: https://itwire.com/guest-articles/guest-opinion/why-zero-trust-architecture-will-disrupt-the-cybersecurity-industry,-the-same-way-netflix-disrupted-blockbuster.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Tuesday, 26 October 2021 10:46
Why Zero Trust architecture will disrupt the cybersecurity industry, the same way Netflix disrupted Blockbuster
By Dave Shephard, APAC vice president, Illumio
GUEST OPINION: The cybersecurity industry suffers from a lack of disruption. Not at the hands of adversaries—sadly we suffer from plenty of that—but positive disruption by design from technology vendors. I’m sure some cybersecurity professionals will dispute this claim, but I believe their objections will point to smaller scale, piecemeal disruptions, and we need to open up the aperture and allow some more light in.
Let’s consider some of the “big” modern IT disruption examples. SaaS has redefined software delivery and turned IT organisations into consumers. Cloud definitely disrupted the role of the data centre, yet the data centre is still there. Secure access service edge (SASE) promised to redefine the notion of a corporate network with a defined perimeter, but how many enterprises have really done away with edge firewalls? And the password is dead... long live the (complex) password!
But none of these were true gamechangers, not in the way Netflix was to Blockbuster, iTunes was to high street record stores, or the mobile phone was to the compact digital camera business. The cybersecurity industry has essentially been delivering incremental adaptations of existing tech for more than a decade.
This won’t be the case for much longer. The adoption of a Zero Trust architecture will lead to major disruption, not only to our tech stack, but to how we think about security and reframe the challenge. Zero Trust affords us the opportunity to reset and to pursue a new security model—a fresher approach that presents a credible challenge to the increasing sophistication of attackers.
Disruption doesn’t happen overnight (it took until 2010 for Blockbuster to finally close the last store). They also don’t just happen with a sudden change; true disruptions in cyber requires customers to change how they view things and be open to doing them differently in order to realise how much better things could be.
For cybersecurity professionals, a Zero Trust strategy requires a similar mindset shift: accepting trust is the biggest vulnerability in the current system and “assume breach” as the starting point for what you do next. Few will argue with the logic or the basis, but most are early on their journey. It can be hard to concede that despite all of the work and technology investment we (rightfully) put into creating a formidable perimeter, the adversary will ultimately break through—or is already inside. The almost constant reporting of high-profile ransomware attacks is the proof of that pudding.
A strategic shift in mindset means implementing Zero Trust security controls is going to be different from other strategies before it. And with the constant pace of IT change, we’re unlikely to ever achieve the perfect Zero Trust network, but that doesn’t mean we shouldn’t start the journey. Perfect should not become the enemy of doing much better.
Segmentation for example, which creates compartments within your network like water-tight compartments in a submarine, is an important pillar of any Zero Trust strategy and ensures that a single foothold in your network does not mean an attacker can access other higher-value areas and data. Zero Trust segmentation won’t stop intrusions from happening, but when prevention fails (and it will) this approach will contain the spread of a breach and minimise the impact and consequence for a business.
It’s not hard to understand why some remain reluctant to recommend a Zero Trust strategy to clients and senior management. It’s a concession or an admission of defeat that the “old goal” of cybersecurity teams—to make sure attackers couldn’t possibly breach the perimeter—is yesterday’s strategy and past its freshness date.
The new strategy must accept and account for one simple fact: breaches can and will happen.
Zero Trust cyber strategies are common sense, and shouldn’t be viewed as complex or for large enterprises only. That myth needs dispelling. Customers don’t need to abandon their past and convert all in one go. In fact, an easy way to start your Zero Trust strategy is by getting a clear view of your IT estate and understanding how your networked assets communicate. Without first achieving visibility of your critical workloads and applications, you cannot begin to protect them with policies to allow what you know to be good, and rules to restrict what you know to be bad. This simple start will have a massive impact on reducing your attack surface. And if you identify critical high-value workloads or vulnerable assets (unpatchable) that need to be ring-fenced, of course you have the ability to do that too.
Modern IT environments are constantly changing, adapting, and increasing in complexity and this is showing us that the traditional security controls we’ve relied upon for too long are brittle and ineffective.
Only by changing how we approach cybersecurity, can we tip the odds back in the favour of the defenders and build cyber resilient organisations—for as long as we keep relying on yesterday’s technology, today’s adversary will continue to easily bypass them and the headlines won’t stop.
Subscribe to ITWIRE UPDATE Newsletter here
PROMOTE YOUR WEBINAR ON ITWIRE
It's all about Webinars.Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK