Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

The Tao of Zero Trust

March 28, 2019
in Internet Security
The Tao of Zero Trust
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The benefits of having three layers of security
Dr. Ronald Ross, computer scientist and fellow at the National Institute of Standards and Technology, tells Tonya Hall about the importance of testing security and layering cyber defense.

Must Read: Download Forrester’s complimentary guide to learn how and why Zero Trust is the best way to defend your business. 

You might also like

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

ASIO boss says he’s not concerned with Australian Parliament’s March outage

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

I get asked two questions at least weekly, in some cases almost daily: 

  1. Where do we start for Zero Trust?  Fix your IAM and user side of the equation. 
  2. What is the difference between other frameworks and Zero Trust? OK, now we can get down to the nuts and bolts on this one. 

Zero Trust turned 10 years old this year. John Kindervag’s research and analysis of enterprises uncovered that dangerous assumptions of ”trust” had become an essential part of the network. He realized that the human emotion, trust, was more than a simple flaw; it represented a major liability for enterprises’ networks that would lead to failure over and over again in the years to come. 

Since 2010, attackers have breached thousands of companies, stealing billions of records. Some companies went out of business, some governments suffered geopolitical setbacks that would take years to unravel, and many citizens have lost faith in the integrity of their countries’ electoral procedures. And none of those exploits or breaches ever required attackers to use their most sophisticated skills or techniques. Most of them began with the failure of a few basic security controls and the inevitable lateral movement of attackers. 

Also: Mueller report confirms the worst: National sovereignty is at risk worldwide

Zero Trust wasn’t born out of a need to sell another security control or solution. It was born from a desire to solve a real enterprise issue. And just as the threat landscape and the challenges have evolved over the last 10 years, Forrester has worked to build out the original concept into a simple framework we call ZTX, or Zero Trust eXtended. 

Our framework solves the architectural and operational issues with Zero Trust – namely, how to get started and how to sustain a Zero Trust approach.  ZTX covers how to ”build” Zero Trust into the technology stack of your enterprise. It helps organizations understand how they can choose solutions that deliver on  Zero Trust principles that enable their strategy over time. Forrester also rolled out a series (two so far) of virtual infrastructures to showcase what Zero Trust implementations look like – we ate our own dog food. 

Zero Trust works, but that doesn’t make it easy. Forrester has clients engaged in rolling out ZTX technologies and approaches, and we continue to revise and update our research as we work with more enterprises. Our virtual architectures further cement the validity of our approach. 

You might have noticed an explosion of Zero Trust recently. We think this adoption is based on two factors: 

  • First, the cybersecurity industry has hit an inflection point wherein the massive spend to prove the negative of “good security” is drying up.
  • Second, CEOs and board leadership for enterprises are tired of the technical talk and miscommunication around cybersecurity operations. Zero Trust is simple in name, comprehensive in its approach, and realistic in the acceptance of the inherent failures that plague enterprises from the second they start sending electrons. 

Now for the other frameworks question. 

There are a multitude of other methods, frameworks, builds, and approaches that can be part of a security strategy. If you really do the deep dive on these other approaches, you will understand that, in truth, they are in some way different sides of similar coins. Every framework looks at endpoint security, every framework pushes for user controls and optimal firewall rules, and every method is aimed at discerning where vendor technologies can be employed to solve those problems. Each has their own flavor of approach, and in all honesty, any of them could be employed as part of a long-term strategy. 

OK – but wait a minute. 

Also: Windows 10 security: A guide for business leaders TechProResearch

Sitting in the analyst chair and talking to Fortune 50 organizations daily that can’t even deal with things as simple as enabling MFA, using bad passwords, struggling with failed firewall configurations, and failing to patch decade-old servers speaks to a bigger issue of complex frameworks and complicated strategies focused on chasing compliance checklists. If most enterprises can’t even do those basic things (read our research and note the numbers on how prolific, basic security controls are abject failures if you doubt this), then it stands to reason that employing something as difficult as continuous adaptation, or 15,000-word checklist documents, would be something that is light years away. Add to that the difficulty of detailing some frameworks with five-letter-long acronyms, mile-long checklists, and variable inputs, and the complexity increases further. 

Zero Trust is focused on simplicity and the reality of how things are now. We push organizations to start from Zero Trust and work from that position, continually, programmatically, outwardly. And we tell them this is a process, possibly a multiyear-long one, and that this process never ends — ever. 

The reality in cybersecurity is that everyone must stop sucking at the basics before we can ever even consider moving to something as advanced as continually basing security controls and decisions on analytic contextual inputs. That type of advanced capability is a nuclear-reactor level of complexity, when most organizations are lucky if they can even plug a light bulb in. 

Also: What is digital transformation? Everything you need to know

Couple simplicity and clarity with a decade of research, real-world use cases, an industry lining up to be evaluated for inclusion, and actual functional deployments of the strategy, and suddenly one of these approaches seems a bit more pragmatic. 

This post originally appeared here.   

Credit: Source link

Previous Post

Data Science Central Thursday Digest, March 28

Next Post

Customer Experience Lessons From E-Commerce

Related Posts

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system
Internet Security

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

April 14, 2021
Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Next Post
CMOs Need to Focus to Survive: Three Priorities to Ditch and Three to Latch On To

Customer Experience Lessons From E-Commerce

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization
Machine Learning

Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization

April 14, 2021
Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021
Neural Networks

Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021

April 14, 2021
The Search Engine Land Awards are open: Wednesday’s daily brief
Digital Marketing

The Search Engine Land Awards are open: Wednesday’s daily brief

April 14, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

IBM joins Eclipse Adoptium and offers free certified JDKs with Eclipse OpenJ9 – IBM Developer

April 14, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves
Internet Privacy

Simplify, then Add Lightness – Consolidating the Technology to Better Defend Ourselves

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization April 14, 2021
  • Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021 April 14, 2021
  • The Search Engine Land Awards are open: Wednesday’s daily brief April 14, 2021
  • IBM joins Eclipse Adoptium and offers free certified JDKs with Eclipse OpenJ9 – IBM Developer April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates