What's the buzz about zero trust?
By John Bruggeman, virtual Chief Information Security Officer, CBTS
What is zero trust? Does it mean you don’t trust anyone? That you can't trust your employees? Are you blaming other people when you say, "zero trust"?
Let me be clear: zero trust is not a product or an SKU.?Zero trust access (ZTA) instead describes a more secure way to protect sensitive or private information than traditional network designs. Zero trust is a journey that takes time, planning, skilled engineers, and technical staff to implement.
Ten years ago, people tended to trust the computers on their network and grant access because the device was in the office and was assumed to be free of malware or remote access tools.
Fast forward to today, and the threat landscape has significantly changed. Any device can be compromised by malware that leads to ransomware, and it’s not going away. Ransomware is too easy to deploy and too profitable for criminals to give up. Last year, ransomware gangs extorted over $10 billion.
We now live in a world where we must always be more secure—all the time, on all our devices.
领英推荐
How do you implement zero trust?
To get started it’s good to have a plan for your zero trust journey. The CBTS security team has developed a zero trust readiness assessment tool that can help customers determine where they are in their zero trust journey.
I presented at half a dozen events last year on zero trust, and two events so far this year. Less than 10% of the attendees have started their zero trust journey. The vast majority of companies need to get started and we have the expertise and tools to?help.
What to do?
Start planning to implement zero trust principles in your network.?A zero trust environment can help with cybersecurity insurance and make it easier for applications to be accessed by users and customers.
You can read more about it in this blog post by CBTS.
About the author
John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO.