Image by Freepik
Cybersecurity and data protection have quickly become top boardroom priorities for global enterprises after a record year of devastating and costly attacks like SolarWinds and Colonial Pipeline.
C-suite leaders who were not previously responsible for security are now tasked with ensuring data breaches — including ransomware attacks — and their million-dollar price tags do not jeopardize their organizations. As pressure increases, they are wisely looking to experts for guidance, many of whom are external consultants and other similar industry experts.
These people often provide checklists and best practices for what is most important in cyber security, but these lists often boil complex IT concepts down into easy-to-digest soundbites — marketing copy usually based on the latest buzzwords. In this regard, one particularly widely misused and especially problematic buzzword is zero trust.
Zero trust really is not a new concept, but the term is now being used in many different ways and contexts. I see it being used for everything from product and company names to broader technology categories to functionality — it is everywhere.
With all this use and, frankly, misuse, the true meaning has become blurred and confused. A particularly troublesome misconception is that zero trust can be bought or downloaded as a single product. This marketing is wrong and misleading.
In reality, zero trust is not simply a product or service — it is a mindset that, in its simplest form, is about not trusting any devices — or users — by default, even if they are inside the corporate network. Zero trust encompasses many technologies, products, practices and features that need to be built into not only products and services, but company-wide culture and processes.
What concerns me most about the confusing use and misuse of zero trust, including productizing the term, is how it tends to make companies think their data is safe because they have implemented a “zero trust” product when, in fact, they are still extremely vulnerable because a single product or solution alone does not equal a zero-trust posture.
Here is what organizations must actually do to implement a zero trust charter:
As the latest buzzword, we will undoubtedly continue to see zero trust used and misused in many contexts. Remember, a true zero trust posture cannot come from a single product or solution, even if it is marketed that way. In reality, zero trust is an ongoing iterative process based on the principles outlined here that must always be evolving.
Sonya Duffin is a cyber resilience and data protection expert at Veritas Technologies. With a background in both the private and public sectors, she currently focuses on communicating complex topics like ransomware-related legislation and cybersecurity hygiene best practices to users in a way that translates into actionable strategies to better protect data. Duffin completed both her undergraduate and graduate studies at Santa Clara University.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.
Georgetown University, a major international research university with nine schools, an affiliated hospital, and many highly-ranked academic programs, has a mature, layered security program.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing