Traditional approaches to security historically included perimeter-based defenses and an implicit trust of network insiders. Zero trust, a wholly different approach to security, treats all users and resources, wherever they are located, as equally untrusted. Organizations will need all hands on deck to implement zero trust, and that will require zero-trust certification and training.
"Zero trust is a team sport," said Holly Felicetta, senior product manager at Forrester, during the organization's 2020 Security & Risk Global summit.
A zero-trust team stretches across IT functions, including security, networking, applications and data, to finance, HR and C-suite executives because financial records and documents contain sensitive data that must be identified, mapped and safeguarded.
"People you have to involve in this may not be engaged in security. They may not even understand the value security has for the organization. But they do understand the value that their data has for the business," said Chase Cunningham, principal analyst at computer science vs information technology. "You need to get them involved as allies.
Understanding zero trust
To facilitate this coordination among different departments, security practitioners must be able to communicate what a zero-trust strategy is and why it's important to the business. But buyer beware: The strategic aspect can get lost in the zero-trust "vendor hype."
No comments:
Post a Comment