Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Rethinking the current cybersecurity landscape

By Sam Rehman
remote-work-freepik35678.jpg
September 27, 2021

As digital-based technology advances in complexity, traditional cybersecurity loses its potency, leaving many businesses vulnerable to exploitation. These unintended consequences worsen from cyberattacks which continue to increase in frequency and sophistication. Businesses of every size and industry can no longer afford to rely on obsolete security practices while the cost of cybercrime skyrocket to $6 trillion in 2021. 

 

The highly prevalent work-from-home model has further strained an already outdated model of perimeter security. Even before the COVID-19 pandemic, companies increasingly turned to gig workers and BYOD, opening new entry points in their systems for bad actors to slip in. It is nearly impossible to find success with traditional security in the new hybrid work environment, even with mobile device management (MDM) and endpoint protection.

 

The time has come for all businesses in every industry to rethink security, lest they fall behind the curve, especially now that the President passed an executive order mandating zero trust for all government entities. Through SaaS, APIs and other cloud service implementation, alongside a cybersecurity strategy just as agile and modern as any other business practice, corporations can succeed in the new landscape. Pressing the reset button on security is only possible by disregarding the old-school ring-fencing and the rigid firewalls of the moat-castle mindset and embracing the zero trust mentality. 

 

What is Zero Trust?

It’s important to understand that zero trust architecture (ZTA) is not a product or set of products but a strategy, one that businesses can and should recapitulate over time. The National Institute of Standards and Technology (NIST) describes zero trust as an “evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” Picture zero trust as the living strategy of defense that anticipates and reacts to enemy attacks rather than an unreactive stationary wall.

 

In 2009, zero trust first emerged as an information security model for Forrester, who named it the Zero Trust Model. Over time it gained widespread acceptance; the top federal government cybersecurity leaders decided to adopt a zero trust approach. Today, three pillars support the zero trust model: everything is dynamic, permit the least amount of privilege, and watch and verify everything. 

 

Our digital environments are far more dynamic, fluid and complex – ring-fencing alone will not be sufficient. ZTA is more relevant than ever before because the stakes are higher than ever before. With a report by IBM finding that 80 percent of breaches involve customer personally identifiable information (PII), the cost of these breaches, though hard to quantify, will include the deterioration of customer trust. The question that logically follows is, how does an organization move towards a zero trust model?

 

Guidelines for Moving Toward a Zero Trust Model  

Since ZTA is a strategy with multiple applications and practices, it can be overwhelming when examined from a distance. However, underlying the model are straightforward concepts, easily split into ten guidelines:

 

  1. Gate with Least Privilege / “Need-To” Only Access: Keep access limited from the beginning and only permit authorized users that actually need access.
  2. Verify Constantly and Use Smaller Units: Transaction and access tokens must be verified and challenged regularly. Businesses can split up larger units of work to reduce one-time loss, which will also assist the efforts of detection and response teams. 
  3. Automate and Microsegment Network, Workload and Data: Security needs to be interwoven into business processes and architecture from the start – not added later as an afterthought. Network, workload and data must be isolated and segmented to minimize the blast radius and accelerate containment. Additionally, automation must be applied wherever possible.  
  4. Secure Endpoints: Assume that getting hacked is not a matter of how but when. Similarly, organizations should never assume that client endpoints are secure without first confirming that they are indeed safe. Businesses should only transfer necessary information to endpoints. 
  5. Verify Services: Static as well as “by default trusted” binding should not get used on services - as an alternative - companies should align their resource access model with their identity access management (IAM) strategy through all SaaS, API providers and online applications. 
  6. Review Corporate Services: Regardless if the SaaS host is internal or external, all corporate tools need to be united with the enterprise identity model while also supporting fine-grain controls. 
  7. Secure Development Practices: Along with immutable infrastructure, two models that will help businesses align their systems with zero trust are the Secure Software Development Model (SSDM) and the continuous integration/continuous delivery (CI/CD) pipeline.
  8. Trust No Runtime: Runtime models are not perfect, bad actors will gain access eventually. All runtimes must be strengthened and made unchangeable where possible.  
  9. Trust No Network: A business should never assume that a network is impregnable, even if its employees use a virtual private network (VPN) while on the corporate network. Companies should implement multi-factor authorization (MFA) along with layered security controls. 
  10. Think like a Hacker: Businesses need to think like threat attackers to understand how they operate. By examining their own system from a hacker’s perspective, corporations can see weak points and issues they may not have noticed. 


The Four Pathways to ZTA

There are four pathways to ZTA, and although advice varies on which is best, they are all similar at a fundamental level. Here is a summary of the four:  

 

  1. Identity-Centric Model: This model is the most standard starting point and foundation of the four pathways. Businesses can even add pieces of the other three pathways where suitable. It is ideal because it unifies control identities across an entire ecosystem, including partners, customers and employees. Because so many business operations require access to the internet, it can become impossible to verify security credentials. By linking the user’s identity, device, service or network to the requested transaction, and by leveraging multi-factor authentication (MFA) and challenge-response authentication (CR), this model establishes control. 
  2. Network-Centric Model: The basis of this model is that a company builds distributed and layered network isolation structures. Building these structures is dependent on miscosegmentation or the process of setting up small and well-defined boundaries through a next-generation firewall that is logically spread across an entire enterprise, reaching both on-premise or hybrid cloud coverage. 
  3. Workload-Centric Model: Much like the network-centric model, the main principle of this pathway is that everything, particularly APIs and runtimes, is broken up into smaller units that are layered and secured. Runtimes, for example, get segmented into distinct microsegmentations, contained at properly configured nodes, and tested in sandboxes for monitoring purposes. Another component of this pathway is containerization or breaking down an operating system into units for further segregation preventing bad actors from getting ahold of all parts when they gain access.  
  4. Data-Centric Model: Encryption is vital to protect against unauthorized access and visibility of assets, but it is only as tight as a key management policy allows. Through this fourth model, enterprises can understand where data is coming in and out of their system by breaking up the data into smaller units and assigning them special tags – much like the previous models. With ZTA, bad actors are like vampires counting every grain of rice because they must decrypt each unit when they get into a system rather than having unchallenged access to everything. 

 

Most companies combine all four models for the most optimal solution, referred to as a hybrid approach to ZTA. But regardless of the approach, there is no denying that a digital transformation is an option but rather a need. Cyberattacks will only become more common and even more costly, meaning companies must bring the same agility used in business into their security architecture. With the understanding that nothing is 100% safe and by adopting a zero trust mindset, security teams will elevate the protection of the business from the customers to the employees and ultimately the bottom line. 

KEYWORDS: cyber security remote work risk managment zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sam rehman 2

Sam Rehman is SVP and Chief Information Security Officer for EPAM Systems. Rehman has more than 30 years of experience in software product engineering and security. Prior to becoming EPAM’s CISO, Rehman held a number of leadership roles in the industry, including Cognizant’s Head of Digital Engineering Business, CTO of Arxan, and several engineering executive roles at Oracle’s Server Technology Group. His first tenure at EPAM was as Chief Technology Officer and Co-Head of Global Delivery. Rehman is a serial entrepreneur, technology expert and evangelist with patented inventions in software security, cloud computing, storage systems and distributed computing. He has served as a strategic advisor to multiple security and cloud companies, and is a regular contributor in a number of security industry publications.

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Man in suit looking out at city

    A CISO's perspective on the modern cybersecurity landscape

    See More
  • cyber-shield

    The perfect storm: Finding new ways to navigate and mitigate the cybersecurity pandemic

    See More
  • remote work

    What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products

Events

View AllSubmit An Event
  • January 16, 2025

    Preparing for the 2025 Threat Landscape

    ON DEMAND: In 2024, businesses faced a barrage of critical events with far-reaching impacts. From record-breaking storms and costly infrastructure failures to contentious election cycles and sophisticated cyberattacks, companies are navigating an increasingly complicated threat landscape.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!