COVID-19 has slowed the adoption of many technologies, as budgets require organizations to reconsider business priorities. However, a new poll from Deloitte shows that for organizations shifting to a security-centric business model, zero trust may be even more of a priority than before.
I was chatting with a chief information security officer (CISO) recently, and we started talking about motivation and the role of love and hate in driving ourselves towards our goals. In cybersecurity, we tend to think about external opponents, most notably white hats vs. black hats, but rarely discuss the internal factors that guide our day-to-day decisions. Humans are dynamic beings that aren’t driven solely by love or hate (despite what the chatter on social media may have you believe). We do, however, have predilections based on our personalities and environment. How we choose to deal with those influences shapes who we become. A good strategy is a combination of love and hate where organizations work towards a grand vision of their future while eliminating things they hate one after the other.
Zero Trust model creator John Kindervag puts it like this: “The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.” He came up with the model in 2010, at a time when many businesses were just beginning to put foundational cybersecurity controls in place and over-relied on the assumed security inside their enterprise-owned network boundaries.
You are a new Chief Information Security Officer (CISO) in the financial services industry. You are excited about the job but anxious due to the scale of the cyber threat from a range of actors: lone-wolf hackers, organized crime syndicates, governments and their proxies, and insiders. As you think through your game plan for addressing these threats, what’s your most important first step?
As we look ahead to the rest of 2020, securing identity access will once again be everywhere, but we are predicting that with the help of artificial intelligence and machine learning (AIML), there will be a more positive narrative to creating and managing an immutable digital identity.