Zero Trust - Simultaneous implementation of culture & tactical strategies
- Gartner predicts by 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users
- “Zero trust is a shift in thinking to address these threats by requiring continuously assessed, explicitly calculated and adaptive trust between users, devices, and resources.”
- ACS Canberra will be facilitating a roundtable with CISOs and risk management leaders on Zero Trust - an international perspective.
Image source: Principle of Least Privilege (PoLP): What Is It, Why Is It Important, & How to Use It written by Maile McCarthy, and contributing Writer and Illustrator StrongDM 2023. Accessed via https://www.strongdm.com/blog/principle-of-least-privilege
Cybersecurity and IT professionals are likely familiar with the phrase Zero Trust Security. Zero Trust Security assumes low levels of trust for users and devices connected to an organisation’s network and it considers the design and deployment of appropriate security controls to establish and to maintain trust. The idea behind Zero Trust Security has grown over the last decade based on a number of factors, including the growth of public cloud and the threats coming from insiders, not just external attackers. You may also know of this strategy as the Principle of Least Privilege.1
Gartner defines zero trust as a security paradigm that explicitly identifies users and devices and grants them just the right amount of access so the business can operate with minimal friction while risks are reduced. The zero-trust security model therefore is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they need to do their jobs.
Adopting a Zero Trust approach requires significant time and effort. It involves committing to incremental advances towards adopting a technical architecture and business processes that establish and maintain trust throughout the organisation. Gartner predicts that “Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users".2
“Many organisations established their infrastructure with implicit rather than explicit trust models to ease access and operations for workers and workloads. Attackers abuse this implicit trust in infrastructure to establish malware and then move laterally to achieve their objectives,” said John Watts, VP Analyst at Gartner.3 “Zero trust is a shift in thinking to address these threats by requiring continuously assessed, explicitly calculated and adaptive trust between users, devices, and resources.”
To help organisations complete the scope of their zero-trust implementations, it is critical that chief information security officers (CISOs) and risk management leaders start by developing an effective zero-trust strategy which balances the need for security with the need to run the business.
“It means starting with an organisation’s strategy and defining a scope for zero-trust programs,” said Watts. “Once the strategy is defined, CISOs and risk management leaders must start with identity - it is foundational to zero trust. They also need to improve not only technology, but the people and processes to build and manage those identities.
“However, CISOs and risk management leaders should not assume that zero trust will eliminate cyberthreats. Rather, zero trust reduces risk and limits impacts of an attack.” Gartner has predicted that by 2025, 60% of organisations will embrace a zero-trust security strategy.
ACS Canberra Branch will be hosting a Breakfast on Tuesday, 23 May, sponsored by Oracle Consulting Australia and New Zealand, for invited Federal Government executives to provide an international perspective of simple ways that organisations can remedy some of the ways that malefactors work within ICT networks and environments, how large internationals are finding the same/similar issues, and how ICT professionals need to step up.
About the ACS Canberra Hub
The Hub is a custom-built collaborative space for members to drop by and use as a hotspot for meetings and events. Meeting room hire is also available to members and non-members.