Podcast: Play in new window | Download (Duration: 14:22 — 13.2MB)
Subscribe: Apple Podcasts | TuneIn | RSS
Compliance teams have long advocated for building more trust in the workplace. That is good idea for the corporate culture, but, counsels Sese Bennett, a virtual CISO for CereCore Advisory Services, going the exact opposite way may be better for your IT security. There he advocates organization never trust and always verify.
So, what is a zero trust approach? It assumes that just because someone has logged in to your system doesn’t mean that person is who he says he is or that she can access the entire system. In practice that means carefully controlling access both into the network and within it. It means preventing people from accessing a low value part of the network and giving that person access to higher value servers. It means having a system that knows an individual doesn’t, say, normally login from Pakistan at 4:00 in the morning. It monitors sudden changes of usage.
Importantly, he explains, a zero trust approach is not necessarily intrusive. Users won’t be forced to login repeatedly to prove who they are. Instead, it can work behind the scenes and be invisible to the end user.
Listen in to learn more, including what teams you will need internally to adopt a zero trust approach and potentially better protect your data from breaches.