Express Computer recently organised a webinar, powered by IBM, on ‘What you need to know before you start your Zero Trust program?’
The speakers for the session were from IBM India team, Shivaswaroopa NS, Consulting and Delivery Lead – Security Services, IBM India Pvt Ltd and Tushar Haralkar, Security Software Technical Sales Leader, IBM Technology Sales, India-South Asia. Both experts, who have the experience of working with enterprise clients on their zero trust programs, shared a practical approach to zero trust implementation.
To overcome webinar fatigue, the webinar was conducted in a unique role-play business interview format that gave it some fresh energy. The innovative format saw Tushar and Shivaswaroopa playing the role of trusted advisors, answering questions of a fictitious CIO while presenting before the audience how enterprises can launch or accelerate their zero-trust journey.
Why zero trust?
Today, more workloads are on cloud. More and more customers are engaging in digital transactions – and enterprises need to provide them with a smooth but also a secure online experience. Also, there are more regulatory compliance requirements, and they are getting more stringent. Last, but not the least, more contractors, suppliers, partners, and employees working remotely.
All this means there exponentially more endpoints for IT teams to support, but with reduced visibility. Moreover, it’s all interconnected – devices, users and data are inter-linked like never, and that his increases the risks and chances of a breach. Amidst all this, how do you minimize the impact of a breach?
This is where a zero-trust approach comes in. Zero-trust aims to wrap security around every user, every device, every connection — every time.
“Zero trust is not a product it’s a security strategy based on three key principles. The first is never trust always verify, second is enable least privilege, and third is assume breach.” said Tushar. He added that “zero trust is the new normal in today’s perimeter-less world where users are accessing data from anywhere, any place, and any device.”
Shivaswaroopa believes that “Lateral movement within the enterprise causes maximum damage. Zero trust essentially helps you in minimising this lateral movement by examining every transaction that happens, this minimizing the impact of a breach.”
Key zero trust use cases
Having established why zero trust is the need of the hour in the new normal, the experts moved on to answer the query of the fictitious CIO about the key use cases that zero trust can address. These are:
+ Reimagine hybrid cloud security: Move to hybrid cloud with confidence using a zero trust security approach.
+ Preserve customer privacy: Use zero trust to make data access limited and conditional.
+ Address rising insider threats: Continuously verify users and reduce data exposure with zero trust.
+ Protect remote workforce: Use zero trust to enable your anywhere workforce with everywhere security.
Tushar said, “It is time to go fearless with zero trust.”
How to get started with zero trust?
The next part was where Tushar and Shivaswaroopa focused on how enterprise customers can get started with their zero trust journeys.
Shivaswaroopa says, “While the philosophy of zero trust has matured in scope for nearly a decade that it has been around, the fact is that zero-trust effort remains challenging to kickstart.”
This is because zero trust implementation requires integration across multiple security domains, even as security programs today are operating in siloes.
To get started, enterprises need to identify security gaps against the zero-trust governance model, that has 5 different stages – ad-hoc, repeatable, defined, managed, and optimized. This step helps answer a critical question necessary to get started – where are you on your zero-trust journey?
As next steps, it is important to build a detailed zero trust security roadmap that is aligned to the enterprise’s unique security, industry compliance and investment strategy requirements.
Lastly, implementation of zero trust principles results in different technical solutions and approaches for different uses cases. Thus, it is important to follow a use case-based approach to help mature new or existing zero trust capabilities across multiple security disciplines for faster zero trust adoption. It can be challenging for businesses to seem to know where to start or how to merge their existing solutions into their zero-trust security strategy. The early stages of implementing a zero-trust strategy can seem daunting, as there can be multiple projects across different parts of the security team.
“That is where IBM Security comes in,” Shivaswaroopa added. “Zero Trust is not a sprint, it’s a marathon – a gradual process, as Forrester describes it. IBM Security can help simplify and progress an enterprise’s zero trust journey with an actionable, flexible and a programmatic roadmap.” he concluded.