Are CISOs ready for zero trust architectures?

2020-02-20 07:00

"Every request to access a resource starts from a position of zero trust. Access decisions are then made and enforced based on a set of trust metrics selected by the organization. These trust metrics could relate to the user, their access device, the resource to be accessed, or a combination thereof."

What other business justification could CISOs spell out? One of the benefits is micro-segmentation, which is both a cause and a pre-requisite of zero trust architectures - depending on the organization's starting point.

Zero trust architectures are only possible when organizations know exactly what their users, device assets and applications are, and how these are configured, interrelated and secured.

Herein lies a problem that most CISOs will face: A high percentage of organizations would attain very low maturity in design and implementation of these 6 core CIS controls, meaning a move to zero trust architecture without sorting the basics first should be avoided.

In conclusion, given the complexities of a zero trust retrofit into existing networks and systems, CISOs should focus their energy on A) embedding zero trust into wider organizational transformation roadmaps, and B) focusing on automating the basic security controls before attempting potentially costly and doomed-to-fail zero trust re-architecture programs.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/zw_ZwfvaynY/

#ciso #zerotrust