IBM execΜύadvocates βzero trustβ approach to securityΜύ
Companies that employΜύβzero trustβΜύβΜύanΜύapproach to security that relies on continuously verifying the trustworthiness of every device, user, and application in an enterpriseΜύβΜύhad a smoother transition to working from homeΜύthan those that didnβt, according to a study by Enterprise Strategy Group (ESG), an IT analyst, research, validation, and strategy firm.Μύ
According to the study, released in April, 45% of organizations who were more mature in their zero trust strategies adjusted betterΜύto telework as compared toΜύ8%Μύof those that were lessΜύmature.Μύ
βWe have many applications in the cloud, and we manage many devices especially in IoT (). Zero trust helps us manage this new environment and protect Dowβs information,β said Mauricio Guerra, chief information security officer of plastics manufacturerΜύDow Chemical Company, atΜύ, a two-day virtual conference that ran May 11β12.Μύ
With theirΜύusers, data, and resources spread around the world,Μύcompanies have to prioritizeΜύsecuringΜύpotentially sensitive or confidential dataΜύatΜύevery layer of the organization.ΜύΜύ
KEEP YOUR OWN KEY
AtΜύthe same conference, IBM Systems senior vice-president Tom RosamiliaΜύsaid that there areΜύΜύto the zero-trust approach:Μύleast privilege access; never trust, always verify; and assume breach.ΜύΜύ
Open security, he added, is critical to the success of zero trust. Open-source software is code that is designed to be publicly accessible β anyone can see, modify, and distribute the code. IBM has been betting on open source for a long time, said Mr. Rosamilia, with itsΜύsubsidiary Red HatΜύenabling community-driven innovation.Μύ, according to Red Hat, include lower cost, transparencyΜύ(which reduces software bugs), and collaborationΜύ(which accelerates innovation).Μύ
Mr. Rosamilia also warned againstΜύrelying on a single provider.ΜύβCustomers have key control [of their data],βΜύhe said.ΜύβItβs called keep your own key. DonβtΜύentrust your data to anyoneΜύβΜύnot us, not anyone else.βΜύ
TIPS FOR IMPLEMENTATION
AlthoughΜύzero trustΜύoffers improved security,ΜύitΜύis not easy to put in place,Μύ. Itβs a gradual process requiring security teams to coordinate and understand the context behind all the connections occurring in the business: data, users, devices, applications, and workloads. Four tenets can be considered to be successful with zero trust, said the paper:Μύ
- Define context-organizations need to understand what users, data, and resources are connecting across the business to create coordinated security policies aligned with business goalsΜύ
- Verify and enforce- organizations need to continuously verify that each and every connection is acceptable and trustworthy at that momentΜύ
- Resolve incidents- organizations need to always plan for anomalies such as new business situations or incidents stemming from unknown threatsΜύ
- Analyze and improve- organizations need to realize that security is never βdoneβ and continually improve their security posture by adjusting policies to make faster, more informed decisionsΜύ
βMy advice would be to start by developing a growth map,βΜύsaid Dow ChemicalβsΜύMr. Guerra.ΜύβWhere do you want to be? How will you get there? This will change over time, but you need a road map to make sure youβre heading in the right direction.βΜύβΜύPatricia B. MirasolΜύ
