Cut the $hIT 2023 Recapped: Five takeaways on Zero Trust Architecture

Plow Networks hosted it’s 2^nd annual Cut the $hIT live podcast event this fall, with an excellent panelist lineup including Fortinet’s VP of Engineering, Clearwater’s Chief Risk Officer, Insentra’s CIO/CISO, CRC Group’s Cyber Insurance Specialist, Plow Networks’ Director of Technical Development, and one of Jamf’s Apple Security Specialists.

Bryan Link, Plow Networks’ Chief Operating Officer and host of the “Cut the $hIT” podcast led the discussion on Zero Trust Architecture, focusing on the principles of the approach and how organizations can implement them practically.

Here are five takeaways for technology and business leaders:

1. Zero Trust is a paradigm shift in the way we look at Information Security

Traditional security uses perimeter-based protection, relying on creating a secure perimeter, or “castle and moat,” around the network and only allowing trusted traffic to enter.

This perimeter-based approach made sense once upon a time when the company’s assets were all in one place. The pandemic really made the perimeter obsolete, with employees working from anywhere and from their own devices.

The Zero Trust model assumes all network traffic, including traffic originating from within the network, should be treated as untrusted and subject to verification and validation.

Zero Trust focuses on the identity of users, devices, and applications and enforces least-privilege access policies to limit the potential damage that an attack can cause if they do penetrate the network.

This is a new way of thinking about security, not something you can buy.

2. Zero Trust isn’t just another buzzword

Zero Trust as a framework changes the game. One of the ways Zero Trust is different than other security approaches is that it’s a proactive, not reactive, model. Zero Trust leverages telemetry data to automate responses. This increased visibility means IT departments within organizations can better track their networks and immediately detect suspicious activity, giving them time to focus on business strategy.

If there’s anything you remember about Zero Trust, it’s these two principles:

• Authenticate and authorize every device, user, and network flow: A Zero Trust model authorizes and authenticates user access by least-privilege access on a per-session basis.
• Assume breach: Basic practice before zero trust had been to assume that if you were accessing a known network, you could be relatively sure it was secure. With zero trust, you assume it is not secure.

3. Zero Trust is a journey.

We’re all on the journey to Zero Trust. So, where do you start if you’re an organization wanting to adopt this approach?

Our panelists suggested identifying critical services and/or applications to your organization. Know who uses what, where, and how they access that data.

Once you do this, a risk assessment is a good place to start to help you identify where your security gaps are.

4. Education drives adoption

Adoption and change management when adopting Zero Trust is critical. This is because the risks are no longer just in the workplace but everywhere.

Educating internally, especially the C-suite, is one of the most effective ways to protect sensitive data and ensure Zero Trust data security by fostering a strong culture of security awareness among employees.

5. Unpacking the costs: more than just financial

The good news is a lot of organizations already have access to tools that allow them to use solutions within the Zero Trust model; they just aren’t using them.

In addition to understanding the principles of ZTA, our panelists shared that when selecting your technology, it’s more important to have solutions that communicate with each other versus best-in-class solutions that don’t integrate with one another.

Listen to the full panel discussion on November 28 wherever you get your podcasts. Subscribe to Cut the $hIT now.

Follow Plow Networks: Twitter, LinkedIn, Facebook, and Instagram