How has your zero trust strategy shifted in the last year, if at all? (And if nothing’s changed, how are you thinking about evolving it in the next year or so?)

Security Strategy & Roadmap Identity & Access Management (IAM)

701 views3 Comments

Sort by:

Chief Information Security Officera year ago

We're accelerating our journey, rather than changing it, by adding more capabilities for users to securely access core services from wherever they're working, with least privilege access, and greater visibility and control around data access and flows. That's a lot of buzz words, but the goal is a technical platform that can be as agile as the business needs it to be, with the appropriate security controls and monitoring in place around that access and activity.

In short, Zero-Trust efforts are enabling us to operate with more agility in more places, so we're moving faster to get them deployed and operationally effective.

Director of Information Security in Services (non-Government)2 years ago

As business goals and strategies are remaining fluid, the approach to zero trust follows as well. The goal of replacing a VPN solution with a solution that also simplifies security management is a high priority. Continuous authentication of sessions regardless of the user's physical location is still a top concern.

Director Information Security in Healthcare and Biotech2 years ago

There are components of zero trust we're working on adopting, but overall, it's not a core focus given other priorities. There's a lot of investment required to get to true zero trust along with a shift in user behavior that takes time.

Content you might like

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

When it comes to running phishing simulation campaigns. What is the best practice on how often they should be run and at what cadence should phishing simulation emails be sent out? Some organizations only run a campaign once per quarter sending out a simulated phishing email about once per week while other organizations run continuous campaigns sending out phishing simulations about once every 2 weeks. What are other organizations doing and what is the best practice?

Do you roll out special initiatives, training or events for cybersecurity awareness month?

Yes, every year!24%

Yes, most years64%

No, but we might start next year9%

No2%

View Results

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

How do you monitor and restrict the types of visitor behavior information and PII 3rd-parties can discern, record, or extract via scripts and applications on your website?

We don't use any 3rd-party scripts16%

We can't monitor or restrict 3rd-party script behavior on our website31%

We trust vendors based on initial reviews22%

We test scripts periodically18%

We use Web Privacy Management, WebAppSec, or PriSec Software8%

We outsource website privacy and app security monitoring services2%

Other (please describe)