Why should IT departments implement zero trust?

LeadershipArchitecture
1.7k viewscircle icon5 Comments
Sort by:
C-Suite in Construction4 years ago

Due to the more than ever increasing number of devices that need access to the system whether from within or remotely

Lightbulb on2
CTO in Software4 years ago

Zero trust is more important now than ever as part of digital transformation and digital resiliency. It's not about slapping your hands. Zero trust does not mean I don't trust my employees. It means I have zero security wherever they are: They're in a coffee shop on public WiFi and I need to protect them. It's not that they're malicious. Too many people think the security team assumes they’re malicious, that's not true. They protect you against attacks you're not aware of. Maybe they haven't done a great job of communicating it, but zero trust means: I trust my employees implicitly and I don't trust the environment explicitly.

Lightbulb on3
CEO in Software4 years ago

Regardless of whether it's a corporate security plan, a data categorization plan, edge strategy, or better automation on a factory floor, zero trust—and security in general—only work if the C-suite supports the expectation of what security should accomplish and how it fits into corporate governance and planning. The biggest problem I've seen is with organizations that take zero trust to mean “I get to watch everything that you do.” That's not what it means to me. It’s a shared responsibility. As humans in the supply chain—for anything in technology but certainly for security—we are victims of our own behavior and assumptions on a daily basis. Whether it's security or the process for building a server, the reason there is DevOps, the reason there are written processes is because of humans. It's that simple.

Lightbulb on2 circle icon2 Replies
no title4 years ago

Zero trust means I want my people to do the best thing possible, but I need to verify what they do because there are malicious actors out there. It’s a protection point on what activity is done.

Lightbulb on4
no title4 years ago

Gartner’s analyst just said everybody's doing zero trust, but we're never going to be able to do that because our network is just not in a good place to do so. It's not unified, so zero trust doesn't even present itself as an option. We're left with either split tunneling via VPN or VDI, neither of which is an elegant solution.

Lightbulb on2

Content you might like

What’s your top barrier to adopting AI-driven pentesting?

Lack of mature vendor solutions41%

Trust in AI accuracy65%

Budget constraints29%

Skills to operate the tools47%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

For those who have trialed an AI pentest solution: what was the single biggest gap you encountered?

Read More Comments

With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

Read More Comments

Microsoft has recently announced Microsoft Loop 2 with remarkable improvements since the first edition. I am wondering if you know it, what the adoption level in your organization or... if you just now are aware of its existence? See here for the latest release: https://x.com/MicrosoftLoop/status/1825672714876551658

It is the first time I heard about Loop14%

I know Loop but I don't use it42%

I know and I use it but it is not a Company streamlined product46%

It is part of the toolkit in the Company and widely adopted30%

I know it but we selected another product (please specify in the comments).1%

View Results