Event Recording

Pitfalls in the Road to Zero Trust

Posted on Mar 23, 2022

Zero trust promises better security in a highly interconnected world, but many of the tenets of zero trust are contradictory to entrenched practices and ideas. Getting beyond MFA into a true zero trust environment isn't an incremental change, it's a radical restructuring of how resources are secured and accessed.

Encrypt everything - True end to end encryption means that data packets can't be inspected for malware in between the source and destination. Are your endpoints ready? Can your policies adapt?
Micro-segmentation - Preventing lateral movement of an attacker requires breaking up the smooth flow of data across a network. But segmentation is inherently inefficient. Is your network able to meet the need for speed?
Deny all by default - Users are all in favor of security, until it impacts their ability to work. If access is denied by default, do you have processes in place to quickly approve access when needed? Are the users (including those in the c-suite) on board?
Continuous authorization - Using trust scores works well in white papers, but do you know what the rules governing access to your resources really are? Does your IT department have the authority to drop a user mid-transaction because of a change in their trust score? Have you decided what your risk tolerance is?

Show description

Encrypt everything - True end to end encryption means that data packets can't be inspected for malware in between the source and destination. Are your endpoints ready? Can your policies adapt?
Micro-segmentation - Preventing lateral movement of an attacker requires breaking up the smooth flow of data across a network. But segmentation is inherently inefficient. Is your network able to meet the need for speed?
Deny all by default - Users are all in favor of security, until it impacts their ability to work. If access is denied by default, do you have processes in place to quickly approve access when needed? Are the users (including those in the c-suite) on board?
Continuous authorization - Using trust scores works well in white papers, but do you know what the rules governing access to your resources really are? Does your IT department have the authority to drop a user mid-transaction because of a change in their trust score? Have you decided what your risk tolerance is?

Speaker

IAM Architect
Independent

Rebecca Nielsen

Ms. Rebecca Nielsen is an Identity and Access Management (IAM) architect with over 25 years of experience including IAM strategy development, program management, and business development. She currently works for PKH Enterprises where she provides strategy support to the U.S. Department of...

View profile

Playlist

Zeroing in on Zero Trust