Cyber security experts often meet with the issue of figuring out how to apply multiple lines of defence while still making sure the product is convenient for the customers.
Why is Zero Trust implementation the next step in cyber security? Will it ensure bulletproof security?
Nothing can ensure a bulletproof level of security but by implementing a ZTA it is another part of the defence in depth model that we have been using for a long time. It is a strong defence and helps to prevent lateral movement in the event of a compromise ensuring that data is not easily accessible just because one box gets compromised.
How to balance applying multiple lines of defence but still maintain customer’s level of convenience?
Security has always been a trade-off between being secure and being convenient. If we applied all of the security tools and methods that we have access to then we would have a near impenetrable system but it would be unusable by our customers and colleagues. At the other extreme if it was designed so that it was seamless to users with few security controls it would not last a week. So, with any new technology or control there is an element of user acceptance testing that has to take place to make sure that it is not too inconvenient to use and penetration testing to make sure that it is not a soft target. If things are made too hard then users are often driven to find ways to bypass the controls as they always have.
How can companies train the employees in order to mitigate the human error and help with the Zero Trust approach?
With ZTA, the main work is to shift the thought process of network architects and software developers so that infrastructure and software works in the new environment alongside all of the other controls that are put in place. Developers and architects are used to mutual authentication for things such as API’s, the process now has to be extended so that all internal and internetwork connections are also authenticated by both parties. It is not a difficult thing to accomplish, it is just the scale that has held people back.
Matt LEMON, CISO at Aspiegel/Huawei Mobile Services has a PhD in Cyber Forensics & Counter Terrorism as well as an Masters from MIT in Computer Science. He has almost thirty years of Security and Intelligence Experience and has worked for several Multi-National companies such as IBM, UK & Irish Governments with global travel exposure. His current responsibility is to direct the security operations for mobile and cloud ecosystems as well as managing the vulnerability analysis, penetration testing, red-teaming and incident management functions; among others.