07 Jun Two Tips On Zero Trust Networks From The Former White House CIO
Theresa Payton on what you need to know about one of today’s hottest buzzwords
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Jun. 7, 2019
Theresa Payton is a globetrotting cybersecurity CEO, author, keynote speaker, and actress. Her company, Fortalice Solutions — a cybersecurity intelligence and operations provider — has been on the front lines of hundreds of incident responses.
This week, Theresa talks about one of the biggest buzzwords we’re hearing — zero trust networks. Cisco states that the original tenets of a zero trust network are: Make security pervasive throughout the network, not just at the perimeter; Attackers or malicious insiders will penetrate threat-centric defenses.
In her latest video, Theresa offers two tips for CISOs and security teams, no matter where they are on their zero trust journey.
First of all, you have to get everyone on board with a true least privileged access program — from the lowest level employee, all the way up to the CEO. It also includes your third-party vendors and third-party applications. If not, then you need to make sure that you have that in place.
Second, you’re most likely going to have changes made to routers, switches, authentication servers, and application servers, in order to truly move to a zero-trust environment. Who owns those? You’ll need to do some political groundwork to get the buy in from the people that own them.
If you’re a newbie that just stumbled upon this blog, then O’Reilly publishes a primer on zero trust fundamentals, which they state is built upon five fundamental assertions:
- The network is always assumed to be hostile.
- External and internal threats exist on the network at all times.
- Network locality is not sufficient for deciding trust in a network.
- Every device, user, and network flow is authenticated and authorized.
- Policies must be dynamic and calculated from as many sources of data as possible.
Watch Theresa’s 2-minute video for takeaways on how to enhance your zero trust network. Summer vacation will be much safer if you follow this sound advice!
Stay tuned for more cyber advice from Theresa.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.