Weekly Summary (9/13/2021): TCISA’s now public draft for their version of a Zero Trust Maturity Model aims to help agencies develop their Zero Trust strategies and implementation plans. Its major tenet is to “prevent unauthorized access to data and services coupled with making the access control enforcement as granular as possible.” In non-government terms, Zero Trust shifts from a location/network-centric model to a more data-centric approach for fine-grained security. This makes a lot of sense and is the prescribed model that the DoD has been reviewing for a long time. But while securing the cloud can be difficult, especially in the behemoth that is the government cloud system, it’s a very solvable problem. The industry has the tools, and we know how to do this correctly. And the cloud is the “final frontier” of where we can fully implement a greenfield ZT infrastructure, but we must be strategic and programmatic to get it right. It is fair to say that moving to Zero Trust is non-trivial. CISA states, “it requires a change in an organization’s philosophy and culture around cybersecurity. The path to Zero trust is a journey that will take years to implement.” I couldn’t agree more.
Cyber News and Zero Trust Podcast: Subscribe to Chase’s podcast channel to hear him and his guests discuss the latest cybersecurity news. Click here to listen on Spotify. Click here to listen on iTunes.
YouTube Conversation: Why is data security so damn hard?: Listen to Dr. Chase Cunningham’s (aka Dr. Zero Trust) conversation with the team at Nullafi about why data security is hard, what we should be doing, and how this space is evolving as threats evolve. Click here to watch on YouTube.
This Week’s Posts
White House hits the gas on zero trust
Newly released strategy and technical guidance documents covering zero trust and cloud security are open for comment as part of a federal cybersecurity push.
Read More
This Week’s Posts
A zero-trust future: Why cybersecurity should be prioritized for the hybrid working world
The Zero Trust approach supports the mutual needs of businesses and their employees for the present and future hybrid world of work.
Read More
This Week’s Posts
Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment
Most attempts at achieving Zero Trust access today are a patchwork of disparate products from different vendors connected to VPNs.
Read More
This Week’s Posts
Modern cybersec tools are often inadequate for the remote workforce
The way many of us work may have changed, but what hasn’t is the way we protect our companies and our digital assets. Most companies still use VPNs.
Read More
This Week’s Posts
The Zero-Trust Approach to Managing Cyber Risk Explained
The Biden administration a draft blueprint for a so-called “zero trust” approach to fending off cyber hackers. Here are the basics.
Read More
This Week’s Posts
Passwordless Protection: The Next Step in Zero Trust Security
Zero trust architectural components can also be leveraged for the next evolution in authentication, which is passwordless access.
Read More
This Week’s Posts
Zero Trust Model Overcomes the Limitations of ‘Castle-and-Moat’ Security
Traditionally, organizations relied on a strong network perimeter to keep the bad guys out. With that perimeter increasingly porous, a new approach is needed.
Read More
This Week’s Posts
Zero-trust security could reduce cyber trust gap
Breaches have opened a cyber trust gap between companies and customers, but a recent KPMG study suggests steps forward.
Read More
This Week’s Posts
What Are Zero-Trust Benefits and Challenges?
Zero Trust benefits include enhanced security, adapting to a remote work environment and a cloud environment, and simplifying an organization’s security architecture.
Read More