Our Roundtable Sessions are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. The group met remotely to discuss where to start your zero trust journey, led by the CISO of one of the largest national home leasing companies. This Session was sponsored by Palo Alto and Tufin.
A zero trust model entails that an organization doesn’t inherently trust anything, be it inside or outside the network. No one should have more privileges or access rights than they need to do their job. Zero trust helps organizations navigate the modern security landscape, including remote workforces, multi-cloud environments, and sophisticated cyberattacks. But what does it take to achieve zero trust? What are the fundamental elements that you need to be focusing on? And most importantly, where do you begin?
Multiple participants agreed that people, process, and technology are the fundamental pillars of zero trust. Train your people to use the processes that can help keep your organization secure. Technology can help fill in the gaps wherever required, e.g., you may have to purchase an identity lifecycle management solution to implement better access control.
An executive emphasized that zero trust is a journey— crawl, walk, and then run, don’t jump. Instead, go step by step, get small victories in, gain advocacy from stakeholders across the organization, and gradually implement the policies across the organization.
An attendee remarked that before you begin, try to get the buy-in from your executive leadership. They will act as enablers throughout the project. As a first step, find an area where you can make an immediate impact, such as a business unit where many of your close colleagues work. Start training a small group of people, get them on board the zero trust journey, see tangible results, find your change champions, and slowly expand across the organization.
A CTO argued that technology might be the best place to start since the attack surface has grown exponentially in the last few years. Security analysts in most organizations are burdened by alert fatigue, and without the proper tooling, they just cannot prioritize risk. Malicious actors are using advanced machine learning techniques to infiltrate networks, and unless organizations follow suit, breaches are inevitable. Modern tools allow early detection, threat contextualization and prioritization, and automated remediation, which are crucial to staying protected in today’s world.
Multiple speakers concurred that it’s virtually impossible to keep everything in check without automation. Business applications are spread across various cloud platforms, people are geographically distributed, network topologies are getting increasingly complex; unless you automate, it’s simply not possible to maintain visibility in everything. Automation also helps you balance security and speed, ultimately decreasing your time to market.