Intelligent CISO Issue 50 | Page 41

EXPERT OPINION

If achieving effective security is the question … Zero Trust is the answer

Operating with a Zero Trust approach has never been more desirable as cyberattacks become even more sophisticated . Steve Singer , Regional Vice President and ANZ Country Manager , Zscaler , talks about the importance of having a robust Zero Trust strategy in place and tells us how IT leaders can achieve effective security with this model . he past two decades

T have seen astounding progress made in all areas of Information Technology . From the rise of the smartphone and cloud computing to exponential increases in processor and storage capacities , IT ’ s role as a critical business enabler has never been more evident .

However , during the same period , the power of cybercriminals has also increased . As a result , cyberattacks have skyrocketed , resulting in significant disruptions and losses .
Zscaler ’ s 2022 ThreatLabz Phishing Report showed a dramatic 29 % growth in overall phishing attacks compared to previous years , with retail and wholesale companies bearing the brunt of it . At the same time , the report also showed an emerging reliance on Phishing-as-a-Service methods , as well as new attack vectors such as SMS phishing becoming one of the more prevalent methods of intrusion .
In response to this deteriorating situation , growing numbers of organisations are adopting a security strategy known as Zero Trust whereby all traffic is deemed Zero Trust traffic , identity and context always come before connectivity and applications , including app environments , should remain invisible to authorised users .
This strategy comprises a set of security principles based on the idea that reducing granted trust for access will lead to greater assurance of authorised identity .
In a Zero Trust environment , cybersecurity is attuned to the way people work . It becomes data-centric , and authorisation is based on identity and context rather than tied to a device .
Zero Trust adopts the philosophy that all data moving across a corporate network should be viewed as being potentially hostile . Nothing is trusted and access should never be granted based on the assumption of trust .
Least-privileged access
At its heart , Zero Trust principles assume all data represents a potential threat . As such , any authorisation to progress forward with work requires disproving the premise that the data was already compromised . This contrasts with legacy security infrastructure and standard www . intelligentciso . com
41