六月 27, 2023

Putting Zero Trust into Action with Forrester’s Heath Mullins

Mike Crouse

Today, securing hybrid workers and the data they need to access is a challenge that faces both government and commercial customers alike. Implementing a true Zero Trust infrastructure, a concept that at its core is built on the premise of not trusting anyone or anything, will go a long way to getting organizations there.

 

Moving from the Zero Trust concept to implementation was the basis of a recent fireside chat I participated in with Forrester Senior Analyst Heath Mullins.

Many security professionals understand that Zero Trust done right helps protect all aspects of an organization. But getting to that point continues to be a challenge even for businesses and government agencies with ample resources.

Our lively fireside chat went beyond the concepts to discuss tangible steps forward, tackling topics like:

Where to start:

  • Two key places: 1. Understanding network dependencies and 2. Tackling data visibility

How to start:

  • Conduct a thorough assessment to find dependencies
  • Assess what you have: Cloud properties, data centers, remote access users, etc.Doing so will help understand overlap and duplication
  • Sharpen your data visibility (discovery, classification, data tagging, etc.)Data Classification contributes to getting data tagging off the ground

Benefits of micro-segmentation:

  • Gives organizations the ability to see everywhere from cloud to on-prem to hybrid worker
  • Allows for protecting down to the application level
  • Biggest problem with micro segmentation: You have to be a network shop to fully implement

Role of new tools like RBI and CDR

  • 2014 - 15: Started as a way to protect CEO
  • Necessary since attackers have shifted from C-suite to lower-level employees

The shift from point products to platforms

  • In 2013 or 2014, platforms were the focus; didn't work initially because of vendor lock-in fears; trended to best-of breed
  •  Zero Trust paradigm is causing a shift back to the platform side
  • Operationally, it's much easier to train SOC teams on one platform

Role of Analytics in Zero Trust

  • UEBA indicators = Understanding typical behaviors at employee level
  • However, understanding needs to go beyond indicators: engagement with management, co-workers, etc.
  • Did this person access something they're allowed to, but shouldn't or if they're accessing frequently – that could be a red flag

 

To hear more, tune into the on-demand ‘Putting Zero Trust into Action to Secure the Hybrid Workforce’ discussion between me and Forrester Senior Analyst Heath Mullins.

To go even deeper into Zero Trust by digging into Forrester’s ‘Chart Your Course to Zero Trust Intermediate’ report.

Mike Crouse

Mike Crouse is the Director for Enterprise User and Data Protection at Forcepoint Global Governments and Critical Infrastructure. He works closely with industry thought leaders, executives, and the Forcepoint management team to help guide long-term programmatic and technology...

Read more articles by Mike Crouse

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.