George WilkesDecember 12, 2021
PODCAST: How CISOs Can Calm Cybersecurity Chaos With Zero Trust
The pandemic-driven shift to remote and hybrid work. Accelerated digital transformation and increasing cloud adoption. Ransomware attacks on the rise. A shortage in cybersecurity skills. A confusing vendor landscape. How can CISOs address the converging chaos that is cybersecurity right now?
In the first episode of the new podcast series, “Zero Trust Thirty,” we dig into the chaos that CISOs everywhere are dealing with and how a Zero Trust security strategy can help you regain some control. Listen below to hear perspectives from respected Zero Trust security experts Dr. Chase Cunningham, aka Dr. Zero Trust, and Jason Garbis, our Chief Product Officer, as they weigh in on:
- Why CISOs feel like they’re juggling while riding a unicycle that’s on fire
- How to navigate the technology and business demands of the current moment
- Successful strategies for getting started with Zero Trust security
- The core components of Zero Trust security that address chaos right out of the gate
- Under-the-radar business benefits of a Zero Trust security strategy
5 ways to tame chaos with Zero Trust security
Chaos is coming from every direction and CISOs have a lot of balls to keep in the air. Zero Trust can protect you from ransomware risks and other cyberthreats, improve hybrid workplace security and ensure secure access for hybrid and multi-cloud environments. Chase and Jason shared a number of ways CISOs can begin to tame the chaos with Zero Trust.
1. Just get started. Applying Zero Trust principles can seem daunting, but you don’t need to solve every problem up front. Start with a handful of applications and users and deploy a solution in a few weeks.
2. The principle of least privilege is a strong foundation. Default deny is one of the best places to start. No matter how narrowly you deploy a Zero Trust architecture, even if it’s just one application as a starting point, the principle of least privilege will give you complete control over access. Instead of having a wide-open network where you’re trying to subtract access, you gain a closed network where you’re explicitly adding privileges.
3. Use internal partnerships to prove and promote success. The most successful organizations develop partnerships with the application owners involved in the initial deployment. Once you can show the success, other stakeholders will line up to ensure their application is next.
4. Speak the language of business to earn buy-in. Business stakeholders care about simplicity, user experience and getting rid of friction. If you can show them how Zero Trust security excels at all of them and earn their buy-in, you can significantly improve security and compliance. For CISOs more skilled in technology than business, rely on a trusted lieutenant or someone else who can speak the business language and convey the value.
5. Tout the business benefits of Zero Trust. Adopting Zero Trust can reduce security costs in several ways. First, Zero Trust Network Access (ZTNA) can replace multiple tools that solve very similar problems, allowing you to trim unnecessary costs. The average cost of a data breach among organizations with mature Zero Trust programs was nearly $2 million lower than organizations that hadn’t started deployment. ZTNA also frees up IT resources. We’ve seen some enterprises reduce help desk requests by 90%, for example. Others have reduced onboarding time from four weeks to less than a week because they were able to ship a laptop directly to the user with a secure way to onboard.
What’s bugging our guests?
Each episode, we ask our guests to spill the beans on what is bugging them in the world of cybersecurity. It’s a great way to start the conversation about Zero Trust and find out what kind of issues experts, customers and enterprises as a whole are running into.
Dr. Chase Cunningham
You’re going to ask the angriest man in cyber, “What’s bugging you?” That could be a funny day. I think the one thing I keep running into is the folks that still have this kind of attitude of “This is hard. This is too difficult for me to do.” They’re stuck in the question phase of “I don’t know if I should get engaged here.” Like, the ship has sailed. Honestly, if I’m a company and I’m moving on this strategy and I’m engaging in this, I would actually be fine with other folks continuing to hem and haw about not doing ZT because, guess what? Now you’re the slow gazelle on the Serengeti. They’ll get you. They won’t get me. It’s one of those positions of—on a personal level, it irks me. If I put myself in a winner’s mindset, I’m OK with other people not catching up because we’re running in front of the horde. You trip and fall, I’m not pulling you up.
I think the organizations that can’t even do the basics. There’s just dumb stuff, I’m sorry, that they’re doing like when they’re exposing their domain controllers to the internet or they’re exposing their business applications to the internet, with known vulnerabilities. They’re deploying cloud services with read-write access to the world. These are mistakes that shouldn’t be made that put these organizations at significant risk of either data breach or malicious attackers getting in and ransomware getting in the organization. These things shouldn’t be happening.
Interested in learning more about how Zero Trust security can help address the many sources of chaos? Review these additional resources: