In the fourth episode of the Sekuro Talkshow, Shamane Tan, Sekuro Chief Growth Officer, is joined by Lee Roebig, former Head of Information Security for Fitness and Lifestyle Group, and Sekuro’s current Customer CISO. Read on to find out Lee’s perspectives and insights on what a good Zero Trust strategy is, the common obstacles companies face in implementing it, and if Zero Trust has a place for companies who haven’t embraced Cloud yet.
Breaking Down Zero Trust
Sekuro’s Zero Trust strategy is a comprehensive solution for securing all access to your data, apps and environment, regardless of user, device or location. It’s an approach to cyber security that caters for modern technologies, ways of work, a rapidly changing threat landscape and allows cyber security to join and protect the business on their technology transformation journey.
To kickstart the discussion, Shamane asked Lee how he would break down the concept of Zero Trust to these three different audiences — a business audience, a technical audience and most significantly, a child.
Without hesitation, Lee remarked that to a business audience, he would first prelude with technology is growing at a rapid pace and allowing businesses to thrive, but with a side effect of increased risk exposure. As a result, a modern security framework is needed to protect businesses on their transformation journeys, and Zero Trust is the answer.
On the other hand, speaking to a technical audience, he described Zero Trust as a pragmatic security framework, covering your whole technology stack across eight pillars which include endpoints, networks, data, and more. He stated that it is all about choosing the best technologies to help your business, and embracing newer technologies as well, like Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and remote work without having to sacrifice security.
Lastly, for a child, he used the analogy of a superhero to describe this technical concept: as superheroes’ powers aren’t as strong as they used to be, we need a new superhero to help us and his name is Zero Trust. He knows many of the bad guys’ new tricks, and how to stop them before they hurt more people.
Challenges Companies Face When Implementing Zero Trust
Shamane then followed up by inquiring about some of the common obstacles companies might run into when implementing a Zero Trust Strategy.
Lee mentioned that key challenges could include a lack of clarity about what Zero Trust really is. Many often think that it is just a fad, or a single piece of technology that they would need. However, Lee emphasises the fact that it is an entire way of thinking that needs to empower every security decision an organisation makes. That is why we created the Sekuro Zero Trust Strategy; to help demystify it and show how valuable it can be, and use it to help organisations around the world.
What Does A Good Zero Trust Strategy Look Like?
Perhaps the most important question of all, Shamane raised the issue of what a good Zero Trust strategy might even look like. Lee commented that a good Zero Trust strategy should take into account the whole digital state of an organisation, covering the security of their people, identities, endpoints, networks, infrastructure, applications and data, underpinning all of them with strong analytics. (Eight Pillars of Zero Trust). In addition, these security controls need to be powered by Zero Trust principles which are “always verify”; “grant least privilege”; “assume a breach”; “security everywhere”; “continual analysis”; and “be cloud-ready”.
Does Zero Trust Have A Place In Companies That Have Not Embraced Cloud?
To conclude the discussion, Lee was asked if companies that had not embraced cloud could still gain benefit from Zero Trust. Since all those valuable assets are still within premises, organisations may not think that starting their Zero Trust journey is necessary. In response, he proclaimed that Zero Trust is absolutely for every organisation, even the ones whose data and technology are still on-premise.
On the contrary, Lee reminded organisations that given the nature of flexible work arrangements, organisation’s users, data, and devices are more than likely to be beyond their perimeter. Furthermore, with a younger and more tech-savvy workforce, users are likely and capable of signing up for a third party SaaS application or Cloud storage account for themselves and storing organisational data there. This moves an organisation’s data beyond the secure perimeter, exposing it to significant risks.
In the past, users would lack technical expertise and thus have the need to involve the IT department in all technology initiatives. However, with more users becoming more tech-savvy as we see now, it is important to consider the risks and exposure associated with them utilising different applications and technological tools. Therefore, a key part of a Zero Trust framework ultimately provides visibility and control around the usage of these applications and increases the overall security of your organisation.
A big thank you to Lee Roebig for joining us in this episode!
Sekuro & Zero Trust
Relevant across an organisation’s entire technology and people landscape, Zero Trust redefines how organisations construct their security architecture. Sekuro’s exhaustive approach to Zero Trust leverages capabilities across identity, network segmentation, web/cloud app visibility, endpoint security and more to gain continuous visibility, protection and control of an organisation’s critical data/assets.