BeyondCorp Weekly 57
Ivan Dwyer - May 8, 2018
Now I’m sure you’ve all had your fill of interviews courtesy of our BeyondCorp Community Lounge during RSA, however I’d like to point your attention to another one definitely worth a listen. This time, it’s with Chase Cunningham, Principal Analyst at Forrester. Chase has been leading the charge around Zero Trust, and has a lot of great things to say.
https://go.forrester.com/what-it-means/ep62-zen-zero-trust/
To cut to the chase (no pun intended), here’s a few quick highlights from my perspective:
Compliance is not a strategy. Having a secure network is not a strategy. Those are just things you want. Zero Trust is a strategic initiative, a methodology to follow.
It’s the architecture behind Zero Trust that delivers the outcomes you want and need. It’s not just another product you drop in, or another checklist item. Progression of the technology is driven by the solution.
Getting budget for a Zero Trust initiative shouldn’t be that hard. Make the case to stop paying exorbitant funds for all the legacy perimeter-based products that don’t work anymore. Next-Gen Access with microsegmentation solves a number of the problems without having to buy a ton of new products.
Writing policy for the sake of writing policy gets you nowhere (I’ve referred to that as the Adherence Gap in the past). You need to be able to enforce the policy effectively, which can only be accomplished with the right underlying security architecture.
Monitoring employee and device behavior to enforce policy really gives them no choice other than to follow Zero Trust. From the telemetry data, you can start to apply behavioral profiling.
Zero Trust is top of mind at a large percentage of organizations. In a survey of 400 enterprises, Forrester found that 60% of respondents are actively pursuing Zero Trust, and 15% will be moving forward in the near future.
Great stuff as always from Chase, and I look forward to more of his research and content around Zero Trust. Here are a few other things that caught my eye this past week.
How to make CISOs comfortable with cloud security [TechRepublic]
Even as cloud adoption continues to spread through even the most laggard of enterprises, security is still that last domino to fall in some cases. This article points to a people concern more so than a technology concern, as operating cloud security requires a different type of skill set than traditional measures. As stressed by Chase’s interview above, making the right investment into Zero Trust is essential to ensure you’re not the next front page breach.
Reflections on RSA 2018, Zero-Trust At the Center of It All [CloudHarmonics]
Here’s an RSA roundup post I missed last week, and one that focuses on Zero Trust. I didn’t get much time to spend on the conference floor, but what I did see definitely felt like a lot of vendor shill. Now that we’ve reached this level of the hype cycle, it’s going to be extra important to filter out the noise. Thankfully it’s relatively easy because the model is centered on a particular architecture that will reveal what is true and what isn’t.
The Security Profession Needs to Adopt Just Culture [Securosis]
In the wake of Twitter revealing that they had inadvertently stored passwords in plain-text in log files, many were quick to rage point their fingers. The way they handled the situation was admirable, however, and should be a model for the industry. Here, the good folks at Securosis break down the concept of Just Culture, which is “about fostering an open culture of safety where mistakes – even individual mistakes – are used to improve overall system resilience.”
Upcoming Events
Our next event is right around the corner, this time at our partner Okta’s annual Oktane conference in Las Vegas. We’ll be showcasing how ScaleFT integrates with Okta to deliver a true Zero Trust architecture.
If you’ll be there, make sure to stop by the ScaleFT booth #EE6. You can schedule a time for a personal demo here or just stop by any time during the conference.
We’ll also be throwing a happy hour right after the final keynote on Thursday. Join us for Beyond Oktane18 at Herringbone, from 4PM - 7PM.
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT
Ivan Dwyer
Ivan Dwyer is the VP of Product Marketing at ScaleFT, working with the community to raise awareness around BeyondCorp and Zero Trust for organizations of all kinds looking to modernize their security architecture.
