I attended Okta’s annual user conference, Oktane, in Las Vegas last week – with ScaleFT as a partner and sponsor. If the quality of the keynote speaker is any indicator, then you’ll be hard pressed to top Barack Obama. It was a personal bucket list item just to be in the same room. The collective response to, “how are they going to top that next year?” was unanimous – “Michelle!”
While not quite as high profile a conversation as Obama and Todd McKinnon, CEO of Okta, I was fortunate enough to capture a few moments of time with Dr. Chase Cunningham, Principal Analyst for Security & Risk at Forrester Research. As you may know, Chase has taken the lead in covering the Zero Trust market, as well as publishing the Zero Trust Extended framework. You can listen to our conversation here:
On the topic of BeyondCorp, Chase and I are in agreement that Google’s implementation is a shining example of Zero Trust in action, but hardly the exact path to follow for most organizations. For the rest of us, it’s best to look at Zero Trust from your own organization’s lens, and find the right small wins that lead you towards positive outcomes.
Make sure to follow Chase’s coverage of the market, as the impact of Zero Trust is highly relevant to the growth of this community. Here are a few other things that caught my eye this past week.
A quick nod to the folks at Okta, this conference announcement mentions BeyondCorp in the context of contextual access. Visibility is a key tenet to any Zero Trust implementation, and only when you shift your controls from the network layer to the application layer can you gain the context needed to make smart decisions.
Whose Team Is Artificial Intelligence On: The Corporations or Hackers? [InfoSecurity Magazine]
Speaking of intelligent decision making, here’s an interesting question – who benefits from having more smarts? Any good security practitioner knows the importance of staying ahead of the hackers, which will get easier in some ways and harder in others.
Sometimes understanding your own attack surface and threat model means looking outside. It’s common knowledge that stolen credentials are among the top (if not the top) reasons behind a breach. It should come as no surprise then that third parties are so often to blame.
This is an excellent post, and one that reminds me of the early days of Serverless (a past life of mine). You could easily replace just about every instance of Ops with Security in this article, and it would remain true. The practice of security may be changing with the advent of automated environments, but there will always be a practice meant for the real practitioners.
Realistic ‘Zero Trust’ for Your Cybersecurity Program [E-Commerce Times]
I appreciate any article that takes Zero Trust beyond theory into practice. The author does a great job balancing new and existing environments, with a focus on each deployment. One quote worth calling out – “Since users are assumed to have the potential to be problematic, the same way that hosts are, it’s necessary to implement application-aware controls and network-aware controls – and they need to work in tandem.”
That does it for this week. Check back this time next week for another set of relevant news, articles, and events. Cheers,
Ivan at ScaleFT