What Does “Zero Trust” Really Mean?
Invented in 2010 by Forrester Research, Zero Trust is a cybersecurity model enterprises can leverage to remove risky, implicitly trusted interactions between users, machines and data. The Zero Trust model provides a process for organizations to protect themselves from threats no matter what vector the threat originates from—whether from across the world or from Sandy down the hall. The three main principles to follow to realize the benefits of this model were:
Ensure that all resources are accessed securely, regardless of location. Adopt a least-privileged strategy and strictly enforce access control. Inspect and log all traffic.
After 11 years, these ideas and principles have matured in the face of growing digital transformation, remote work, and bring-your-own-device proliferation. New principles have developed in light of the U.S. Federal Government mandating Zero Trust, codified in the NIST 800-207 with further details in the NCCoE’s Zero Trust Architecture. Those principles are:
Shift from network segmentation to protecting resources such as assets, services, workflows, and network accounts. Make authentication and authorization (both subject/user and device) discrete functions performed on every session, using strong authentication. Ensure continuous monitoring.
Why Is This Important in Cybersecurity?
The move toward Zero Trust has been one of the more significant shifts in how business approaches security. Before adopting a Zero Trust mindset, most companies tried to manage security as a gated function. Once a transaction was validated in the gated area, it was innately trusted.
This approach presents a problem because threat vectors do not always originate outside that area. Also, the world at large continues to adopt digital transformation and hybrid workforces, nullifying the concept of resources only existing behind a gate. Zero Trust methods require validating each element of every interaction continually—no matter where they occur—including all users, machines, applications, and data. There is no area of implicit trust.
What Is the Spin Around This Buzzword?
Many vendors today productize Zero Trust, naming their products as “Zero Trust solutions” in and of themselves, rather than acknowledging that Zero Trust is a model and strategic framework, not a product solution. When looking at the cybersecurity market, you’ll see vendors try to claim a supposed title is “THE Zero Trust player.”
On closer inspection, however, those vendors typically only address a single principle of Zero Trust. For example, creating tunneling services between users and applications. This aligns with the second original principle: adopt a least-privileged strategy and strictly enforce access control. However, that same vendor might fail on the first principle: ensure that all resources are accessed securely, regardless of location. When they implicitly trust that the user is not a threat vector, they do not scan for malware or exploits inside the tunnel.
Others may cover only some of the aspects of the first original principle, like trying to claim identity and authorization checks are what make Zero Trust. Vendors may also suggest that only web-based traffic needs to be scanned. However, when only partial coverage of the model is implemented, companies risk creating an implicit trust that opens them up to vulnerabilities that would be otherwise covered in the remaining principles.
Our Advice: What Should Executives Consider When Adopting Zero Trust?
The first step is to reframe your thinking on how enterprises should be secured, moving from a gated approach to one that continuously validates all interactions. To help make that shift:
Define the resources your company needs to protect, where they exist, and what interactions should be flowing around, into, and through them.Remember users, applications, and infrastructure/devices must all be covered for every interaction they create. Understand that interactions consist of identity, access, device/workload, and transactions.
Next, enact changes with a plan, beginning with your enterprise’s most critical users, assets, and interactions. Those will be your crown jewels and things that may be related to finance or intellectual property. Then, over time, expand your purview to include all interactions. The plan should cover how the users, applications, and infrastructure go through each of the four parts of an interaction when requesting a resource.
The final step in this transformation is really a recurring event: maintaining and monitoring.
Leverage continuous monitoring to account for everything happening versus intermittent checks. Look for ways to improve the current model as standards continue to evolve while covering more and more interactions.
Questions to Ask Your Team to Successfully Adopt Zero Trust
What are our system-critical datasets, applications, and functionalities? How can we secure each of the four parts of every interaction to these resources, no matter who or what is requesting them? What is our plan to continuously monitor important events like logs to facilitate baselines and detect anomalous behavior? What is our strategy for selecting vendors that will assist us with our Zero Trust goals, and what more will we need to do that products cannot cover? What is the strategy for going from covering one resource to fully covering all resources, and what sort of scalability of products and people will we need to do this?
To learn more about what complete Zero Trust security looks like, click here.
Original Post: cio.com
Bangladesh’s Smartphone City Gathers Chinese Manufacturers
© Provided by Xinhua
DHAKA, July 21 (Xinhua) — Kohinoor Akhter Shikha never thought that someday she could make smartphones in her neighborhood well known as Bangladesh’s textile industry hub.
This was a dream coming true for S
Original Source: bignewsnetwork.com
Scaling One Peak After Another
Cloudera has appointed Remus Lim as vice president of Asia Pacific and Japan, to drive adoption of the hybrid data platform across the region and support customers in their journey to become more data-driven. We’ve asked him to share his vision for Cloudera in APAC and reflect on his past few months since taking up the mantle.
What drew you to the tech space and attracted you to the roles you’ve held?
Being able to uncover the full potential of what tech can do has always been an aspect that excites me. The latest developments in the cloud space are pushing existing boundaries, especially now with how machine learning and AI are transforming business intelligence. The tech space evolves so rapidly that it’s impossible to remain static.
Having spent over two decades in the industry, it has been fulfilling to see how the data and analytics solutions we deliver are helping customers realize their business outcomes.Each journey that we embark on with our customers, reaching one project milestone after another until the vision and strategy become reality, gives me a great sense of achievement.
Why did you choose Cloudera as your latest destination? What was your impression of the company before you joined and was it any different after you started?
Open source reinforces ecosystem growth, and drives adoption and innovation. That was my impression before I joined Cloudera. Was it any different after I started? Absolutely! The pace of innovation is way faster than I expected.
What was your first order of business when you took over as vice president of APAC?
Rally the team towards Cloudera’s next phase! We are out on our multi-function hybrid data platform journey with our customers and partners, focused on driving great business outcomes.
Exploring new opportunities, such as cloud native, is an exciting venture for us.
We are renewing our commitment to the channel by decentralizing our channels team so our channel strategy is more closely aligned to each market..
Working alongside capable leaders to steer high-performing teams is also essential in driving overall growth for the region. Wing Leong Ho has been promoted to vice president of solutions engineering in Asia Pacific, and the team collaborates closely to ensure that our customers are successful.
Wee Tee Lim is the newest addition to our team and he now leads the Association of South East Asian Nations (ASEAN) region, which I was responsible for previously. Wee Tee has a strong solution sales background and is extremely customer focused. I am excited to have him on board to lead our ASEAN team.
I find it important for leaders to have a clear sense of what’s on the ground, and also for the team to be aware of our progress. I’m very focused on making sure the teams have a holistic perspective of the work we do.
As we have adopted a hybrid working mode, there are now more frequent and direct communications among my team on focus areas and opportunities for the quarter. Constant communication and validation through data keep us working together seamlessly while celebrating customer wins across teams and sustaining our momentum.
What are your plans for Cloudera in the region, and what are the top priority projects that you will be starting or leading?
Now that borders are open I’ve been spending time connecting with team members in person. Visiting our different offices gives me a clearer picture of the landscape in which our business operates, from cultural nuances to regulations. Interacting with customers face to face also paves the way for a better working relationship as we develop a more intimate understanding of their goals and how we can work together to achieve them.
Our ultimate aim is to make data and analytics easy and accessible for everyone, and you’ll see new products from us in the coming months that bring this into view for medium-sized companies and cloud native businesses.
It’s common for businesses to think that they will have to sacrifice performance if they choose to be cost efficient, or to forgo control when they opt to move at speed. We believe that with the Cloudera Data Platform we can help customers drive value with both performance and cost efficiency, while fueling growth with speed and control.
Can you share more about the trends you are seeing in the cloud space and how Cloudera can tap onto these trends?
Data volumes and data sources continue to expand at breakneck speed. This influx demands a greater emphasis on leveraging data, and we anticipate that this will accelerate the adoption of a hybrid, multi-cloud approach to APAC businesses. The future data ecosystem should leverage distributed data management components, on multiple clouds and/or on-premises, that operate as a cohesive whole with a high degree of automation.
At Cloudera, we deliver multi-function data analytics integrated with secure and governed data management, for hybrid and multi-cloud data, that is open and extensible and operates as a cohesive system. Being the only hybrid data platform that supports modern data architectures places us in the best position to support enterprises in transforming complex data into actionable insights to become more data-driven.
As enterprises identify more use cases for their data, democratizing access to data and enabling a low-code or no-code approach to data and analytics will be a fit for these needs.
What are your hobbies, and what do you do to recharge?
Like many others, I acquired new hobbies during the “stay home” pandemic. I’m proud to say that I have amassed quite an impressive collection of rare plants including some varieties like the variegated Monstera, Florida ghost, Philodendron Gloriosum, etc. I adopted three cats during the pandemic, a Bengal, a Siberian, and a Maine Coon, and set up a new aquatic tank. My wife is glad that I’m not stuck at home anymore!
Before the pandemic changed nearly everything, I would frequently go on hikes overseas around the Himalayas region in places like Nepal, Ladakh, and China. In fact, adventure invigorates me, because every trip is different and it does not always go as planned. That’s the fun of it.
After seeing Nepalese mountaineer Nirmal Purja share his story of scaling 14 peaks, I’m even more inspired!
As the VP of APAC, you must be very busy. How do you maintain balance between family and work?
It might be easy to lose sight of the boundaries between life and work, even more so if you’re passionate about what you do. Outside of working hours I make it a point to be present when I’m spending time with my family. There are some regular activities we do together, such as attending musicals and art exhibitions. We are art lovers and strong supporters of local artists.
It also helps to have a partner who is aligned on family commitments and who has a shared understanding. This goes a long way in ensuring that both of us can pursue our career aspirations while nurturing our family.
The Unplug Days at Cloudera, which happen every few weeks, give me more leeway for personal time outside of work, and I treasure having these extra moments with my family.
In your opinion, what are the traits of an effective leader?
People follow leaders who they can trust and who can lead them out of adversity. Mountaineers have always inspired me in the way they are fearless in facing challenges, calm when navigating uncertainty, and stellar at mastering teamwork. Once they have scaled one peak, they are ready to conquer the next.
I believe in leading by example and forging a clear path for the team. Leaders must be decisive even as the conditions shift, and muster the courage to make a judgment call. We shouldn’t shy away from making tough decisions because we are afraid to fail, and I encourage my team to have this same mindset. This is only possible if leaders create a safe environment for their teams to realize their potential, built on a strong foundation of trust.
Trust is paramount in the workplace, especially in this hybrid work environment. Managers need to set clear goals and expectations, while providing employees autonomy to raise morale, collaboration, and productivity. Two-way communication is key and it is where I will discover insights for me to grow as a leader too.
We all know that “change is the only constant,” and the fast-paced tech sector means we must always think on our feet. Speed is of the essence and we need to be able to adapt and evolve to the environment to remain relevant. This applies to both work and life.
Cloudera is hiring for roles across the APAC region. To join our stellar team, refer to opportunities at https://www.cloudera.com/careers/locations/apac.html.
Protecting Your Supply Chain With Data-Aware Security
In a previous article, we talked about the need for organizations to secure data wherever it resides. The complexity of today’s supply chains brings that need into sharp focus, while highlighting some of the challenges of successfully protecting data.
Many organizations today depend on a complex web of partners, vendors, and suppliers to run their business. As the size and complexity of the digital supply chain grows, so does an organization’s vulnerability.
One need only look at the infamous Target breach of 2014, which exposed the data of nearly 110 million individuals due to a backdoor that a contractor inadvertently created, to realize that an organization is only as secure as the weakest link in its supply chain.
The scope of this problem is serious enough that it has gotten the attention of the US government’s Department of Commerce, which released new guidelines for addressing cybersecurity supply chain risk in May 2022.
The bottom line? If organizations are going to be sharing sensitive data with an extended supply chain, they need to take the proper steps to do so in a secure manner.
“Collaboration within and across company boundaries is pushing sensitive data around the globe at record speed, which means that securing how data is used, shared, and created is just as important as how it’s accessed. At Skyhigh Security, we protect your critical data anywhere you do business,” said Anand Ramanathan, Chief Product Officer, Skyhigh Security.
Securing the cloud
To collaborate across the extended enterprise, many organizations have turned to the cloud. It’s not uncommon to create a link to content in a system that can easily be shared with a third-party contractor or supplier, or to invite them to be a member of a specific Teams group or Slack channel.
Those collaboration models are all fine and well, but what are the security implications?
First and foremost, the security professionals at organizations need comprehensive visibility into who has access to a particular set of sensitive data that is made available through a cloud solution. Not only who has access, but what level of access they have, what they are doing with the sensitive data when they interact with it, and whether their access can easily be revoked once the project comes to an end or circumstances change.
“Skyhigh Security’s solutions help data protection professionals gain visibility into what data’s being shared with the larger supply chain, while better understanding dataflows and ensuring adherence to security policies,” said Ramanathan.
Don’t forget internal applications
Securing the supply chain is further complicated by the fact that partners and vendors often need access to any number of an organization’s internal, proprietary applications. Historically, access has been managed by requiring third parties to work on the official company network or to work on a company-issued device.
In today’s hybrid work model, where people are just as likely working from home on a personal device as from an office, that approach doesn’t work. The new model is all about working from anywhere and working from any device – while having the right security controls in place to allow third parties to access internal applications.
Manage the risk
The simple fact is that partners and suppliers need access to an organization’s data in order to be productive. It’s up to organizations to make sure they’re managing the risk that comes with sharing sensitive data with their supply chain.
“While malware gets most of the attention in the public imagination, users remain a bigger risk when it comes to security. Organizations don’t just have their own users to worry about, but the users in their entire supply chain. Skyhigh Security has an approach that follows data and users wherever they are, inside and outside the organization,” said Ramanathan.
Data that resides across an extended supply chain requires a new approach to security. To minimize risk, CIOs and CISOs should ensure that they have full visibility into their data, regardless of whether it resides in the cloud or in a proprietary system, as well as the ability to effectively govern and secure that data – all without hampering their ability to seamlessly collaborate with the vendors, suppliers, and other third parties that they rely on to get business done.
For additional details about data-aware security, click here.
IT Leadership, Supply Chain Management Software
Original Article: cio.com
Tech7 months ago
This AI Software Nearly Predicted Omicron’s Tricky Structure
General Business8 months ago
See What’s Coming Next in the Online Business Industry
General Business8 months ago
OnlineBusiness.com Buys CSEO and Expands Its Services to Its Clients
General Business8 months ago
OnlineBusiness Report for Q3 2021: Key Highlights From the Latest Data on Domain Sales
Tech8 months ago
How to Not Melt Down Over Our Warming Planet
Tech8 months ago
Your Rooftop Garden Could Be a Solar-Powered Working Farm
Finance8 months ago
Four Companies Sign Leases at Fisher Brothers’ 299 Park Avenue
Tech7 months ago
Apple @ Work: MacBook Air Vs 14″ MacBook Pro – Which Is Best for Business Users?