This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
The “Zero” Strategy for IT Security
In 2020, security will continue to be a top priority for every organization. Cyber wars, ransomware, stolen identities, and continued breeches that expose our user names, passwords, and other private information will continue occurring. One new year’s resolutions for every enterprise is to have ZERO security incidents in 2020!
Having zero security incidents might be a stretch, but it doesn't mean that we do not try and attain this objective. To achieve zero security incidents, enterprises must adopt a different approach, which I have labeled the "Zero Security Strategy." The strategy features six key pillars, which include:
- Zero Trust Identity – Zero trust identity ensures access is only granted to fully verified individuals. It also determines the dynamic access itself remains contingent on what the enterprise knows about the users and their devices, and by providing least privileged access to services, applications, and data.
- Zero Trust Networking – 1:1 micro-segmentation is where users, devices, services, applications, and data must be authenticated and authorized to talk with one another. Nothing gets onto the network without an explicit policy. This stops malware and bad actors at the front door or the edge of the network, not at the middle or end point server in the network.
- Zero Knowledge Auth – An interactive method for one party (the prover) to prove to another party (the verifier) that it knows the user and can authenticate and authorize them, without revealing anything about the user. As privacy becomes of greater importance, enterprises and government agencies don’t always have to store and maintain user identities, and users are allowed to maintain their rights on what is stored and where.
- Zero Passwords – Zero sign-on technology eliminates passwords, increases security, and gives employees and customers fast-track access to enterprise services, applications, and data. Of the overall user trouble tickets, 50% are password-related, and passwords by themselves aren’t effective. Using location, context, biometrics, and devices is a more efficient and effective model.
- Zero Touch Provisioning – Automating provision and de-provision of users and devices for access to services, applications, and data. With least privileged access, this provides automated handling of exceptions.
- Zero False Positives – Utilizing AI in SIEM systems to understand the context and risks associated with security events. Cognitive learning enables the automation of filtering, as well as escalating security events.
Because security is such a big deal and because old approaches are not working, Enterprise Connect Innovation showcase will focus on UC/CC security this year. I will also be presenting a session along with a panel discussion on UC security, which focuses on securing interactions.