Digital Transformation Has Contributed to the Need for Zero Trust
“If you look back over the last several years, organizations have changed a lot of things,” Kaspian said. “We’ve been experiencing network transformation, data center transformation and, finally, SecOps transformation.
Kaspian noted that many security operations centers are modernizing their approaches by automating security tasks that are more manual. “As these things have changed, they not only have forced us as an industry to look at the way that we’re approaching security but they’ve also presented this wonderful opportunity to rebuild some of these pieces that maybe before were not very scalable, or maybe difficult to manage and created a lot of complexity.”
“The way I see digital transformation fitting into zero trust is that it gives us an opportunity as an industry to go off and retool some of our approaches to security,” Kaspian continued.
The Journey to Zero Trust Begins With Users
Kaspian pointed out three areas where technology solutions can help an organization begin a journey toward zero trust: users, applications and infrastructure.
“Users, quite frankly, are where a lot of organizations start. That’s simple things like making sure you have good visibility into who’s connecting to the network or who’s accessing applications and resources on the network,” Kaspian said. “Make sure you have an insight into the devices that those users are using and deploying zero-trust best practices like strong authentication, multifactor authentication, so that users only have access to the resources they need to do their jobs.”
Kaspian said that from an IT security standpoint, users can be seen in two different ways. “One is that we want to make sure those users are secure on the network. We want to eliminate that implicit trust.”
The other end-user aspect pertains to the user experience. “It’s not just about the security but creating a user experience where the zero-trust controls and the policies are really transparent to the user,” he said. “You need to make sure that you’re protecting the data and the infrastructure from the user and maybe a compromised device. But you also want to make sure that users have a good experience. They have the tools they need to do their jobs, and security isn't impeding that experience.”