YAOI: Operationalizing Zero Trust
The 2020 Verizon Data Breach Report showed that across 32,002 qualified security incidents and 3,950 validated breaches, 55% of these cases involved Organized Crime, and 86% were financially motivated. In short, the bad actors are efficient, organized, and well-funded. With significant security breaches hitting the news daily, many organizations fail to protect the confidentiality, integrity, and availability of their data/systems.
Zero Trust – Heart of Cyber Defense
Planet believes that Zero Trust is the heart of an organization’s cyber defense. Introduced 11 years ago, Zero Trust is based on the principles of verify explicitly, least privilege, and assume breach. The classic security approach was to restrict assets to a secure network. In contrast, Zero Trust is about protecting every resource, regardless of location, with a “Trust No One” mindset. With that said, Zero Trust can only succeed when organizations properly operationalize Zero Trust.
Healthy Security Program
Bad actors enable success by operationalizing and maturing their attacks. A healthy security program instills three critical ideologies, including (a) developing a cloud-forward and well-trained cybersecurity workforce, (b) establishing an adequately equipped and mission-aligned security toolbox, and (c) empowering and operationalizing the security team with progressive policies and procedures. The most often overlooked consideration when enhancing cybersecurity in an organization is operationalizing the technology.
Operationalizing security is the concert of a well-trained and experienced team, adequately equipped toolbox, and leveraging pre-defined and skill-based proactive and reactive security processes. At the core, a security program has processes and procedures occurring both proactively and reactively. Planet recommends integrating proactive tasks into a helpdesk ticket system, reoccurring schedule tickets, and aligning the process with compliance teams and frameworks. For example, security teams should operate from a proactive calendar identifying what tasks occur daily, weekly, monthly, quarterly, biannually, and annually. Similarly, incident response (reactive) activities should also be tracked in a common ticketing platform. For clarification, ticket systems are business tools used to monitor, track, report, and communicate situations. On the other hand, SIEM, SOAR and security dashboards are technical tools used to execute technical work. Business and technical tools are critical to the success of a security team.
For a technology team to succeed and be productive, operationalizing Zero Trust is crucial to cyber defense. Technical stakeholders should understand the cyclical tasks to complete across Zero Trust domains including identity, devices, infrastructure, network, applications, and data. Stringently adhering to a proactive security calendar and ticketing system strengthens security posture and maintains compliance goals. Overlaying an operationalized Zero Trust approach to an Information Security program promotes a higher security posture while mitigating threats.
**Additional Zero Trust Article**