Digital Security in a Zero Trust World
When it comes to enterprise security, the times have radically changed, leaving companies vulnerable in ways that they never were before.
BWy Jeff Capone
e’re hearing about security breaches every day in the news. From retailers like Target and TJ Maxx, to financial services firms like Equifax and J P Morgan Chase, and government agen- cies like the Securities & Exchange Commis-
(Payment Card Industry Data Security Standard), and TQM (Total Quality Management).
In the past, companies could count on isolating confidential and sensitive files and protecting them through firewalls and access con- trol technology. In a time when they had one point of egress, they could create a perimeter that could be secured around their enter- prise. But now, in today’s cloud-first environment where there are multiple paths for data to flow in and out of the organization, all bets are off. The data is accessible, anywhere, anytime and from any device. Today, employees are collaborating and sharing data in a free-flowing manner inside and outside the organization, bringing multiple BYOD devices into their companies and using mobile apps in unsecure locations–all creating greater vulnerabilities for the data and making the security professional’s job seem near impossible.
The reality is that we are living in a “zero trust” world, as coined by Forrester Research. It’s a world where we can’t count on the secu- rity of our internal or external networks and instead need to change our mindset about how we think about safeguarding data. We need to come up with very new, innovative ways to keep it safe.
Unstructured Data Presents Added Problems
One of the most problematic data types to secure is unstructured
sion (SEC), it seems like no organization is safe. There are also gen- eralized attacks that affect everyone like WannaCry, Notpetya and ransomware. Unfortunately, there are no signs of this letting up. A recent survey conducted by Enterprise Strategy Group (ESG) found that more than two-thirds of respondents were subjected to ransom- ware last year, and 22 percent of them were attacked on a daily or weekly basis.
Besides data hacks, enterprises are dealing with more compliance regulations, which impose additional security requirements across sectors, covering financial institutions, public companies, govern- ment partners, healthcare, consumer privacy, credit card transactions and more. Examples include: Sarbanes-Oxley Act, Basel II (Inter- national Standards for Banking), COBIT (Control Objectives for Information and related Technology), FISMA (Federal Information Security Management Act of 2002), GAAP (Generally Accepted Ac- counting Principles), HIPAA (Health Insurance Portability and Ac- counting Act), IFRS (International Financial Reporting Standards), ITIL (Information Technology Infrastructure Library), PCI DSS
38
0418 | SECURITY TODAY
DIGITAL SECURITY
your/Shutterstock.com