Archives

  1. NIST SP 800-207 – Zero Trust Architecture – Finalized with More Emphasis on Identity

    Last week, the National Institute of Standards and Technology (NIST) published its guidance for implementing a Zero Trust architecture, SP 800-207. This latest publication consolidates industry input received on previous draft versions of the architecture. As part of IDSA’s mission to promote identity-centric security, we provided feedback to NIST and are pleased to see some of our recommendations…

  2. BYO[D] Doesn’t Have to Mean Bring Your Own [Vulnerability]

    The Bring-Your-Own-Device (BYOD) model of operating has been a double-edged sword for IT professionals. On the one hand, it empowers and allows for business productivity. On the other hand, it continues to create a serious challenge for organizations as IT and security professionals find ways to enforce access control across a diverse ecosystem of mobile…

  3. Customer Advisory Board Conversations: Zero Trust and the Remote Workforce

    Until the last 45 days, an organization’s industry, company culture and the role of an individual were the primary drivers behind remote working policies. However, recently we’ve seen an unprecedented shift to remote working due to the concerns over Covid-19. For some organizations it’s been relatively uneventful, for others it has been a monumental change…

  4. Zero Trust: Where Do You Start?

    With the Zero Trust Myths out of the way, where do you start? Zero Trust is a philosophy, a set of guiding principles that can be used to improve the security posture of an organization and reduce the risk of a breach by limiting lateral movement. Implementing Zero Trust is more than simply implementing a “Zero Trust”…

  5. Zero Trust Myth Series: Keep Users at the Forefront of Your Security Approach

    Friction is the enemy of cybersecurity. Tools and approaches that make it more difficult for users to do their jobs turn security solutions into impediments, digital stop signs in an era when business leaders are demanding agility. For organizations implementing a Zero Trust approach, the subject of user experience should not be far from mind….

  6. Zero Trust Myth Series: Leveraging Risk Analysis to Enhance Trust

    Trust is a foundational part of personal relationships, and it is a foundational part of the digital relationships between employees, their devices, and the enterprise. However, the sad fact facing security professionals is that there are some insiders – whether they are disgruntled employees or external threat actors acting as legit users that penetrated the…

  7. Zero Trust Myth Series: Zero Trust is about Secure Access, Not Zero Access

    Say the term Zero Trust, and there will be those that take the word zero to mean exactly that-zero, as in no trust at all. In reality, Zero Trust is about acknowledging that bad actors will make their way into an organization’s environment and building defenses with that idea in mind. This confusion is the…

  8. IDSA Response to NIST Zero Trust Architecture SP 800-207

    Recently, NIST released 800-207 draft document, which is intended to provide guidance for government and non-government organizations on implementations of a Zero Trust architecture.  The document provides a definition of the core components that make up a “zero trust architecture (ZTA) network strategy,” a gap analysis of areas where more research and standardization is required, establish an…

  9. Zero Trust Myth Series: Going Beyond the Network

    First impressions die hard. When the concept of Zero Trust was first introduced, the focus was on segmenting, isolating, and controlling network traffic. Today, however, those ideas represent only one fraction of a Zero Trust strategy. On my list of Zero Trust myths, the second fallacy I noted was the idea that Zero Trust focuses solely on…

  10. Zero Trust Myth Series: What’s Old is New Again, with a Twist

    There was a time when defending the perimeter was the focus of IT security. By necessity, those days have long passed. Between insider threats, credential-stealing malware, and social engineering, today’s businesses need to secure more than the gate around the castle. They must defend the doors inside the castle itself. This reality has brought Zero…

Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.