Question: Why should I adopt a zero-trust security approach?
Ash Devata, general manager, Cisco Zero-trust and Duo Security: First and foremost, a zero-trust approach is the right thing to do for the security of the organization and the protection of your end users. The bottom line is that a zero-trust approach reduces risk and helps an organization comply with regulations, while also reducing friction for users. Zero-trust is a rare, simple solution that works much better than the complexity of the past.
A zero-trust security approach also can significantly reduce the risk of compromising access, limiting the blast radius if something bad were to happen. If a user’s access is compromised, with zero-trust the compromise is limited to a specific application or applications pertinent to that user only, not to your whole network. Imagine that you had 100,000 boxes. In a traditional security approach, you grant access to all of them. But taking a zero-trust approach, you can grant your user access to just one box and not the remaining 99,999.
A zero-trust security strategy will ultimately help in your company’s digital and remote workforce transformation. The hybrid and dispersed workforce is more mobile now than at any time in our history, which means users and devices are connecting to corporate networks from anywhere. This establishes trust in users and devices through authentication and continuous monitoring of each access attempt, while custom security policies that protect every application keep an organization’s infrastructure safe. This also greatly reduces friction for end users, making it easier and enabling them to do their jobs in the most efficient manner possible. It will also reduce your cybersecurity risks and make you compliant with the Biden administration executive order that recommends a zero-trust architecture to any organization that has a government contract to better address cybersecurity risks.
If you can execute a zero-trust approach – and do it in the right way – you’d automatically be complying with and aligned to those standards, getting ahead of the game before it becomes a definitive mandate for all applications and usages.