Zero Trust

The original Zero Trust model was conceived by Forrester, and leveraged by Google as part of their BeyondCorp initiative. Gartner has their framework called Continuous Adaptive Risk and Trust Assessment (aka. CARTA). These trust-centric approaches shift access decisions based on network topology to…

Has your organization initiated a risk assessment and created a threat model that would have covered some of the following incidents over the last two years? The local branch of a shipping company updates the accounting application that is dominant in their region. With the updated application, they…

Critical infrastructure providers are increasingly implementing IoT systems to support, augment, or update their already networked  operational technology.  Further, critical infrastructure is often managed and deployed over connected systems supported or used by mobile professionals.  At the same t…

The emergence of Zero Trust has shifted the center focus of some security frameworks from securing the perimeter to protecting sensitive data. While both are extremely important, this shift to a sensitive data-centric framework has advantages. To further understand the benefits of Zero Trust, consid…

The first step should be an investigation and analysis of what your sensitive data is, where it lives, and who accesses it. Then analyze the three Foundational Pillars (see below) to see where you are with the necessary people, process, and technology basics. Most organizations should leverage the r…

Let’s focus on the Zero Trust approach first. If your infrastructure was on the Internet, how would you design your organization’s cybersecurity framework? Authentication to confirm who logs into your infrastructure and multi factor authentication for your Admins? Would you encrypt everything? VPN…

We know that big data is big business… And the use of on-premises and public cloud infrastructure is growing, according to the Cisco 2018 Security Capabilities Benchmark Study. In the 2017 study, 27 percent of security professionals said they are using off-premises private clouds, compared with 25 p…

In a recent cybersecurity study, Gartner reported that data center protection is the foundation of digital business and innovation.  With organizations embracing digital business, they need to address the lack of directly owned IT infrastructure and the prevalence of services outside of IT’s c…