Cyber-risk strategies and models for a post-perimeter age
Article 1 of 4
What cyber-risk strategy can take you from zero to secure?
The enterprise security perimeter has become an archaic idea. The firewall can't secure corporate assets any better than a moat from the Middle Ages. Just because something resides inside the firewall no longer means it can automatically be trusted. But does this also mean that, in today's world, with multiplying varieties of cyber-risk, the notion of ever truly securing corporate assets is just as quaint?
Fortunately, no. According to the experts, what security pros need now is to adopt a new attitude. Many specifically tout an approach that Forrester Research first developed: the zero-trust model.
The starting point of the zero-trust model is, as the name suggests, that nothing is to be trusted a priori. In other words, what this model does is turn the proverb “trust, but verify” on its head. Verification now must come first; then, and only then, can we begin to trust.
Implementing a zero-trust approach isn't easy, though. It begins with creating a detailed inventory of what you need to protect. Some analysts also recommend spending time ranking cyber-risks in terms of likeliness, based on whatever sector the company is in. (Newspaper headlines may paint a picture of an avalanche of cyberthreats hurtling toward us all, like some inevitable, unavoidable IT Armageddon. But in truth, not all of those potential threats are equally likely for every enterprise.) With the zero-trust approach to cybersecurity, user access must also be subject to careful scrutiny.
In short, the zero-trust model is exhaustive, and implementing it can be exhausting just to think about. But, thus far, it's seen by leaders in the IT security field as the most promising approach to dealing with cyber-risk today.