The emergence of Zero Trust has shifted the center focus of some security frameworks from securing the perimeter to protecting sensitive data. While both are extremely important, this shift to a sensitive data-centric framework has advantages. To further understand the benefits of Zero Trust, consider a few specific scenarios:
- A large university that does over $100M in Federal Research
- Any company with intellectual property or in the process of acquiring or selling off organizations
- A state, county, or large city that needs to protect their Criminal Justics Information Services (CJIS) data
- Industrial Controls Systems (ICS); power, water, roads, or buildings.
- Election infrastructure security
Using those above situations, let’s start with the basics that you need to understand:
- Who is after your sensitive information:
- Where does it sit?
- What are the capabilities of the bad actors?
- What are the three biggest gaps that you need to address asap?
- Do you have an accurate inventory of your hardware? Can’t protect what you do not know about…
- Inventory of your software and their application flows? Most moves to cloud fail due to lack of insight related to dependencies.
- What are your key risks (threats, brand image, fines, and compliance).
- Understand what your top 50 pieces of sensitive data are. Rarely does anyone do full data classification.
- Understand where your top 50 pieces of sensitive data presently reside.
- What are your organiazations capabilities around Segmentation, Priviledge Escalation Monitoring, and Multi Factor Authentication?
- Can you spot priviledge escalaton (user and application processes) ?
- How well are your security solutions integrated? Automated? Use the same intelligence?
Then analyze where you are with the necessary people, process, and technology basics. Most organizations should leverage the resources and technologies that they already have and understand where the gaps are, so they can address them over the next one to three years. Cisco Advanced Security Services can help you with this analysis, strategy, implementation analysis, design, pilot, and implementation work.
Go to a workshop with Cisco Advanced Services, so you understand what the gaps are, how to best address them, and prioritize your work. This end-to-end approach will help you address your key use cases to get the outcomes you need addressed.
Some of Cisco’s Related Zero Trust Services
- Strategy, Risk, & Programs IT Governance
- Security Strategy & Policy
- Security Program Maturity Assessment
- 3rd Party Risk Program
- Security Program Development
- Identity & Access Management
- Infrastructure Security
- Network Architecture Assessment
- Integration, Automation, and Advance Analytics
Cisco is actively involved with organizations with these types of challenges. We have the product and services experience to help you determine a practical systems approach to Zero Trust. Reach out to your Cisco Security Services team so we can help guide your through this.
9 Pillars Of The Zero Trust Ecosystem – Jeff’s View
For more Zero Trust information, read the first blog in the series.
To learn more on Zero Trust, go here.
We have additional blogs on Zero Trust planned for September and October.
Click here to be notified by email whenever new Zero Trust blogs are posted.