Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

May 20, 2024 | Harold Rivas

Rethinking the Perimeter: Why Zero Trust Must Be on Your CISO Roadmap

Zero Trust has joined many other industry concepts on “to do, eventually” lists but it needs to be a priority.

It’s been over a decade since the term “Zero Trust” was thrust into the cybersecurity lexicon.

This concept — perimeter-based defense is outdated and network activity needs monitoring outside the “castle walls” — has become a goal state for network security. However, implementation is still a challenge, and for more than a decade, Zero Trust has joined many other industry concepts on “to do, eventually” lists.

What needs to change for the industry to embrace Zero Trust? And why is it such a valuable concept when considering how to keep the world more secure?

What Are We Trying to Protect?

Taking a step back, we have a problem defining the “home” network we aim to defend. For decades, the model has been a perimeter setup, and ideally, everything within the perimeter is safe, while everything outside is kept at bay. Think of it like an M&M candy, hard shell on the outside, soft on the inside.

Harold Rivas of Trellix shares the importance of Zero Trust

Harold Rivas

But the landscape has evolved over the last 15 years. Technologies and innovations such as cloud and software as a service (SaaS) have become more prominent, and critical assets exist far outside of company boundaries.

This means organizations must adjust their security strategies — and Zero Trust is the best way to address this shift.

Any strategy shift comes with the realities: cost, implementation timelines, efficacy, and other challenges. It can take considerable time for an organization to see the results of adopting Zero Trust, causing hesitation from board members who may be looking for solutions now.

The tech world is also extremely fast-paced; new or entrepreneurial-minded companies may be moving too quickly to wait for the fruits of adopting concepts such as Zero Trust. These challenges contribute to lower adoption rates than what the industry needs.

If we think of a security strategy like building a city, we can understand why this change has yet to be fully realized. Older cities in Europe have centuries-old blueprints for city planning: a central town square, surrounding dense areas of housing and businesses, and grid-system roads. This model served citizens well enough, but as society evolved, these models should too.

However, every leader may not have the time, desire, or resources to update their city for the modern world. Similar thinking applies to security decision-makers who may already have invested in one layout or one way of doing security. Even though they may know something new will be better, they may be hesitant to commit.

What would it look like if we were to build a new, modern city? There may be a better way to build cities or perform network security, but how do we do it?

Zero Trust: A Concept vs. a Product

Zero Trust is a framework or a concept; it’s not a product. There are products that help organizations achieve Zero Trust, but there is no singular plug-and-play solution.

While traditional thinking has multiple controls in place relying on one another if compromised, it’s simply not enough. In a Zero Trust model, assets do not communicate openly unless explicitly permitted to, creating an environment of reduced “cross-contamination” of security incidents where the damage is isolated.

Zero Trust cannot prevent organizations from being compromised, which is impossible in today’s threat landscape. However, it can effectively reduce damage, address and identify threats earlier, and decrease remediation time when triaging incidents. Think of it like healthcare; you can never totally prevent getting sick or injured, but you can do things to help, like exercise, eat better, and regularly visit the doctor.

CISO Pressure

Chief information security officers (CISOs) seem to be held to an impossibly high standard, often facing job loss or other consequences when their organizations deal with breaches or security incidents.

Simply put, CISOs remain under intense pressure, and adopting a new security framework may not be feasible under the other constraints of the role.

A few things come to mind that may help with this:

  • Government support may serve as an outside influence to encourage the adoption of Zero Trust, help drive change, or create a further rationale for CISOs with their boards.
  • Much institutional knowledge is lost when CISOs are let go after security incidents. Less pressure on the CISO and more time to implement frameworks like Zero Trust would help immensely. Similarly, the CISO community needs to communicate strategies and ideas to help each other grow.
  • Explaining concepts such as Zero Trust in ways that resonate with board members and the nonsecurity C-suite would help create wider adoption.

The Future

If your organization is considering a Zero Trust model, simply look at the phrase itself. What if you didn’t trust any network activity? What if you put protections in place to prevent cross-contamination? What if assets were only available to those who need to use them, not everyone in your organization?

Zero Trust isn’t a plug-and-play solution, but an ongoing investment and journey. It demands dedication, perseverance, and reframing of C-suite preconceptions. Over a decade since its inception, Zero Trust is a CISO’s foremost ally in curbing the rising wave of cyberattacks and keeping critical assets safe from compromise.

As we look ahead, cybersecurity MSPs must join forces to foster a widespread, cross-sector adoption of Zero Trust principles.


Harold Rivas is chief information security officer (CISO) of Trellix.

Image: iStock


Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience