What Is Zero Trust?
In this episode of Life of a CISO, Dr. Eric Cole focuses on Zero Trust architecture.
What Zero Trust means is that by default, all devices in a network have to be authenticated in order to interconnect with other devices.
All the security in the world can’t do anything if you can compromise a person, either by force or by deception, into allowing access to sensitive data.
Listen to this episode and learn all the elements a CISO needs to take in account when designing their security.
In this episode:
- 0:28 Introducing Zero Trust
- 1:00 Zero trust is a fundamental mindset of cybersecurity
- 2:07 Firewalls stop unwanted connections
- 2:18 Lessons from Target
- 3:41 Lessons from Solar Winds
- 4:14 Zero trust can go down to a computer/server level
- 5:25 Zero trust down to an individual computer
- 6:29 How a system can be compromised
- 8:24 Data leaves clues
- :23 Four vulnerabilities
- 10:45 What’s the time period for how long to patch
- 11:24 For internet-facing systems, patching should have no chance of breaking anything
- 12:53 Do we wait and test, or rush to update?
- 15:09 Let data drive decisions, not emotions
- 17:26 Two rules: Always patched if they face the internet, never contain critical data
- 17:51 Clients
- 19:53 Free “awareness” lesson
- 21:38 Email is not a file transfer mechanism
- 25:48 Monitor employees for possible data breaches