What Is Zero Trust?

In this episode of Life of a CISO, Dr. Eric Cole focuses on Zero Trust architecture.

What Zero Trust means is that by default, all devices in a network have to be authenticated in order to interconnect with other devices.

All the security in the world can’t do anything if you can compromise a person, either by force or by deception, into allowing access to sensitive data.

Listen to this episode and learn all the elements a CISO needs to take in account when designing their security.

In this episode:

  • 0:28 Introducing Zero Trust
  • 1:00 Zero trust is a fundamental mindset of cybersecurity
  • 2:07 Firewalls stop unwanted connections
  • 2:18 Lessons from Target
  • 3:41 Lessons from Solar Winds
  • 4:14 Zero trust can go down to a computer/server level
  • 5:25 Zero trust down to an individual computer
  • 6:29 How a system can be compromised
  • 8:24 Data leaves clues
  • :23 Four vulnerabilities
  • 10:45 What’s the time period for how long to patch
  • 11:24 For internet-facing systems, patching should have no chance of breaking anything
  • 12:53 Do we wait and test, or rush to update?
  • 15:09 Let data drive decisions, not emotions
  • 17:26 Two rules: Always patched if they face the internet, never contain critical data
  • 17:51 Clients
  • 19:53 Free “awareness” lesson
  • 21:38 Email is not a file transfer mechanism
  • 25:48 Monitor employees for possible data breaches