ISMG Virtual Cybersecurity Summit — Zero Trust: Focusing on the end user

The ISMG Virtual Cybersecurity Summit: Zero Trust, was yesterday. The Zero Trust security architecture principles focus on end-user privilege management and access control. It is based on the principle that the end-user is not automatically granted trust by an organization on the basis of simply working within the organization. The tag line “Never Trust, Always Verify” is often synonymous with Zero Trust.

Conventional network security architecture is focused on perimeter-based technologies, such as firewalls, and intrusion detection and prevention systems. These technologies are implemented to help prevent unwanted, unauthorized network traffic from getting through, in order to secure critical and often confidential company assets from getting into the wrong hands.

However, insider threats — security breaches that happen from the inside of an organization — both intentional and non-intentional, are becoming increasingly common, particularly in the day and age of the increasing remote workforce. The perimeter lines are not as defined, because an organization, generally, has more control over its users and asset protection mechanisms when it’s centrally managed, on-premise.

There is an access control model known as least privilege, which is when the end-user is given just enough account permissions and privileges to do their job, but nothing more. The purpose is to prevent an employee with malicious intentions from utilizing unnecessary administrative rights to exfiltrate data, or take advantage of other loopholes that compromise network security. Instead of an unauthorized, outsider breaching security, it’s instead from an authorized, supposedly trusted employee within the organization. This is not to say that everyone has bad intentions, but that security becomes an even greater challenge in a more de-perimeterized landscape.

I enjoyed catching a few of the guest speakers at this summit, and look forward to future events. As someone who is pursuing a career in cybersecurity, I feel it’s important to try to stay up-to-date on relevant issues and topics, especially in an ever-changing landscape. Thank you to all of the guest speakers!