Tag: Zero Trust

Security leaders shed light on their zero trust journeys

nielharper

Zero trust architecture (ZTA) implementations pose challenges due to the abundance of vendor and media hype surrounding this concept. Understanding the true essence of zero trust and its relevance to your specific company or IT environment is crucial.

Establishing trusted identities for devices is a foundational aspect of implementing a zero trust model. It is essential to navigate through decisions on scaling your zero trust ecosystem effectively, encompassing identity, authentication, network architecture, and endpoint detection and response technologies.

Transitioning to a “default/deny” architecture from the traditional “trust then verify” approach can introduce significant user friction and degrade their overall experience in utilizing enterprise systems. Hence, careful planning and constituent engagement is a necessity.

Moving towards a zero trust architecture is a progressive journey rather than a mere technological shift. Many enterprises will find themselves operating on a hybrid zero trust/perimeter-based model during this transition phase.

These insightful discussions with Mary K. Pratt from CSO Online and other security leaders provided valuable perspectives on the challenges and opportunities associated with implementing ZTA.

Explore the conversations and insights shared here: https://bit.ly/4cI2P2C

Ransomware has “changed the game” of cyber insurance

nielharper

I recently made a presentation on ransomware and cyber insurance at the Barbados Risk and Insurance Management (BRIM) conference.

Many thanks to the Captive Insurance Times’ reporter Rebecca Delaney for so excellently capturing my session. In the intro section, she wrote:

“Cyber insurance is not an exhaustive replacement for robust security capabilities, warns Niel Harper […] He explained that ransomware is so disruptive because of the extensive network of paid services it has spawned, such as access brokers, malware packing, phishing kits, hosting and infrastructure, anonymity and encryption, and hardware for sale… In addition, distribution networks include social network spam, instant messaging spam, exploit kit development, spam email distribution, and traffic distribution systems.”

The full article can be found at: https://bit.ly/3MMs71t

Cloud Security Trends: What Is Cybersecurity Mesh?

nielharper

“Have you heard of cybersecurity mesh?

Some are calling it one of the more notable trends for cloud security and today’s other cyber concerns. So, what is it, and how does it work? The technology stack is breaking down as more people use architectures based on micro-services.

They’re also using blockchain and other trust models to embrace an information-centric security model that works with distributed services (key to cloud security).”

I recently shared my perspectives on cybersecurity mesh with IBM Security Intelligence.

Check it out and let me know what you think!