Governance & Risk Management , Video , Zero Trust

How to Create an Identity Strategy - Part 1

Why Digital Identities Should Be Defined as Assets
Chase Cunningham, CSO, Ericom Software, and Andrew Abel, a cybersecurity and zero trust consultant and CyberEdBoard member

In Part 1 of a three-part video series, Andrew Abel, a cybersecurity and zero trust consultant and CyberEdBoard member, and Chase Cunningham, CSO at Ericom Software, share tips on how to create an identity strategy within the broader context of zero trust.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

Managing identities within large enterprises is no longer a straightforward task of granting access to employees. Identities now extend to machines, containers and applications. Zero trust is a least-privilege approach to security that ensures that users, devices, applications and transactions are continually verified, but identity management can be one of the most challenging areas of zero trust.

"Sometimes, it's the hardest to define for people who are not familiar with the concept," Abel says.

Components of the zero trust model (Source: Andrew Abel)

Abel says identities should be treated as digital business assets, such as inventory or equipment. Like other assets, identities should be defined and recorded along with the rights assigned to them. And your operating plan should include a risk rating for each identity.

"They have a cost to acquire them or create them. They've got a cost to operate them with your service desk staff, and your incidents all carry risk, so that risk can be mitigated by that least-privilege approach," he says.

In this video interview with Information Security Media Group, Abel and Cunningham discuss:

  • The definition of "identity" and how it fits into an organization's operating model;
  • Why companies should approach identities differently;
  • Key goals for creating identity strategies that fit the organization, not just the software tools.

Abel has over 25 years of experience in IT across a range of industries including finance, services, retail, resources and consulting. He has worked as a vendor and a customer in both Europe and Australia. Over the course of his career, he served in a variety of roles from support to administration, consulting and enterprise architecture, and IT and security strategy. He has deep expertise in zero trust planning and adoption with an emphasis on identity, devices and network controls.

Cunningham, aka the "Doctor of Zero Trust," shapes the strategic vision, road map and key partnerships at Ericom. He previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on zero trust, artificial intelligence, machine learning and security architecture design for security leaders worldwide. Prior to Forrester, he was chief of cryptologic technologies at the U.S. National Security Agency, where he directed research and development of cyber entities to assess threat vectors, network forensics and methodologies of nefarious cyber actors across the intelligence enterprise.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership



About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.