Access Management , Governance & Risk Management , Identity & Access Management

Panel Discussion: Mapping the Zero Trust Journey

Much Depends on Risk Appetite, Regulatory Requirements, Experts Say
From left: Brett Winterford, Chirag Joshi and Jay Hira

How does one decide the right approach to zero trust, and what are some important considerations to keep in mind? A panel of experts - Chirag Joshi, group head of cybersecurity at a leading financial institution in Sydney; Brett Winterford, regional chief security officer, APJ, Okta; and Jay Hira, director of cyber transformation, EY in Sydney - share their in-depth views.

See Also: The Gorilla Guide for Privileged Access Management

"Different industry verticals have different regulatory expectations. For example, higher education universities by default have an approach of open trust and open collaboration and sharing. That is what they thrive on. Here, you cannot go full throttle trying to restrict everything," Joshi says. "In such organizations, you need to take a different approach addressing zero trust whereas, in financial institutions because you need to take a risk-based approach, there is almost a heightened expectation of prevention and anomalous detection of activities."

"'One size fits all' will not work for all organizations because of different context, different environment and different business goals. It is important to assess the readiness to achieve zero trust. Who is talking about zero trust? Is it the board asking you questions around zero trust, or is it the security operations lead? These are two separate conversations," Hira says.

Winterford talks about the various challenges faced by organizations taking an identity-centric approach. "Identity and governance are our biggest gaps as they are complex problems to solve. PAM is a massive challenge as well. Another challenge is helping people to break out of the mindset that assessing all these problems will increase friction in user experience," he says.

In a discussion with Information Security Media Group, the panelists also talk about:

  • What zero trust means to them;
  • How the zero trust approach changes with industry regulatory requirements;
  • The challenges involved in an identity-centric zero trust approach.

Winterford is the regional chief security officer for Okta in the Asia-Pacific region and Japan. He advises business and technology leaders on evolving threats and helps them harness advances in identity technology to drive business outcomes and mitigate risk. Prior to Okta, he held a senior security leadership role at Symantec and helmed security research, awareness and education at Commonwealth Bank.

Hira is a cybersecurity strategy and transformation director with more than 15 years of international experience supporting financial services organizations to become more cyber resilient through zero trust adoption to build trust and attract more customers, enabling growth.

Joshi is group head of cybersecurity at AMP, a financial services company in Australia. He is also the author of the worldwide bestselling book "7 Rules to Influence Behaviour and Win at Cyber Security Awareness" and the director of the ISACA Sydney chapter.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.