Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management

Zero Trust: A 5-Step Approach

Dave Lewis of Duo Security Discusses Essential Steps to Improving Cloud Security
Dave Lewis, global advisory CISO, Duo Security

Dave Lewis of Duo Security describes a five-step program to deploy the "zero trust" model, which can help organizations address cloud security issues.

See Also: Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

"First, you want to establish trust in your user identity," he says. "Step two is you want to evaluate the trustworthiness of your user devices. Step three is that you want to enforce access policies on user device combinations. Step four is enabling secure connections to all applications. And step five is examining user device activity looking for anomalies and things that are out of the ordinary."

In a video interview with Information Security Media Group following a series of virtual executive roundtables on the subject, Lewis discusses:

  • Implementing the five-step approach to zero trust;
  • How attitudes of roundtable attendees changed over the course of the series;
  • How the COVID-19 pandemic led to higher interest in the zero trust concept.

Lewis is global advisory CISO for Duo Security, a unit of Cisco. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast as well as host of the Plaintext and Murder Board podcasts. Lewis serves on the advisory boards for several firms.


About the Author

Nick Holland

Nick Holland

Director, Banking and Payments

Holland, an experienced security analyst, has spent the last decade focusing on the intersection of digital banking, payments and security technologies. He has spoken at a variety of conferences and events, including Mobile World Congress, Money2020, Next Bank and SXSW, and has been quoted by The Wall Street Journal, CNN Money, MSNBC, NPR, Forbes, Fortune, BusinessWeek, Time Magazine, The Economist and the Financial Times. He holds an MSc degree in information systems management from the University of Stirling, Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.