Zero Trust: How to Know What Your Crown Jewels AreThree Experts Discuss Why Zero Trust Isn't Needed for Everything
To get zero trust strategy right, it is important to know what exactly to protect and decide what your crown jewels are. Three panelists - Chase Cunningham, chief strategy officer at Ericom Software; Maureen Rosado, regional director, security specialist global accounts at BT; and Patrick English, zero trust architect consultant, with Ztsolutions.io- discuss the various ways to do that.
"Unless you deal with the reality of a compromise, you do not know what is really of value to you," Cunningham says. "I usually put a scenario in front of organizations and say, 'This occurred today. Here's what's going on: The servers are crashing.' Then you see what the crown jewels they want to protect are. From my perspective, the best way to understand the reality of your crown jewels is by being in that uncomfortable position."
For Rosado, communication is the key. "The business itself has to be more accountable and have those conversations with the security team. For example, HR might think the crown jewels lie exclusively in the data that they have, whereas a supply chain manager might think the crown jewels are what they manufacture. Let's keep the business and security teams together by having these conversations," she says.
English says it is important to look at different asset types in your organization to know what is most important. "If you are a security architecture team looking at this without some of the key board stakeholders, I would encourage you to look at different asset types across your organization. Start thinking about: What do you consider assets? And then: What is the most important asset? For example, a lot of people consider server as their asset, but is it the server or the data on the server that is more important?"
In this video interview with Information Security Media Group, the panelists also discuss:
- Their recommended methods for deciding on your crown jewels;
- How to achieve continuous adaptive authentication;
- Whether zero trust is needed for everything.
Cunningham, aka the "Doctor of Zero Trust," shapes the strategic vision, road map and key partnerships at Ericom. He previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on zero trust, artificial intelligence, machine learning and security architecture design for security leaders worldwide.
Rosado has spent the last 20 years in Silicon Valley. Her appreciation for technology and innovation and the rapid rate of growth has kept her in the mainstream of innovation. Working with SaaS vendors such as Salesforce and ServiceNow has given her the experience in the enterprise space to properly introduce and manage complicated security landscapes that include legacy products and processes.
English enables people to understand and build zero trust architectures. A Forrester-certified ZTX strategist, he has worked in security architecture, design and operations for over a decade, supporting enterprises in banking, pharmaceuticals, high tech and government.