In recent years, ransomware and data breaches have caused tremendous disruption to organizations and governments. As companies drive digital transformation and move their operations to the cloud, they increasingly rely on a zero-trust model to create a resilient and secure network infrastructure. Do companies need a Chief Zero Trust Officer?
Established as a cloud-based convergence of network access and security services, Secure Access Service Edge is a common approach for enterprise Zero Trust adoption. The challenge, however, is that in many organizations, responsibility for networking and security resides in different parts of the business, and these groups often use different vendors in their respective areas. To implement Zero Trust in larger organizations, it is critical to break down the silos between security and network teams and select the right tools, products, and vendors aligned with desired business outcomes.
Zero Trust Officers for the company
When organizations need to move quickly and move beyond organizational boundaries, they often appoint an officer to take charge of a specific program and see it through to implementation or execution. As the pressure to implement Zero Trust mounts, I expect the role of Chief Zero Trust Officer will emerge in some large organizations. This person will be the Zero Trust officer for the company and will be responsible for moving the company towards Zero Trust. Your job will be to bring disparate organizations and vendors together and ensure all teams and departments are on the same page and working towards a common goal.
In the event of resistance, the Zero Trust officer should have the backing of senior management (CIO, CISO, CEO, board of directors) to make quick decisions and cross organizational boundaries to move the process forward. Whether the Chief Zero Trust Officer title becomes a reality or not, an empowered individual with a clear mandate and focus can be key to making Zero Trust a success in 2023.
Gateway alphanumeric passwords
Phishing attacks continue to be a major problem for businesses around the world. Unfortunately, most cyberattacks start with a phishing email. Authentication with username and password is no longer sufficient, even in combination with common forms of multi-factor authentication. Even with regular security awareness training, users will eventually click the wrong link and become the victim of an attack.
Enterprises can already enable stronger FIDO2-compliant security keys along with zero-trust access when using a system like Cloudflare's, making it significantly harder for attackers. Relieving the end user of this burden altogether may be the best way to protect most users and their login credentials. The FIDO Alliance provides that you can log in anywhere without a password. Face or fingerprint login is used instead of the old username/password combination. A FIDO login key, sometimes called a "passkey," makes it easier for users and harder for attackers. If there's no password to steal, hackers can't steal credentials for their attacks. We expect that by 2023, many websites and applications will adopt passwordless login using the FIDO Alliance's Passkey standard.
Cloud versus compliance
Governments around the world are introducing new privacy regulations. In Europe, the General Data Protection Regulation (GDPR), which came into force in 2018, gives individuals more control over their personal data and how it is used. Other countries follow this example and use the GDPR as a model. In the US, there are five states with new consumer protection laws that will go into effect in 2023, and additional states are considering legislation. At the federal level, too, lawmakers are slowly enacting their own privacy regulations with the American Data and Privacy Protection Act (“ADPPA”), an online privacy law designed to regulate the collection and storage of consumer information. Businesses must now understand and comply with this patchwork of regulations as they do business globally. How can companies stay current and build compliance into their applications and IT systems?
We believe that most cloud services will soon have built-in compliance features. The cloud itself should relieve companies of the burden of compliance. Developers shouldn't need to know exactly how and where their data can be legally stored or processed. Much of the burden of compliance must be shouldered by the cloud services and tools that developers work with. Network services ensure that data traffic is forwarded efficiently and securely in compliance with all data sovereignty laws. Storage services, on the other hand, should be compliant with data retention regulations from the outset. Processing must comply with relevant data localization standards.
remote browser
Security policies, privacy laws and regulations require organizations to protect their sensitive data, from where it is stored and processed to where it is used by the end user in their applications. In the past, it was relatively easy to fully control end-user devices, as they were often corporate-issued and intended for corporate use only. However, in recent years – and with the increasing use of personal smartphones and tablets – the BYOD (bring-your-own-device) trend has gained momentum and has been even more embraced during the different phases of the global pandemic.
We expect the BYOD trend to swing back in the direction of tighter security and more control by the IT organization. The need to consistently enforce security policies and privacy controls will begin to outweigh the sense of urgency and demand for convenience we've experienced over the past several years. However, with much of our digital life happening in a web browser, that control may take a different form than it has in the past.
Bring Your Own Browser
Browser isolation is a clever technology that essentially provides security through physical isolation. This technique creates a “gap” between a user's web browser and the end device, protecting the device (and corporate network) from attacks. Remote Browser Isolation (RBI) takes this a step further by offloading the browser to a remote service in the cloud. Cloud-based remote browsing isolates the end-user device from the corporate network while enabling IT control and compliance solutions.
Some say that “the browser is the device” with this remote browsing model. Instead of BYOD it might be appropriate to call this "BYOB" or "Bring Your Own Browser". Most organizations are striving to better balance corporate security and privacy needs with ease of use and employee convenience. At Cloudflare, we use our remote browser isolation in conjunction with Zero Trust access to protect our users and devices. It is completely transparent to users and strikes a perfect balance between security and ease of use. We believe remote browser isolation will become mainstream once IT leaders realize the benefits and how well it actually works.
More at Cloudflare.com
About Cloudflare Cloudflare aims to make the internet better. The Cloudflare suite of products protects and accelerates any internet application without adding hardware, installing software, or changing a line of code. For websites powered by Cloudflare, all traffic is routed through an intelligent global network that learns with every request. The result is an improvement in performance and a reduction in spam and other attacks.
Matching articles on the topic