Zero trust in India: people-driven vs process-driven

With siloed organizations and a widespread lack of cyber awareness, the country needs to go back to basics for ZTN success.

Although the term “zero trust” may appear to be negative, the fact is that trusting any element of an IT landscape is not the right approach. Cyberattacks are no longer just about losing crucial data or experiencing protracted disruptions: they have taken on a new dimension in terms of impact, and every organization should be thinking about how to improve its security on a regular basis.

Internal threats are clearly the root cause of the majority of cyberattacks in today’s world. They can be targeted or intentional, or they can be due to negligence or a lack of awareness, but organizations cannot afford to take any chances.

Yes, it will take time, effort, and money, but considering the risks associated with compromised security frameworks, adopting zero trust principles will undoubtedly be worthwhile.

In India, implementing a zero trust network can be a massive affair. According to Sugeesh Subrahmanian, Associate Director, IT Services & Cloud Infrastructure Services, Speridian Technologies: “Instead of looking at the pinnacle we may need to reach back. I will advise every CIO/CISO to focus on little, consistent efforts toward reaching zero trust networking one day.”

Every staff a stakeholder

According to Radhakrishnan Pillai, CIO, SRL Laboratories, zero trust architecture requires organizations to continuously monitor and validate that users and their devices have the right privileges and attributes. It also requires enforcement of policy that incorporates risk of the user and device, along with compliance or other requirements to consider prior to permitting the transaction. “One-time validation simply will not will not suffice, because threats and user attributes are all subject to changes,” he said.

This means we have to rethink our approach, and if we place the users and data at the center of the strategy, we can abstract away some complexity, and have security that follows the user and the data wherever they exist.

Added Amit Shah, CEO, TAS Technologies: “Modern security landscapes change frequently, and the explosion of third-party vendors, evolving technologies, and a continually expanding mine-field of regulations challenge organizations.” Therefore, managing cyber risks across the enterprise is harder than ever, so some key risk management action components must always be top-of-mind:

Development of robust policies and tools to assess vendor risks
Identification of emergent risks, such as new regulations with business impact
Identification of internal weaknesses such as lack of two-factor authentication
Mitigation of IT risks, possibly through training programs or new policies and internal controls
Testing of the overall security posture
Documentation of vendor risk management and security for regulatory examinations or to appease prospective customers

Against this backdrop, it is critical for organizations to employ a Risk Management Process. Identify and assess risks, then choose a mitigation strategy and continually monitor internal controls to align with risk control, said Shah. “Keep in mind, re-assessment, new testing, and ongoing mitigation should always play a prominent role in any risk management initiative. However, with the help of analytics, collaboration/communication/issue management tools, and third-party risk management frameworks, smart and successful organizations will continue to hold their own in the battle to manage IT risk and maintain cybersecurity across the enterprise.”

It is clear that cybersecurity risk management is no longer just the job of IT: everyone in the organization has a role to play. Often siloed, employees and business unit leaders have viewed risk management from their business standpoints, but they now must gain a holistic perspective to address risk in a comprehensive and consistent manner.

Only then will organizations be successful in adopting zero trust and all its requisite controls, supervision, protections and responses.

Moving forward

According to Ramesh C.R, CEO, Safezone Secure Solutions, in the pre-pandemic days, CIOs had a tough time convincing management to allocate a separate budget for data protection. However, this has changed over the past two years.

The myth that cybersecurity vigilance is meant only for large organizations has been put to pasture. Today even a small restaurant chain taking up orders via smart devices is exposed to great cybersecurity threats similar to those faced by larger organizations. “Thus I feel that cybersecurity or zero trust for that matter is not an individual responsibility. It has to be a part and parcel of any organization in India. I feel we are in a phase of customization. Every single sector discusses different cybersecurity threats. So the Indian channel community should be smart enough to provide tailored solutions for every single account,” he concluded.

Finally, we need to remember that, with the rise of cloud computing, remote-working and rapid application development, IT teams no longer control many of the systems, networks and devices that an organization deploys. It is now even more important to consider cybersecurity in terms of users, devices and processes as a singular entity to protect. They can no longer be decoupled and treated separately. This can be best thought of by abstracting away infrastructure and systems, and elevating cybersecurity to center around the data and users who work on that data.

Featured

AI adoption in India: A balancing act worth chatting about

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

What businesses need to know about SEO poisoning

Featured

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

Featured

How much of automated internet traffic contains malicious activity?

Featured

Large language models have their strengths and weaknesses: analysis

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment

Identity Has Breached the Ecosystem

Fortanix Buyers Guide for Modern Key Management and Data Security

Fortanix Data Risk Management – Using Tokenization to Secure Your Data

Middle-sidebar-banner

Case Studies

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Real estate logistics provider GLP steps up to zero trust architecture

Identity security woes now a thing of the past for Heng Leong Hang

Bottom sidebar

Cybersecurity News in Asia

Featured

AI adoption in India: A balancing act worth chatting about

Featured

AI vulnerability testing: Knowing the In’s and Out’s of proper red teaming

Featured

What businesses need to know about SEO poisoning

Featured

How medical devices manufacturer Tuttnauer protects patient and personal-data safety

Featured

How much of automated internet traffic contains malicious activity?

Featured

Large language models have their strengths and weaknesses: analysis

Zero trust in India: people-driven vs process-driven vs device-driven

Every staff a stakeholder

Moving forward

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar