SlideShare a Scribd company logo

Zero Trust and Data Security

Download as PPTX, PDF
Career Communications Group
Career Communications Group

With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security. During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach. Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data. Learning Objectives: Upon completion of this seminar, participants will be able to: 1. Understand the history and evolution of Zero Trust and its application to data security. 2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security. 3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security. 4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data. 5. Network with other industry professionals to share insights and best practices.

Technology
1 of 14
2 Zero Trust and Data Security Uma Arjunan Director - Ford Motor Company Sierra Robinson Deputy Program Manager – Leidos Inc Autumn Leake Chief Engineer – Naval Air Systems Command
3 What is Zero Trust and why is it important in today's cybersecurity landscape? Definition: “A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised…” – NIST SP 800-207 Goal: Prevent unauthorized access to data and services coupled with making access control enforcement dynamic and as granular as possible for each data/resource request and session. Tenets/Principals: o Assume a Hostile Environment - Never Trust, Always Verify o Grant appropriate user resource access on a per-session basis o Rigorously perform authentication, and authorization enforcement o Use explicit permissions; determine by policy and dynamic attributes o All communications must be secured regardless of network location o Apply unified operations and analytics – NIST, CISA, GSA, and DoD consolidation
4 Connectivity is increasing the attack surface 4 Always connected, quick time to value, and collaborative needs are pushing security controls to the limit. Digital transformation Flat network Brand Protection Bring your own device All or nothing access User Experience Work from anywhere Lateral movement Consistency & Accuracy Fast Collaboration Insider threat Secure Cloud Delivery Pace Rigid access Secure Delivery Drivers 0 1 Pain points 0 2 Value 0 3
5 A Single Defensive Line Does Not Flex 5 Servers Applications Services/APIs Platforms Devices Data Cloud Providers Once inside, assets are at risk Vehicle Manufacturing What’s wrong with this approach? Relying On the Network As our Primary Access Control Creates a False sense of Security Once into our network we allow open access and rely on application teams to implement security controls We route all traffic through VPNs which is an antiquated approach with a poor user experience New collaborative needs require our security controls to know why users are granted access CSR JV Consultant Employee Risk is exponential given connectivity
6 2020 NIST Zero Trust Architecture (SP 800-207) EO 14028; DoD ZT RA; Draft CISA ZT MM 2021 2022 2024 OMB M-22-09 Castle & Moat “Defense in Depth” Zero Trust Architecture Implementation How does Zero Trust differ from traditional network security models?
7 Zero Trust Reference Model 7 Zero trust is focused on Identity, Device, Network/Environment, Application Workloads, and Data which can be achieved through maintaining Visibility and Analytics, Automation and Orchestration, and Governance. Pillars of Zero Trust by CISA Identity: Includes an attribute that uniquely describes an org, user, or entity. Organizations must ensure that the right users have the right access to the right resources at the right time. Device: Refers to any device that connects to the network. This includes IoT devices, laptops, phones, and servers. Organizations must ensure that unauthorized devices cannot access network resources. Network/Environment: Involves encryption, threat identification and mitigation, and the network’s logical configuration. Organizations are suggested to segment and control networks to direct internal/ external data flows. Application Workload: Comprises of computer programs, systems, and services that execute on-premises and in a cloud environment. Focuses on container management to achieve secure application delivery. Data: Involves the needs to be protected on devices, applications, and networks. Encourages that organizations should categorize, label, and protect data at rest and in transit. Provided by KPMG US Market Intelligence Source(s): CISA; Forrester. Are there any industry standards or frameworks that provide guidelines for implementing Zero Trust?
8 Zero Trust Strategy 8 The model uses three key principles: - Assume Nothing (Never trust) - Check Everything (Always verify) - Limit Access (Least Privilege) We will grant access based on: - Identity (Users, Device and Apps) - Devices (Laptops, Servers, Mobile devices) - Connectivity (Network, Cloud, etc.) - Services and Workloads (Apps, Platforms, Microservices, etc.) - Information (Data, Encryption, Classification, etc.) And Enhance : - Enterprise Security Architecture - Risk management - Cyber Governance - Cyber Engineering, Resilience and Recovery - Cyber Culture, awareness and training Threat protection Classification Backup Encryption DLP Identity Lifecycle Mgmt. Governance & Admin PAM Data & Apps. Cloud EDR SaaS Device Health Location App. Lifecycle IoT & OT SDLC Visibility & Analytics Encryption Segmented Zero Trust Operating Model Moving away from a one-time challenge granted through VPN technology, to continually evaluating a users’ need, the devices they are using, and only granting access based on an actual need will reduce risk, provide scalability, and simplify our security services. This is a layered security approach that is connected and continually aware. What are the key principles or tenets of a Zero Trust security framework?
9 How can organizations implement a zero-trust data security framework?
10 What happens if we don’t execute zero trust now? 10 • Flexibility to support our operating companies/affiliates is burdensome • Security of new collaboration is basic; not advanced • User experience is adversely impacted • Role and responsibility ambiguity will create issues • No defined ZT service taxonomy infers limited capabilities • Affiliates will implement their own capabilities • Service overlap and tool sprawl will occur • Pillar teams continue to implement based on their interpretation of ZT • No context shared between capabilities when ZT effectiveness implies sharing signals • Under-developed capabilities or service basics will limit progress toward automation, visibility and orchestration Limited Secure Technology Vision Perception of Inadequate Security Capabilities Inability to Scale Security Any incident response finding will ask why this was not done. Any potential security issue could be tied back to basic zero-trust defense hygiene or deterrents.
11 What challenges should one expect when implementing Zero Trust within their organization? Can any of them be avoided?
12 Zero Trust Center For Enablement 12 Assets Community Cyber Aware Success Focused on the development of assets with practical examples of solutions patterns, solution accelerators and leading-practices. Key activities include the development of the following artefacts; • Architecture template(s) • Roadmap and Strategy template(s) • Blueprint and technical designs • POC assessments and reports • Principles Focused on the development of a collaborative community and self- service ways of working, evangelizing the contribution, publication and promotion of reusable assets. Key activities include the setting up and governance of the following; • Steering committee • Zero Trust Community of Interest • Blogs / Monthly newsletters • ZT Internal publications • Monthly Roundup Building and fostering a “Open, Collaborative and Security-focused” mindset through consistent messaging, community awareness and support via Zero Trust champions and regular training. Key activities include the following; • Nomination of Zero Trust champions • Creation of an organization Zero Trust microsite • Development of Training packs and Cheat sheets including Self paced online trainings • Roadshow and Brownbag (Internal and Vendor) • Vendor trainings and certifications • Training rollout / roadmap Measure success against the awareness vs. security incidents, consumption of assets and how it accelerates the delivery of secure project. Key activities include the following; • Adaptive cybersecurity awareness - progress review sessions • Project support, success measurement and Programme success/wins • Track metrics such as • ZT as primary driver • ZT as business enabler • Monitor and measure risk reduction by increasing control effectiveness Establishing a Centre for Enablement will enable an organisation to build reusable assets, leverage leading practices, develop self-services, establish a ZT community and implement new ZT solutions faster How would you enable Zero Trust in your organization ?
13 Template Zero Trust Organizational Structure 13 Objective: 1. Ensure business buy-in and sponsorship for the Zero Trust strategy and programme Objective: 1. Act as an escalation point for any execution challenges 2. Provide oversight on outcomes and alignment with business objectives Objective: 1. Provides access to a global pool of Zero Trust SMEs within organisations 2. Provides a safe forum for exchange of ideas and approaches around implementing Zero Trust 3. Provides and manages a central repository for artefacts and other documentation 4. Develops the relevant artefacts – ref. architecture, blueprints, patterns, deployment guides, etc. 5. Informs and involves operations (DevSecOps model) on changes as well as gains feedback for continuous improvement of services Review and align operational capabilities with output from Zero Trust projects Ensure ownership at C-Level Create a Zero Trust steering committee and Community of Interest Review and align existing business objectives with IT and Cyber security strategies Determine the top high level business risks and align with assets/data value Review the current risk tolerance / appetite and outline the impact of embedding a Zero Trust approach to the appetite Evaluate current security architecture, design principles and control methodology to identify uplift requirements based on Zero Trust principles Review and align cybersecurity for users and leadership to promote awareness of Zero Trust approach Enterprise Business Cyber security Operations and Users Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community
14 Template Zero Trust Governance Model 14 Business and Security Integration Implementation Technical Planning Architecture, Principles and Standards IT & Cyber Strategy, Programs, and KPIs Business objectives Zero Trust model & framework Zero Trust Reference Architecture (ZTRA) ZT Blueprints & Patterns Vendor/Product Docs Industry Leading practices and Benchmarks Ref. Architecture / HLD / LLD (Workload Owners) Operations Zero Trust Strategy & roadmap ITSM documentation Service & Ops manual Responsibility Artefacts Alignment Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community

Recommended

Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 

Recommended

Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020Jose Palanco
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxMark Simos
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 

More Related Content

What's hot

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020Jose Palanco
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxMark Simos
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 

What's hot (20)

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 

Similar to Zero Trust and Data Security

BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentityFredBrandonAuthorMCP
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformVertex Holdings
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools SolarWinds
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security RadarDaniel Steinfeld
 

Similar to Zero Trust and Data Security (20)

BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security Radar
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 

More from Career Communications Group

Technology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should KnowTechnology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should KnowCareer Communications Group
 
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...Career Communications Group
 
Power Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-ManagersPower Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-ManagersCareer Communications Group
 
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...Career Communications Group
 
The Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding HappinessThe Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding HappinessCareer Communications Group
 
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation SkillsWomen in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation SkillsCareer Communications Group
 
Mental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and InclusionMental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and InclusionCareer Communications Group
 
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under PressureImprovising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under PressureCareer Communications Group
 
Authenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a LeaderAuthenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a LeaderCareer Communications Group
 
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent PoolEmbracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent PoolCareer Communications Group
 
DEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a RealityDEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a RealityCareer Communications Group
 
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the WorkplaceSpeak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the WorkplaceCareer Communications Group
 
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership SuccessIntroverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership SuccessCareer Communications Group
 
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...Career Communications Group
 
Communication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive PeopleCommunication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive PeopleCareer Communications Group
 
Building Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting PerformanceBuilding Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting PerformanceCareer Communications Group
 

More from Career Communications Group (20)

Technology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should KnowTechnology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should Know
 
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
 
Power Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-ManagersPower Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-Managers
 
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
 
The Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding HappinessThe Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding Happiness
 
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation SkillsWomen in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
 
Mental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and InclusionMental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and Inclusion
 
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under PressureImprovising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
 
Authenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a LeaderAuthenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a Leader
 
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent PoolEmbracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
 
X-treme Resumes: Constructing a Stellar Resume
X-treme Resumes: Constructing a Stellar ResumeX-treme Resumes: Constructing a Stellar Resume
X-treme Resumes: Constructing a Stellar Resume
 
DEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a RealityDEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a Reality
 
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the WorkplaceSpeak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
 
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership SuccessIntroverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
 
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
 
Communication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive PeopleCommunication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive People
 
How Chat GPT and AI Will Impact the Workplace
How Chat GPT and AI Will Impact the WorkplaceHow Chat GPT and AI Will Impact the Workplace
How Chat GPT and AI Will Impact the Workplace
 
Building Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting PerformanceBuilding Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting Performance
 
Interview Skill That Get you Hired
Interview Skill That Get you HiredInterview Skill That Get you Hired
Interview Skill That Get you Hired
 
1505 Women in Tech-More than Just a Pipeline
1505 Women in Tech-More than Just a Pipeline 1505 Women in Tech-More than Just a Pipeline
1505 Women in Tech-More than Just a Pipeline
 

Recently uploaded

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Recently uploaded (20)

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Zero Trust and Data Security

  • 1.
  • 2. 2 Zero Trust and Data Security Uma Arjunan Director - Ford Motor Company Sierra Robinson Deputy Program Manager – Leidos Inc Autumn Leake Chief Engineer – Naval Air Systems Command
  • 3. 3 What is Zero Trust and why is it important in today's cybersecurity landscape? Definition: “A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised…” – NIST SP 800-207 Goal: Prevent unauthorized access to data and services coupled with making access control enforcement dynamic and as granular as possible for each data/resource request and session. Tenets/Principals: o Assume a Hostile Environment - Never Trust, Always Verify o Grant appropriate user resource access on a per-session basis o Rigorously perform authentication, and authorization enforcement o Use explicit permissions; determine by policy and dynamic attributes o All communications must be secured regardless of network location o Apply unified operations and analytics – NIST, CISA, GSA, and DoD consolidation
  • 4. 4 Connectivity is increasing the attack surface 4 Always connected, quick time to value, and collaborative needs are pushing security controls to the limit. Digital transformation Flat network Brand Protection Bring your own device All or nothing access User Experience Work from anywhere Lateral movement Consistency & Accuracy Fast Collaboration Insider threat Secure Cloud Delivery Pace Rigid access Secure Delivery Drivers 0 1 Pain points 0 2 Value 0 3
  • 5. 5 A Single Defensive Line Does Not Flex 5 Servers Applications Services/APIs Platforms Devices Data Cloud Providers Once inside, assets are at risk Vehicle Manufacturing What’s wrong with this approach? Relying On the Network As our Primary Access Control Creates a False sense of Security Once into our network we allow open access and rely on application teams to implement security controls We route all traffic through VPNs which is an antiquated approach with a poor user experience New collaborative needs require our security controls to know why users are granted access CSR JV Consultant Employee Risk is exponential given connectivity
  • 6. 6 2020 NIST Zero Trust Architecture (SP 800-207) EO 14028; DoD ZT RA; Draft CISA ZT MM 2021 2022 2024 OMB M-22-09 Castle & Moat “Defense in Depth” Zero Trust Architecture Implementation How does Zero Trust differ from traditional network security models?
  • 7. 7 Zero Trust Reference Model 7 Zero trust is focused on Identity, Device, Network/Environment, Application Workloads, and Data which can be achieved through maintaining Visibility and Analytics, Automation and Orchestration, and Governance. Pillars of Zero Trust by CISA Identity: Includes an attribute that uniquely describes an org, user, or entity. Organizations must ensure that the right users have the right access to the right resources at the right time. Device: Refers to any device that connects to the network. This includes IoT devices, laptops, phones, and servers. Organizations must ensure that unauthorized devices cannot access network resources. Network/Environment: Involves encryption, threat identification and mitigation, and the network’s logical configuration. Organizations are suggested to segment and control networks to direct internal/ external data flows. Application Workload: Comprises of computer programs, systems, and services that execute on-premises and in a cloud environment. Focuses on container management to achieve secure application delivery. Data: Involves the needs to be protected on devices, applications, and networks. Encourages that organizations should categorize, label, and protect data at rest and in transit. Provided by KPMG US Market Intelligence Source(s): CISA; Forrester. Are there any industry standards or frameworks that provide guidelines for implementing Zero Trust?
  • 8. 8 Zero Trust Strategy 8 The model uses three key principles: - Assume Nothing (Never trust) - Check Everything (Always verify) - Limit Access (Least Privilege) We will grant access based on: - Identity (Users, Device and Apps) - Devices (Laptops, Servers, Mobile devices) - Connectivity (Network, Cloud, etc.) - Services and Workloads (Apps, Platforms, Microservices, etc.) - Information (Data, Encryption, Classification, etc.) And Enhance : - Enterprise Security Architecture - Risk management - Cyber Governance - Cyber Engineering, Resilience and Recovery - Cyber Culture, awareness and training Threat protection Classification Backup Encryption DLP Identity Lifecycle Mgmt. Governance & Admin PAM Data & Apps. Cloud EDR SaaS Device Health Location App. Lifecycle IoT & OT SDLC Visibility & Analytics Encryption Segmented Zero Trust Operating Model Moving away from a one-time challenge granted through VPN technology, to continually evaluating a users’ need, the devices they are using, and only granting access based on an actual need will reduce risk, provide scalability, and simplify our security services. This is a layered security approach that is connected and continually aware. What are the key principles or tenets of a Zero Trust security framework?
  • 9. 9 How can organizations implement a zero-trust data security framework?
  • 10. 10 What happens if we don’t execute zero trust now? 10 • Flexibility to support our operating companies/affiliates is burdensome • Security of new collaboration is basic; not advanced • User experience is adversely impacted • Role and responsibility ambiguity will create issues • No defined ZT service taxonomy infers limited capabilities • Affiliates will implement their own capabilities • Service overlap and tool sprawl will occur • Pillar teams continue to implement based on their interpretation of ZT • No context shared between capabilities when ZT effectiveness implies sharing signals • Under-developed capabilities or service basics will limit progress toward automation, visibility and orchestration Limited Secure Technology Vision Perception of Inadequate Security Capabilities Inability to Scale Security Any incident response finding will ask why this was not done. Any potential security issue could be tied back to basic zero-trust defense hygiene or deterrents.
  • 11. 11 What challenges should one expect when implementing Zero Trust within their organization? Can any of them be avoided?
  • 12. 12 Zero Trust Center For Enablement 12 Assets Community Cyber Aware Success Focused on the development of assets with practical examples of solutions patterns, solution accelerators and leading-practices. Key activities include the development of the following artefacts; • Architecture template(s) • Roadmap and Strategy template(s) • Blueprint and technical designs • POC assessments and reports • Principles Focused on the development of a collaborative community and self- service ways of working, evangelizing the contribution, publication and promotion of reusable assets. Key activities include the setting up and governance of the following; • Steering committee • Zero Trust Community of Interest • Blogs / Monthly newsletters • ZT Internal publications • Monthly Roundup Building and fostering a “Open, Collaborative and Security-focused” mindset through consistent messaging, community awareness and support via Zero Trust champions and regular training. Key activities include the following; • Nomination of Zero Trust champions • Creation of an organization Zero Trust microsite • Development of Training packs and Cheat sheets including Self paced online trainings • Roadshow and Brownbag (Internal and Vendor) • Vendor trainings and certifications • Training rollout / roadmap Measure success against the awareness vs. security incidents, consumption of assets and how it accelerates the delivery of secure project. Key activities include the following; • Adaptive cybersecurity awareness - progress review sessions • Project support, success measurement and Programme success/wins • Track metrics such as • ZT as primary driver • ZT as business enabler • Monitor and measure risk reduction by increasing control effectiveness Establishing a Centre for Enablement will enable an organisation to build reusable assets, leverage leading practices, develop self-services, establish a ZT community and implement new ZT solutions faster How would you enable Zero Trust in your organization ?
  • 13. 13 Template Zero Trust Organizational Structure 13 Objective: 1. Ensure business buy-in and sponsorship for the Zero Trust strategy and programme Objective: 1. Act as an escalation point for any execution challenges 2. Provide oversight on outcomes and alignment with business objectives Objective: 1. Provides access to a global pool of Zero Trust SMEs within organisations 2. Provides a safe forum for exchange of ideas and approaches around implementing Zero Trust 3. Provides and manages a central repository for artefacts and other documentation 4. Develops the relevant artefacts – ref. architecture, blueprints, patterns, deployment guides, etc. 5. Informs and involves operations (DevSecOps model) on changes as well as gains feedback for continuous improvement of services Review and align operational capabilities with output from Zero Trust projects Ensure ownership at C-Level Create a Zero Trust steering committee and Community of Interest Review and align existing business objectives with IT and Cyber security strategies Determine the top high level business risks and align with assets/data value Review the current risk tolerance / appetite and outline the impact of embedding a Zero Trust approach to the appetite Evaluate current security architecture, design principles and control methodology to identify uplift requirements based on Zero Trust principles Review and align cybersecurity for users and leadership to promote awareness of Zero Trust approach Enterprise Business Cyber security Operations and Users Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community
  • 14. 14 Template Zero Trust Governance Model 14 Business and Security Integration Implementation Technical Planning Architecture, Principles and Standards IT & Cyber Strategy, Programs, and KPIs Business objectives Zero Trust model & framework Zero Trust Reference Architecture (ZTRA) ZT Blueprints & Patterns Vendor/Product Docs Industry Leading practices and Benchmarks Ref. Architecture / HLD / LLD (Workload Owners) Operations Zero Trust Strategy & roadmap ITSM documentation Service & Ops manual Responsibility Artefacts Alignment Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community