(SACON) Vandana Verma - Living In A World of Zero Trust
•
0 likes•505 views
As now everything is moving to cloud, all the applications are accessible from anywhere and everywhere. However, No one wants their private information to be compromised and openly available for the world. We have been taking so many precautions, however breaches continue to happen. How should we fix this? Organisations have been talking about Zero Trust lately and this has become a buzzword. The talk will explore Zero Trust beyond the buzzword and describe what exactly is Zero Trust and why it is so important to keep organisations safe. How can we implement or deploy Zero Trust in an organisation while keeping the current and future state of an organization in mind. What should be the business model to move any organisation towards Zero Trust Architecture and what all policies need to be implemented to achieve the same. In the end, certain recommendations will be shared with the participants as a takeaway from my own experiences while working towards implementing the Zero Trust.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to (SACON) Vandana Verma - Living In A World of Zero Trust
Similar to (SACON) Vandana Verma - Living In A World of Zero Trust (20)
More from Priyanka Aash
More from Priyanka Aash (20)
Recently uploaded
Recently uploaded (20)
(SACON) Vandana Verma - Living In A World of Zero Trust
- 1. SACON SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur Life in the world of Zero Trust Vandana Verma Sehgal Infosecvandana
- 2. SACON 2020 WHO AM I ● OWASP Global Board ● Speaker/Trainer at Defcon(AppSec Village), Asst. Trainer at Black Hat, OWASP AppSec Conferences and others ● Member of Review Board at Grace Hopper, BSides Ahmedabad, ● Global AppSec, etc. ● Diversity Initiatives: ○ InfoSec Girls, OWASP WiA, WoSec ○ Free Trainings at Conferences ○ Webinars, Personal Mentoring, etc.
- 3. SACON 2020
- 4. SACON 2020
- 6. SACON 2020 Traditional Security Model
- 7. SACON 2020 Traditional Security Model Access control lists (ACLs) Role-based access controls (RBAC) Principles of least privilege Zero Trust model
- 8. SACON 2020 History • First in 2010 by John Kindervag • Late Google as a part of their “Beyond Corp” • Means different for different people
- 9. SACON 2020 Why Zero Trust? • Cybersecurity Ventures predicts “cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015” • Ponemon Institute and sponsored by IBM- Data Breach Study found that the global average cost of a data breach is $3.62 million. • “More than 40% of companies have more than a quarter of their employees working remotely. More than 25% have more than 40% of their employees working remotely.” • Additionally, “More than 67% of workers use their own devices at work.” • Beyond that, “80% of all BYOD is completely unmanaged.”
- 10. SACON 2020 Gartner Zero-trust network access “provides adaptive, identity-aware, precision access” and “enables digital ecosystems to work without exposing services directly to the internet.”
- 11. SACON 2020 Forrester estimates “80% of data breaches are caused by privileged access abuse”
- 12. SACON 2020 Zero Trust Model By Forrester Ø Ensure all resources are accessed securely regardless of location Ø Adopt a Principle of least privilege strategy and strictly enforce Access Control. Ø Inspect and perform logging all traffic.
- 13. SACON 2020 Never Trust, Always Verify •Never trust the client •Never Trust the server •Never Trust the network
- 17. SACON 2020 Provide Users With Application-Only Access, Not Network Access
- 18. SACON 2020 Isolate Your Network Infrastructure From the Public Internet
- 19. SACON 2020 Enable WAF to Protect Corporate Applications
- 20. SACON 2020 Put Identity, Authentication, and Authorization in Place Before Providing Access
- 21. SACON 2020 Use Advanced Threat Protection to Defend Against Phishing, Zero-Day Malware, and DNS-Based Data Exfiltration
- 22. SACON 2020 Monitor Internet-Bound Traffic and Activity
- 23. SACON 2020 Support Integration with Security Information and Event Management (SIEM) and Orchestration Through RESTful APIs
- 24. SACON 2020 Applied in the Cloud
- 25. SACON 2020 Attacker Response to ZTA “The best offense is a good defense” https://securityboulevard.com/2019/10/countdown-to-zero-why-zero-trust-is-in- the-spotlight/
- 27. SACON 2020 Zero Trust security is no longer just a concept. It has become an essential security strategy that helps organizations protect their valuable data in a “perimeter-everywhere” world.
- 28. SACON 2020 "Trust is a dangerous vulnerability that can be exploited” - John Kindervag
- 29. SACON 2020 The new security perimeter is identity
- 30. SACON 2020 Deploying Trusting Zero • Identify the protect surface • Identify roles and assign people to a single role • Map the transaction flows • Build a Zero Trust architecture • Create Zero Trust policy • Monitor and maintain, inspect and log the traffic based on your behaviour analytics
- 31. SACON 2020 Reach Me!! ● Twitter: @InfosecVandana ● LinkedIn: vandana-verma ● Email: vandana.infosec@gmail.com
- 32. SACON 2020 • https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture • https://www.csoonline.com/article/3247848/what-is-zero-trust-a-model-for-more-effective-security.html • https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft.pdf • https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ • https://ldapwiki.com/wiki/Zero%20Trust • https://www.youtube.com/watch?v=-Why_ZjJUhg • https://www.forbes.com/sites/louiscolumbus/2019/02/07/digital-transformations-missing-link-is-zero- trust/#6be166fe727f • https://www.akamai.com/us/en/multimedia/documents/white-paper/how-to-guide-zero-trust-security- transformation.pdf • https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft.pdf • https://www.youtube.com/watch?v=1D5mg9an19o References