'Advantage of deploying Zero-Trust security'

Many IT security leaders are embracing zero trust as an effective approach in today’s cloud-first world. The Zero Trust model of security is increasingly being adopted by enterprise and government security teams with good reason. VARINDIA has recently organized an event along with Keysight Technologies on the topic “Advantage of deploying Zero-Trust security”, at the Leela, Mumbai.  

  In his welcome addreszs, Dr. Deepak Kumar Sahu, Editor-in-Chief, VARINDIA said, “Zero Trust is the Architecture of the Future. From wide adoption of cloud-based services to the proliferation of mobile devices; from the emergence of advanced new cyber threats to the recent sudden shift to remote work. The last decade has been full of disruptions that required organizations to adapt and accelerate their security transformation. And as we look forward to the next major disruption—the move to hybrid work—one thing is clear: the pace of change isn’t slowing down. The shift to hybrid work, accelerated by COVID-19, is also driving the move towards broader adoption of Zero Trust with 81 percent of organizations having already begun the move toward a hybrid workplace. Zero Trust will be critical to help maintain security amid the IT complexity that comes with hybrid work. More than half of respondents expect the relative importance of their Zero Trust strategy to increase by 2023. And not surprisingly, 73 percent expect their Zero Trust budget is going to increase. As organizations realize the additional benefits of Zero Trust and leaders continue to pull ahead, we expect to see an increase in these numbers.”

Dr. Harold D'Costa 
CEO, Intelligent Quotient

In terms of cybercrime, the most important weakness in the system is basically the security. We may have the technologies, we may have the applications, but we have a lot of daunting issues which have to be resolved. Keysight has been doing a lot of work in the field of security. Today in this cyber world, you can’t believe anybody. The belief only has to come from technology. If you minimize the use of human beings, as far as technology is concerned mostly pertaining to security, I believe that we can have a better ecosystem in place.

Zero trust is an approach to design a security architecture where every interaction starts in an untrusted state.  Banking sector is one of the most vulnerable areas. Working with banks I found that even the best of the banks were vulnerable to the cyber attacks.

Bogdan Dinu 
Solutions Architect, Keysight Technologies

Keysight is focused on a whole range of enterprise customers as well as service provider customers, healthcare, financial, retail, industrial IoT and OT and government, along with defense, aerospace, quantum computing, automotive, etc. Zero trust is not one solution; it is a guideline on how to implement security in the modern business. The new perimeter looks a lot more ubiquitous than it used to be before. The security teams need to be retrained. They will not have the same skills to work with physical firewalls trying to secure the cloud. The legacy networks can still be protected as a perimeter but they are very vulnerable to attacks from the new network perimeter like from the clouds.

Panel Discussion: Zero trust is a network security model

While moderating the panel discussion session Dr. Deepak Kumar Sahu, Editor-in-chief, VARINDIA said, “Zero trust is a network security model based on the philosophy that no person or any device inside or outside an organization network should be granted access to connect to the IT system or services until authenticated and continuously verified. The zero trust model relies on strong authentication and authorization of every device and person's access before data transfer takes place on a private network. No matter if they are inside or outside that network perimeter. The process also combines analytics, filtering and logging to verify behaviour and continually watch for signals of compromise.”

Rushikant Shastri
Vice President Technology, SBI

“Zero trust is nothing but a strategic approach in terms of cyber security. Organizations secure themselves by eliminating implicit trust and making sure they validate every digital interaction. In other words it unifies the manifest of all the cyber security facets. Basic assumption is do not trust anyone, make sure to authenticate, validate devices, applications, networks and end users. There are mainly four principles for implementing the zero-trust framework. First step is making sure that you have defined your resource, which needs to be protected. Step two; make sure your communication is secured. Third principle is that all the activities to be monitored and recorded. Lastly, whenever access is given to users, as soon as the purpose is achieved the access is revoked. If these four principles are followed then we can implement any framework.”

Rakesh Kharwal
CEO, RockLadder Technologies

“The way we have been looking at security over the years, it’s primarily been focused on perimeters, building the castles and trying to fortify the entry points. With the world changing and cloud coming in, digitalization is happening, with people working from home the perimeters have disappeared. The entire journey has to be mapped in terms of not just looking at the alerts and logs but also the devices, identities, monitoring all of it and also responding in real-time. Threat intelligence is very critical for the organizations. It is important to monitor the threat landscape within the organization by looking at the access, the identities and the policies related to these tools but also by monitoring what is happening in the outer world.”

Bogdan Dinu
Solutions Architect, Keysight Technologies

“Even though the companies which are compliant are still getting a lot of breaches. Compliance is a set of rules that can leave gaps in your defenses. You have to continuously validate and audit your defenses and the people not just for compliance, but for the people to know what they are doing in the organization. We have the best practices which say you should send spear phishing emails to your own people and suppliers to make sure that your entire chain and the enterprise is prepared in case of an attack. This helps in achieving two things: showing the amount of people that needs training and if these attacks get past your security perimeter.”

Dr. Harold D’Costa
CEO, Intelligent Quotient

“Compliance is a very critical real-time audit in which you can come out with different threats and have patch management to ensure that the security breaches are being minimized. With the advent of  technologies, cyber crimes are increasing exponentially. For a corporate network if there is any breach of trust then it will take a lot of time for any investigation to be completed, so prevention is better than cure. When we talk about zero-trust this ‘trust’ is a term where if ‘t’ is removed it becomes ‘rust’ and the time has come when we should remove the ‘t’ as over-trust can be a problem in the system.”

Manish Gupta
Head- Enterprise India & SAARC, Keysight Technologies

While delivering the Vote of Thanks, Manish said, "It is very important for enterprises to see the compliances are secured as well as the security is meeting the legal prospect. It is not only that you are securing your data and network but if any breach happens then also how you and your systems are ready to take legal steps. Keysight Technologies as an organization helps and supports our customers in both domains, as our visibility solution helps customers to identify the blind spots, while our test and measurement solution helps to robust the network."