尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Zero Trust and Data Security

Download as PPTX, PDF
Career Communications Group
Career Communications Group

With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security. During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach. Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data. Learning Objectives: Upon completion of this seminar, participants will be able to: 1. Understand the history and evolution of Zero Trust and its application to data security. 2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security. 3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security. 4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data. 5. Network with other industry professionals to share insights and best practices.

Technology
1 of 14
2 Zero Trust and Data Security Uma Arjunan Director - Ford Motor Company Sierra Robinson Deputy Program Manager – Leidos Inc Autumn Leake Chief Engineer – Naval Air Systems Command
3 What is Zero Trust and why is it important in today's cybersecurity landscape? Definition: “A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised…” – NIST SP 800-207 Goal: Prevent unauthorized access to data and services coupled with making access control enforcement dynamic and as granular as possible for each data/resource request and session. Tenets/Principals: o Assume a Hostile Environment - Never Trust, Always Verify o Grant appropriate user resource access on a per-session basis o Rigorously perform authentication, and authorization enforcement o Use explicit permissions; determine by policy and dynamic attributes o All communications must be secured regardless of network location o Apply unified operations and analytics – NIST, CISA, GSA, and DoD consolidation
4 Connectivity is increasing the attack surface 4 Always connected, quick time to value, and collaborative needs are pushing security controls to the limit. Digital transformation Flat network Brand Protection Bring your own device All or nothing access User Experience Work from anywhere Lateral movement Consistency & Accuracy Fast Collaboration Insider threat Secure Cloud Delivery Pace Rigid access Secure Delivery Drivers 0 1 Pain points 0 2 Value 0 3
5 A Single Defensive Line Does Not Flex 5 Servers Applications Services/APIs Platforms Devices Data Cloud Providers Once inside, assets are at risk Vehicle Manufacturing What’s wrong with this approach? Relying On the Network As our Primary Access Control Creates a False sense of Security Once into our network we allow open access and rely on application teams to implement security controls We route all traffic through VPNs which is an antiquated approach with a poor user experience New collaborative needs require our security controls to know why users are granted access CSR JV Consultant Employee Risk is exponential given connectivity
6 2020 NIST Zero Trust Architecture (SP 800-207) EO 14028; DoD ZT RA; Draft CISA ZT MM 2021 2022 2024 OMB M-22-09 Castle & Moat “Defense in Depth” Zero Trust Architecture Implementation How does Zero Trust differ from traditional network security models?
7 Zero Trust Reference Model 7 Zero trust is focused on Identity, Device, Network/Environment, Application Workloads, and Data which can be achieved through maintaining Visibility and Analytics, Automation and Orchestration, and Governance. Pillars of Zero Trust by CISA Identity: Includes an attribute that uniquely describes an org, user, or entity. Organizations must ensure that the right users have the right access to the right resources at the right time. Device: Refers to any device that connects to the network. This includes IoT devices, laptops, phones, and servers. Organizations must ensure that unauthorized devices cannot access network resources. Network/Environment: Involves encryption, threat identification and mitigation, and the network’s logical configuration. Organizations are suggested to segment and control networks to direct internal/ external data flows. Application Workload: Comprises of computer programs, systems, and services that execute on-premises and in a cloud environment. Focuses on container management to achieve secure application delivery. Data: Involves the needs to be protected on devices, applications, and networks. Encourages that organizations should categorize, label, and protect data at rest and in transit. Provided by KPMG US Market Intelligence Source(s): CISA; Forrester. Are there any industry standards or frameworks that provide guidelines for implementing Zero Trust?
8 Zero Trust Strategy 8 The model uses three key principles: - Assume Nothing (Never trust) - Check Everything (Always verify) - Limit Access (Least Privilege) We will grant access based on: - Identity (Users, Device and Apps) - Devices (Laptops, Servers, Mobile devices) - Connectivity (Network, Cloud, etc.) - Services and Workloads (Apps, Platforms, Microservices, etc.) - Information (Data, Encryption, Classification, etc.) And Enhance : - Enterprise Security Architecture - Risk management - Cyber Governance - Cyber Engineering, Resilience and Recovery - Cyber Culture, awareness and training Threat protection Classification Backup Encryption DLP Identity Lifecycle Mgmt. Governance & Admin PAM Data & Apps. Cloud EDR SaaS Device Health Location App. Lifecycle IoT & OT SDLC Visibility & Analytics Encryption Segmented Zero Trust Operating Model Moving away from a one-time challenge granted through VPN technology, to continually evaluating a users’ need, the devices they are using, and only granting access based on an actual need will reduce risk, provide scalability, and simplify our security services. This is a layered security approach that is connected and continually aware. What are the key principles or tenets of a Zero Trust security framework?
9 How can organizations implement a zero-trust data security framework?
10 What happens if we don’t execute zero trust now? 10 • Flexibility to support our operating companies/affiliates is burdensome • Security of new collaboration is basic; not advanced • User experience is adversely impacted • Role and responsibility ambiguity will create issues • No defined ZT service taxonomy infers limited capabilities • Affiliates will implement their own capabilities • Service overlap and tool sprawl will occur • Pillar teams continue to implement based on their interpretation of ZT • No context shared between capabilities when ZT effectiveness implies sharing signals • Under-developed capabilities or service basics will limit progress toward automation, visibility and orchestration Limited Secure Technology Vision Perception of Inadequate Security Capabilities Inability to Scale Security Any incident response finding will ask why this was not done. Any potential security issue could be tied back to basic zero-trust defense hygiene or deterrents.
11 What challenges should one expect when implementing Zero Trust within their organization? Can any of them be avoided?
12 Zero Trust Center For Enablement 12 Assets Community Cyber Aware Success Focused on the development of assets with practical examples of solutions patterns, solution accelerators and leading-practices. Key activities include the development of the following artefacts; • Architecture template(s) • Roadmap and Strategy template(s) • Blueprint and technical designs • POC assessments and reports • Principles Focused on the development of a collaborative community and self- service ways of working, evangelizing the contribution, publication and promotion of reusable assets. Key activities include the setting up and governance of the following; • Steering committee • Zero Trust Community of Interest • Blogs / Monthly newsletters • ZT Internal publications • Monthly Roundup Building and fostering a “Open, Collaborative and Security-focused” mindset through consistent messaging, community awareness and support via Zero Trust champions and regular training. Key activities include the following; • Nomination of Zero Trust champions • Creation of an organization Zero Trust microsite • Development of Training packs and Cheat sheets including Self paced online trainings • Roadshow and Brownbag (Internal and Vendor) • Vendor trainings and certifications • Training rollout / roadmap Measure success against the awareness vs. security incidents, consumption of assets and how it accelerates the delivery of secure project. Key activities include the following; • Adaptive cybersecurity awareness - progress review sessions • Project support, success measurement and Programme success/wins • Track metrics such as • ZT as primary driver • ZT as business enabler • Monitor and measure risk reduction by increasing control effectiveness Establishing a Centre for Enablement will enable an organisation to build reusable assets, leverage leading practices, develop self-services, establish a ZT community and implement new ZT solutions faster How would you enable Zero Trust in your organization ?
13 Template Zero Trust Organizational Structure 13 Objective: 1. Ensure business buy-in and sponsorship for the Zero Trust strategy and programme Objective: 1. Act as an escalation point for any execution challenges 2. Provide oversight on outcomes and alignment with business objectives Objective: 1. Provides access to a global pool of Zero Trust SMEs within organisations 2. Provides a safe forum for exchange of ideas and approaches around implementing Zero Trust 3. Provides and manages a central repository for artefacts and other documentation 4. Develops the relevant artefacts – ref. architecture, blueprints, patterns, deployment guides, etc. 5. Informs and involves operations (DevSecOps model) on changes as well as gains feedback for continuous improvement of services Review and align operational capabilities with output from Zero Trust projects Ensure ownership at C-Level Create a Zero Trust steering committee and Community of Interest Review and align existing business objectives with IT and Cyber security strategies Determine the top high level business risks and align with assets/data value Review the current risk tolerance / appetite and outline the impact of embedding a Zero Trust approach to the appetite Evaluate current security architecture, design principles and control methodology to identify uplift requirements based on Zero Trust principles Review and align cybersecurity for users and leadership to promote awareness of Zero Trust approach Enterprise Business Cyber security Operations and Users Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community
14 Template Zero Trust Governance Model 14 Business and Security Integration Implementation Technical Planning Architecture, Principles and Standards IT & Cyber Strategy, Programs, and KPIs Business objectives Zero Trust model & framework Zero Trust Reference Architecture (ZTRA) ZT Blueprints & Patterns Vendor/Product Docs Industry Leading practices and Benchmarks Ref. Architecture / HLD / LLD (Workload Owners) Operations Zero Trust Strategy & roadmap ITSM documentation Service & Ops manual Responsibility Artefacts Alignment Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community

Recommended

The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 

Recommended

The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
Katie Nickels
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
Christopher Korban
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
Eryk Budi Pratama
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
 

More Related Content

What's hot

Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
Katie Nickels
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
Christopher Korban
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
Eryk Budi Pratama
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 

What's hot (20)

Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
 
Cybersecurity - Mobile Application Security
Cybersecurity - Mobile Application SecurityCybersecurity - Mobile Application Security
Cybersecurity - Mobile Application Security
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 

Similar to Zero Trust and Data Security

BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
Priyanka Aash
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Doeren Mayhew
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
Vertex Holdings
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
William McBorrough
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
SolarWinds
 
CCA study group
CCA study groupCCA study group
CCA study group
IIBA UK Chapter
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
VaishnavGhadge1
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security Radar
Daniel Steinfeld
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
Hafid CHEBRAOUI
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
Techdemocracy
 

Similar to Zero Trust and Data Security (20)

BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
SC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and IdentitySC-900 Concepts of Security, Compliance, and Identity
SC-900 Concepts of Security, Compliance, and Identity
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools Government Webinar: Improving Security Compliance with IT Monitoring Tools
Government Webinar: Improving Security Compliance with IT Monitoring Tools
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
Detecon Cyber Security Radar
Detecon Cyber Security RadarDetecon Cyber Security Radar
Detecon Cyber Security Radar
 
Cs cmaster
Cs cmasterCs cmaster
Cs cmaster
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 

More from Career Communications Group

Technology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should KnowTechnology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should Know
Career Communications Group
 
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Career Communications Group
 
Power Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-ManagersPower Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-Managers
Career Communications Group
 
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Career Communications Group
 
The Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding HappinessThe Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding Happiness
Career Communications Group
 
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation SkillsWomen in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Career Communications Group
 
Mental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and InclusionMental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and Inclusion
Career Communications Group
 
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under PressureImprovising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
Career Communications Group
 
Authenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a LeaderAuthenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a Leader
Career Communications Group
 
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent PoolEmbracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Career Communications Group
 
X-treme Resumes: Constructing a Stellar Resume
X-treme Resumes: Constructing a Stellar ResumeX-treme Resumes: Constructing a Stellar Resume
X-treme Resumes: Constructing a Stellar Resume
Career Communications Group
 
DEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a RealityDEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a Reality
Career Communications Group
 
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the WorkplaceSpeak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Career Communications Group
 
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership SuccessIntroverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
Career Communications Group
 
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Career Communications Group
 
Communication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive PeopleCommunication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive People
Career Communications Group
 
How Chat GPT and AI Will Impact the Workplace
How Chat GPT and AI Will Impact the WorkplaceHow Chat GPT and AI Will Impact the Workplace
How Chat GPT and AI Will Impact the Workplace
Career Communications Group
 
Building Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting PerformanceBuilding Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting Performance
Career Communications Group
 
Interview Skill That Get you Hired
Interview Skill That Get you HiredInterview Skill That Get you Hired
Interview Skill That Get you Hired
Career Communications Group
 
1505 Women in Tech-More than Just a Pipeline
1505 Women in Tech-More than Just a Pipeline 1505 Women in Tech-More than Just a Pipeline
1505 Women in Tech-More than Just a Pipeline
Career Communications Group
 

More from Career Communications Group (20)

Technology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should KnowTechnology Trends Every STEM Manager Should Know
Technology Trends Every STEM Manager Should Know
 
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
Unleashing Your Authentic Voice: Building Confidence and Discovering Your Tru...
 
Power Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-ManagersPower Up Your Performance: Essential Skills for Non-Managers
Power Up Your Performance: Essential Skills for Non-Managers
 
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
Keep the Fire Burning: Connecting Values, Identity, and Passion to Avoid Burn...
 
The Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding HappinessThe Golden Rules for Achieving Your Goals and Finding Happiness
The Golden Rules for Achieving Your Goals and Finding Happiness
 
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation SkillsWomen in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
Women in Leadership: Enhancing Confidence, Communication, and Negotiation Skills
 
Mental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and InclusionMental Health in the Era of Diversity and Inclusion
Mental Health in the Era of Diversity and Inclusion
 
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under PressureImprovising With Confidence: Learning to Speak Eloquently Under Pressure
Improvising With Confidence: Learning to Speak Eloquently Under Pressure
 
Authenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a LeaderAuthenticity: Embracing Your True Self as a Leader
Authenticity: Embracing Your True Self as a Leader
 
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent PoolEmbracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
Embracing Neurodiversity in the Workplace: Unlocking a Diverse Talent Pool
 
X-treme Resumes: Constructing a Stellar Resume
X-treme Resumes: Constructing a Stellar ResumeX-treme Resumes: Constructing a Stellar Resume
X-treme Resumes: Constructing a Stellar Resume
 
DEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a RealityDEI Ambassadors: Making a Diverse Workplace a Reality
DEI Ambassadors: Making a Diverse Workplace a Reality
 
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the WorkplaceSpeak Up and Stand Out: Assertiveness Skills for Women in the Workplace
Speak Up and Stand Out: Assertiveness Skills for Women in the Workplace
 
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership SuccessIntroverts as Leaders: Harnessing Quiet Power for Leadership Success
Introverts as Leaders: Harnessing Quiet Power for Leadership Success
 
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
Managing Emotional Tension: Strategies for Navigating Personality Disagreemen...
 
Communication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive PeopleCommunication Strategies for Engaging Highly Sensitive People
Communication Strategies for Engaging Highly Sensitive People
 
How Chat GPT and AI Will Impact the Workplace
How Chat GPT and AI Will Impact the WorkplaceHow Chat GPT and AI Will Impact the Workplace
How Chat GPT and AI Will Impact the Workplace
 
Building Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting PerformanceBuilding Resilience: Strategies for Managing Stress and Boosting Performance
Building Resilience: Strategies for Managing Stress and Boosting Performance
 
Interview Skill That Get you Hired
Interview Skill That Get you HiredInterview Skill That Get you Hired
Interview Skill That Get you Hired
 
1505 Women in Tech-More than Just a Pipeline
1505 Women in Tech-More than Just a Pipeline 1505 Women in Tech-More than Just a Pipeline
1505 Women in Tech-More than Just a Pipeline
 

Recently uploaded

QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
ScyllaDB
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
Larry Smarr
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 
Day 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data ManipulationDay 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data Manipulation
UiPathCommunity
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
ScyllaDB
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
anilsa9823
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
Kieran Kunhya
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
DianaGray10
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
Enterprise Knowledge
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
Mydbops
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
ThousandEyes
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes
 

Recently uploaded (20)

QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 
Day 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data ManipulationDay 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data Manipulation
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
 

Zero Trust and Data Security

  • 1.
  • 2. 2 Zero Trust and Data Security Uma Arjunan Director - Ford Motor Company Sierra Robinson Deputy Program Manager – Leidos Inc Autumn Leake Chief Engineer – Naval Air Systems Command
  • 3. 3 What is Zero Trust and why is it important in today's cybersecurity landscape? Definition: “A collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised…” – NIST SP 800-207 Goal: Prevent unauthorized access to data and services coupled with making access control enforcement dynamic and as granular as possible for each data/resource request and session. Tenets/Principals: o Assume a Hostile Environment - Never Trust, Always Verify o Grant appropriate user resource access on a per-session basis o Rigorously perform authentication, and authorization enforcement o Use explicit permissions; determine by policy and dynamic attributes o All communications must be secured regardless of network location o Apply unified operations and analytics – NIST, CISA, GSA, and DoD consolidation
  • 4. 4 Connectivity is increasing the attack surface 4 Always connected, quick time to value, and collaborative needs are pushing security controls to the limit. Digital transformation Flat network Brand Protection Bring your own device All or nothing access User Experience Work from anywhere Lateral movement Consistency & Accuracy Fast Collaboration Insider threat Secure Cloud Delivery Pace Rigid access Secure Delivery Drivers 0 1 Pain points 0 2 Value 0 3
  • 5. 5 A Single Defensive Line Does Not Flex 5 Servers Applications Services/APIs Platforms Devices Data Cloud Providers Once inside, assets are at risk Vehicle Manufacturing What’s wrong with this approach? Relying On the Network As our Primary Access Control Creates a False sense of Security Once into our network we allow open access and rely on application teams to implement security controls We route all traffic through VPNs which is an antiquated approach with a poor user experience New collaborative needs require our security controls to know why users are granted access CSR JV Consultant Employee Risk is exponential given connectivity
  • 6. 6 2020 NIST Zero Trust Architecture (SP 800-207) EO 14028; DoD ZT RA; Draft CISA ZT MM 2021 2022 2024 OMB M-22-09 Castle & Moat “Defense in Depth” Zero Trust Architecture Implementation How does Zero Trust differ from traditional network security models?
  • 7. 7 Zero Trust Reference Model 7 Zero trust is focused on Identity, Device, Network/Environment, Application Workloads, and Data which can be achieved through maintaining Visibility and Analytics, Automation and Orchestration, and Governance. Pillars of Zero Trust by CISA Identity: Includes an attribute that uniquely describes an org, user, or entity. Organizations must ensure that the right users have the right access to the right resources at the right time. Device: Refers to any device that connects to the network. This includes IoT devices, laptops, phones, and servers. Organizations must ensure that unauthorized devices cannot access network resources. Network/Environment: Involves encryption, threat identification and mitigation, and the network’s logical configuration. Organizations are suggested to segment and control networks to direct internal/ external data flows. Application Workload: Comprises of computer programs, systems, and services that execute on-premises and in a cloud environment. Focuses on container management to achieve secure application delivery. Data: Involves the needs to be protected on devices, applications, and networks. Encourages that organizations should categorize, label, and protect data at rest and in transit. Provided by KPMG US Market Intelligence Source(s): CISA; Forrester. Are there any industry standards or frameworks that provide guidelines for implementing Zero Trust?
  • 8. 8 Zero Trust Strategy 8 The model uses three key principles: - Assume Nothing (Never trust) - Check Everything (Always verify) - Limit Access (Least Privilege) We will grant access based on: - Identity (Users, Device and Apps) - Devices (Laptops, Servers, Mobile devices) - Connectivity (Network, Cloud, etc.) - Services and Workloads (Apps, Platforms, Microservices, etc.) - Information (Data, Encryption, Classification, etc.) And Enhance : - Enterprise Security Architecture - Risk management - Cyber Governance - Cyber Engineering, Resilience and Recovery - Cyber Culture, awareness and training Threat protection Classification Backup Encryption DLP Identity Lifecycle Mgmt. Governance & Admin PAM Data & Apps. Cloud EDR SaaS Device Health Location App. Lifecycle IoT & OT SDLC Visibility & Analytics Encryption Segmented Zero Trust Operating Model Moving away from a one-time challenge granted through VPN technology, to continually evaluating a users’ need, the devices they are using, and only granting access based on an actual need will reduce risk, provide scalability, and simplify our security services. This is a layered security approach that is connected and continually aware. What are the key principles or tenets of a Zero Trust security framework?
  • 9. 9 How can organizations implement a zero-trust data security framework?
  • 10. 10 What happens if we don’t execute zero trust now? 10 • Flexibility to support our operating companies/affiliates is burdensome • Security of new collaboration is basic; not advanced • User experience is adversely impacted • Role and responsibility ambiguity will create issues • No defined ZT service taxonomy infers limited capabilities • Affiliates will implement their own capabilities • Service overlap and tool sprawl will occur • Pillar teams continue to implement based on their interpretation of ZT • No context shared between capabilities when ZT effectiveness implies sharing signals • Under-developed capabilities or service basics will limit progress toward automation, visibility and orchestration Limited Secure Technology Vision Perception of Inadequate Security Capabilities Inability to Scale Security Any incident response finding will ask why this was not done. Any potential security issue could be tied back to basic zero-trust defense hygiene or deterrents.
  • 11. 11 What challenges should one expect when implementing Zero Trust within their organization? Can any of them be avoided?
  • 12. 12 Zero Trust Center For Enablement 12 Assets Community Cyber Aware Success Focused on the development of assets with practical examples of solutions patterns, solution accelerators and leading-practices. Key activities include the development of the following artefacts; • Architecture template(s) • Roadmap and Strategy template(s) • Blueprint and technical designs • POC assessments and reports • Principles Focused on the development of a collaborative community and self- service ways of working, evangelizing the contribution, publication and promotion of reusable assets. Key activities include the setting up and governance of the following; • Steering committee • Zero Trust Community of Interest • Blogs / Monthly newsletters • ZT Internal publications • Monthly Roundup Building and fostering a “Open, Collaborative and Security-focused” mindset through consistent messaging, community awareness and support via Zero Trust champions and regular training. Key activities include the following; • Nomination of Zero Trust champions • Creation of an organization Zero Trust microsite • Development of Training packs and Cheat sheets including Self paced online trainings • Roadshow and Brownbag (Internal and Vendor) • Vendor trainings and certifications • Training rollout / roadmap Measure success against the awareness vs. security incidents, consumption of assets and how it accelerates the delivery of secure project. Key activities include the following; • Adaptive cybersecurity awareness - progress review sessions • Project support, success measurement and Programme success/wins • Track metrics such as • ZT as primary driver • ZT as business enabler • Monitor and measure risk reduction by increasing control effectiveness Establishing a Centre for Enablement will enable an organisation to build reusable assets, leverage leading practices, develop self-services, establish a ZT community and implement new ZT solutions faster How would you enable Zero Trust in your organization ?
  • 13. 13 Template Zero Trust Organizational Structure 13 Objective: 1. Ensure business buy-in and sponsorship for the Zero Trust strategy and programme Objective: 1. Act as an escalation point for any execution challenges 2. Provide oversight on outcomes and alignment with business objectives Objective: 1. Provides access to a global pool of Zero Trust SMEs within organisations 2. Provides a safe forum for exchange of ideas and approaches around implementing Zero Trust 3. Provides and manages a central repository for artefacts and other documentation 4. Develops the relevant artefacts – ref. architecture, blueprints, patterns, deployment guides, etc. 5. Informs and involves operations (DevSecOps model) on changes as well as gains feedback for continuous improvement of services Review and align operational capabilities with output from Zero Trust projects Ensure ownership at C-Level Create a Zero Trust steering committee and Community of Interest Review and align existing business objectives with IT and Cyber security strategies Determine the top high level business risks and align with assets/data value Review the current risk tolerance / appetite and outline the impact of embedding a Zero Trust approach to the appetite Evaluate current security architecture, design principles and control methodology to identify uplift requirements based on Zero Trust principles Review and align cybersecurity for users and leadership to promote awareness of Zero Trust approach Enterprise Business Cyber security Operations and Users Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community
  • 14. 14 Template Zero Trust Governance Model 14 Business and Security Integration Implementation Technical Planning Architecture, Principles and Standards IT & Cyber Strategy, Programs, and KPIs Business objectives Zero Trust model & framework Zero Trust Reference Architecture (ZTRA) ZT Blueprints & Patterns Vendor/Product Docs Industry Leading practices and Benchmarks Ref. Architecture / HLD / LLD (Workload Owners) Operations Zero Trust Strategy & roadmap ITSM documentation Service & Ops manual Responsibility Artefacts Alignment Development, Delivery & Implementation IT/Security architects & Technical Managers IT & Security Operations Technical Governance and Leadership IT Cyber EA & SA DevSecOps Steering committee Stakeholders Business Leadership Zero Trust community
  翻译: