What steps can companies take to adopt a Zero Trust approach to security?
Zero trust - never trust, always verify.
Zero Trust isn’t as simple as turning on certain pieces of software. Zero Trust is a holistic approach to security that requires reorganizing a company’s strategy around its three core principles:
-
Verify every user
-
Validate every device
- Intelligently limit access
For the first two, the key is really in SSO and MFA, which can help with rigorous and repeated verification of users and devices. They tie digital identities to trusted users, and continuously ensure that they are who they say they are. For number three, it’s about minimizing exposure, giving people access only to the data and resources they need for their jobs.
There are standalone solutions that offer MFA and SSO services, but Zero Trust is really bolstered by something like Idaptive’s Next-Generation Access approach. You have to be able to seamlessly integrate all of the pillars of Zero Trust for an airtight identity management solution.
The actual first step of adopting Zero Trust is to make sure that your organization is ready to undergo a wholesale philosophical change. While this might sound a bit esoteric, it’s an incredibly important first step.
And at the end of the day, it’s all worth it. Research has shown that Zero Trust results in fewer breaches while reducing technology costs, since various identity management tools are integrated.
This post originally appeared in a Quora Q&A session hosted in May 2019. Our CEO Danny Kibel was asked to give his opinion on the state of cybersecurity, Zero Trust, working in the security field and entrepreneurship, among other things. For more of his answers visit Quora.
Danny Kibel
Danny Kibel is Chief Executive Officer at Idaptive, leading the overall strategy and vision for this newcomer to the identity and access management market. Under Danny’s direction, Idaptive is establishing its Next-Gen Access Cloud platform as the cornerstone of the Zero Trust approach to security, securing access for everyone, everywhere and on every device.
Prior to taking the helm at Idaptive, Danny was Vice President of Engineering & Operations at Centrify, where he led the development and delivery of the company’s cloud identity and mobility products.
With more than 20 years of experience designing, developing and delivering software, Danny has combined his deep technical background and strong business perspective to help create and deliver innovative products and solutions for enterprise software companies worldwide. Prior to his leadership roles at Idaptive and Centrify, he was a senior director at ServiceNow, leading several teams that automated and managed application releases in cloud environments. Before that, Danny was a senior software manager at Cisco for nearly eight years. Earlier in his career, he led the delivery and solutions team for a startup company that was later acquired by Cisco.
Danny graduated from the Hebrew University of Jerusalem with a degree in computer science and later earned an MBA in marketing and technology management from Tel Aviv University.
CHAMELEON-LIKE SUPERPOWER
If Danny could have any chameleon-like superpower, it would be the chameleon's 360-degree vision. In the wild, the chameleon is faced with opportunities (a yummy grasshopper hanging about), as well as dangers (a snake lurking nearby, or a hawk flying up above), so having 360- degree vision helps the chameleon evolve while protecting it from predators. “Similarly, to run a successful business, one needs to have a wide perspective of the market, technology, opportunities and challenges.”