Page 86 - Cyber Defense eMagazine January 2023
P. 86

How will ZTA Impact on Information Security Managers’ Day-to-Day Roles?

            With ZTA in place, Infosec Management starts to look a little different. The Infosec Manager will need to
            manage more authentication factors, such as one-time passwords, IP addresses and biometrics. And
            with more possibilities for authentication, the Infosec Manager will also be required to focus more deeply
            on security policy decisions - determining who is using which device, for what, from where, and when?

            Managers will also have different controls to manage - micro-segmentation, complex authentication, and
            data security - and if currently using ISO 27001/ 27002 they will need to re-evaluate their selection of
            controls and opt for those weighted towards delivering on ZTA attributes. While life would be nice and
            simple if all applications were web-based and SSO-capable, Infosec Managers will also have the job of
            dealing with legacy applications.



            Zero Trust is on Track to Become a Global Standard

            Zero Trust security has been informally described as a ‘Standard’ for years. However, its status as
            a ‘Standard’ is currently in the process of being formalized.

            While many vendors create their own definitions of Zero Trust, there are a number of standards from
            recognized organizations that will help business leaders align their organizations to ZTA - such as NIST®
            800-207 and IETF®.

            At The Open Group, we are in the process of creating our own standard ZTA framework. We’ve created
            9 Commandments that provide a non-negotiable list of criteria for Zero Trust in any organization. This clear
            set of directives will allow our communities to build the most robust Zero Trust frameworks and solutions.

            Given the state of maturity across the Infosec industry, organizations moving to ZTA - to leverage its
            many potential benefits - will also need to make their way through a lot of vendor hype before settling on
            a  solution.  And  with  ZTA  bringing  changes  to  traditional  Information  Security  Management,  Infosec
            Managers will need to implement and manage a vast array of new controls.

            However, with more and more companies migrating to cloud-first systems - and cyber attackers becoming
            increasingly adept at penetrating networks - it is clear it is time for a new security model. And for many
            global businesses, ZTA has been a highly effective solution.


















            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       86
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   81   82   83   84   85   86   87   88   89   90   91