Ssn 2 Ep 15 Zero Trust, Pt 3
Ssn 2 Ep 15 Zero Trust Pt 3
Beyond the basic, foundational things you should already have in place, what’s the next thing you need to do to implement a Zero Trust approach to network security?
1:04: It starts with the regulatory requirements a company must meet, then layer in policies and procedures.
3:07: Every time a user wants to access resources, they are going to need to prove their credentials.
3:16: NIST has developed a standard for Zero Trust, 800-207, which lays out what an enterprise needs to do to meet the zero trust model.
4:58: Access to individual enterprise resources is granted on a per session basis and determined by policies.
5:42: This can be geographically related and can also be determined by the user’s normal behaviors.
7:25: Is AI involved in determining a user’s normal behavioral patterns?
8:07: What specific changes need to be made to the architecture of your network?
10:01: HR Management system, segmented on its own server.
11:38: Is zero trust accessible to most companies?
14:12: What is the first step in getting started with zero trust?
14:48: A managed services provider is a good first step in starting the documentation process, defining policies, pushing it through to the user community.
15:38: Getting the employees’ buy-in is important.
16:57: Begin to expand segmentation out to the workstations.
18:10: What level of importance would you rate this for companies to make this happen?
18:38: If you depend on technology and you have data that you don’t want sold on the dark web, you must take a look at zero trust.
18:48: A good service provider will help you with a logical roll-out plan
20:04: Make sure you think this through first, implement your policies, and then start rolling it out in a logical manner.
Zero Trust Architecture: https://www.nist.gov/publications/zero-trust-architecture
Your hosts: Rex Nance and Penny O'Halloran of East Atlantic Security, LLC @ https://EastAtlanticSecurity.com/
Voiceover Artist: Paul Kadach at www.voices.com