Zero Trust continues to be top of mind for security practitioners and business leaders alike. It was a major focal point at this year’s Black Hat USA conference. And elsewhere, as more federal cybersecurity regulations and frameworks (like the White House’s National Cybersecurity Strategy Implementation Plan) are rolled out and updated, Zero Trust tenets – assume breach and least privilege – remain top of mind.
Here are a few of the Zero Trust stories and perspectives that stood out to us this month.
With AI interest and adoption on the rise, a group of public interest tech groups has pushed back against “an increasingly self-regulatory approach” for artificial intelligence. Instead, they’re calling for a “Zero Trust approach to AI governance.” The group believes that there needs to be firmer regulation and oversight of AI as the technology continues to take shape in the market.
CyberScoop’s Tonya Riley explains, “The [proposed] framework is just the latest push by civil society to get the White House to take a firmer approach to AI regulation as the administration works on an anticipated AI executive order.”
More on the highly awaited AI executive order can be found here.
AI was also a core theme at this year’s Black Hat and DEF CON events – the latter of which hosted a dedicated “AI Village” where thousands of ethical hackers participated in various red-teaming exercises aimed at discovering vulnerabilities in the latest AI models.
You can read more about Illumio’s key takeaways from Black Hat 2023 in this blog post.
According to new research, VentureBeat’s Louis Columbus explains that the most vulnerable threat vectors for data centers “include customer support, customer service, and ticket management support portals running on data center servers.”
If a breach is not quickly discovered or remediated, attackers can steal thousands (even millions) of confidential customer records and steal a company’s most valuable business information.
The key to building cyber resilience in the data center, Louis explains, is to start with Zero Trust: Or “the belief that the data center has already been breached, and further damage must be contained and stopped immediately.”
He goes on to share that “attackers are continuously fine-tuning their craft to find and exploit gaps in data center security architectures and tech stacks. These gaps often appear when long-standing on-premise security platforms are extended to the cloud without the correct configurations, leaving the systems vulnerable to breach.”
For organizations looking to fortify their security posture with a robust Zero Trust architecture, Louis shares that NIST recommends prioritizing microsegmentation, also called Zero Trust Segmentation, from vendors like Illumio, alongside other identity-based governance, authentication, and network and endpoint security management solutions.
See why 60% of enterprises working toward Zero Trust will use more than one form of microsegmentation by 2026, according to Gartner research.
I really enjoyed this LinkedIn article from the Director of National Security, Department of Homeland Security (DHS). In it, he calls for a more consistent, accessible definition of Zero Trust – one that leaders of all departments and sizes can appreciate and translate into action.
He argues that Zero Trust mandates aren’t just a rallying cry for cybersecurity practitioners but an imperative for all business and organizational leaders today.
He explains, “Success depends on a shared vision that everyone will not only understand, but endorse, and for which everyone is willing to work and sacrifice. Zero trust will compete with other transformations, in terms of time, money, and attention. It will not be cybersecurity professionals who ultimately determine the outcome of this multi-year transformation. It will be leaders across all disciplines, at all levels, in all organizations, who must pull together for this common purpose.”
In short, he proposes this as a new tagline for Zero Trust: “Zero trust is a shift in our approach to cybersecurity: From network-centric security to data centric security.”
For more federal Zero Trust insights, check out this episode of Illumio’s The Segment: A Zero Trust Leadership Podcast.
That’s all for this month. We’ll be back with more Zero Trust stories soon!