Our Favorite Zero Trust Stories From July 2023
For the better part of the past year, Zero Trust has been top of mind for security practitioners, board members, CISOs and business leaders alike. In fact, 90 percent of business leaders agree that advancing their Zero Trust strategies is one of their top three security priorities for the year.
To help you better contextualize Zero Trust in action and offer a comprehensive take on how thought leaders and industry experts are thinking about Zero Trust, here are a few of our favorite Zero Trust-related news stories, insights, and articles from the past month. Happy reading!
You CAN "fix stupid" (LinkedIn, Dr. Chase Cunningham)
“Don't rely on people to not be people,” former Forrester analyst and DrZeroTrust Chase Cunningham argues in his latest LinkedIn article. “In many instances, our jobs require us to be online, click links, and surf the web. You can't train us not to use the tools we need to do the work and expect us also to be safe as we do transit the speed of light highway of the internet.”
This is where a variety of Zero Trust tools and solutions can serve as a safety buffer for employees. “Give your users digital seatbelts and virtual airbags, and use technical controls,” according to Dr. Cunningham. In addition to regular security training, solutions like RBI, SWG, ZTNA, IAM, MFA, allow listing and more are what organizations need to be using to keep their people protected.
Follow DrZeroTrust for even more Zero Trust insights on LinkedIn.
‘Zero trust’ was supposed to revolutionize cybersecurity. Here’s why that hasn’t happened yet (SiliconANGLE, David Strom)
“Perhaps many people have been thinking about zero trust in the wrong light,” explains freelance cybersecurity writer David Strom. “Trusting a user or an app occupies a continuum, like adaptive authentication: You start out with taking small steps towards total trust, offering a little bit at a time. Moving from an all-or-nothing approach, this ‘“tiny trust’” model is better-suited to today’s world.”
Strom offers a comprehensive analysis of the history of Zero Trust as well as why some organizations still fail to make progress on their ZT investments. It’s worth a read for anyone “rethinking” their ZT approach (and for what it’s worth, Strom recommends that organizations looking to gain the greatest Zero Trust ROI consider tools like microsegmentation to “improve risk mitigation for the most critical assets first”).
Plus, here are 10 reasons why you should consider Illumio for your Zero Trust Segmentation efforts.
White House outlines cyber budget priorities, including making ransomware ‘no longer profitable’ (The Record, Jonathan Greig)
Zero Trust continues to be at the forefront of the U.S. national cyber resilience conversation. “Office of Management and Budget (OMB) Director Shalanda Young and Acting National Cyber Director Kemba Walden sent a letter to the heads of every executive department and agency outlining the Biden administration’s cybersecurity investment priorities for the 2025 fiscal year budget,” reports The Record’s Jonathan Greig.
Greig goes on to explain that Walden urged agencies “to make ‘“durable, long-term'” investments in cybersecurity solutions that are secure by design and mesh with the Federal Zero Trust Strategy – which at its core assumes that devices on a network should never be trusted.” This is the latest in the White House’s push for Zero Trust as a national cyber best practice – with more updates on the National Cybersecurity Strategy, unfurled in March, expected in the next few weeks! (Don’t be surprised if Zero Trust plays a major role in the implementation framework....)
10 ways SecOps can strengthen cybersecurity with ChatGPT (VentureBeat, Louis Columbus)
As the generative AI conversation continues, VentureBeat reporter Louis Columbus explores how ChatGPT can be useful for SecOps practitioners. He argues that ChatGPT can help organizations improve incident response at scale, help close the SecOps skills gap, streamline SOC operations and help SecOps teams gain more in-depth threat insights more efficiently.
To this last point, he explains that “systems that unify endpoints and identities are helping to define the future of zero trust, and ChatGPT shows potential for troubleshooting identity-endpoints gaps — and many other at-risk threat surfaces.” In other words, there’s a lot of potential for generative AI to improve the way security teams with limited resources are thinking about Zero Trust and building cyber resilience within their organization.
For another perspective on AI, check out Illumio Co-Founder and Advisor PJ Kirner’s take on the true AI “tech boundary” in this blog.
That’s all for this month. We’ll be back with more Zero Trust stories soon!