Written By,
Security Software Technical Sales Leader,
IBM Technology Sales,
India-South Asia
You would agree that over the last 12-18 months, the way you run your business and manage your teams has changed.
Perhaps, forever!
The Situation
During the pandemic – almost overnight – enterprises were forced to implement solutions that could allow employees to shift to work remotely. Now, your data, your applications, and your users are everywhere, and that has rendered traditional perimeter-based approach to security ineffective.
Also, enterprises like yours are more reliant on cloud than ever before. Cloud is a source of modernization, agility, and cost savings, but also of uncertainty. The reality of hybrid multicloud is that it adds further challenges around visibility, control, and implementation of consistent policies.
Moreover, crown jewels (sensitive data) and critical IT assets have become highly decentralized and increasingly difficult to enforce upon proper access controls. Organization concerns remain high that massive data breaches will occur because of insider threat or advanced attacks like malware and ransomware. It is further fuelled by the fact that business systems, users and data are connected like never before.
Lastly, the digital channel has become the primary source of engagement for most businesses, including both B2C and B2B interactions. Rising concerns over data privacy regulations, identity theft, and fraud are making it more difficult to deliver personalized and engaging user experiences.
At the recently concluded SME Venture Cyber Security Summit, 21 – that was presented by IBM Security – we invited Bob Kalka, Vice President, Technical Sales, IBM Security to share his experiences and learnings on how clients across the world are growing fearless with zero trust. Listen in to what he had to say.
The Impact
As a result, India is seeing attacks grow not only in scale, but also complexity. This is evident from a continuous increase in average number of days to identify and contain a breach in India, which stood at 320 days in 2020 – a stark 10% increase since 2017 (source Ponemon Cost of Breach Study).
In fact, Indian organizations with more than 50% remote work adoption took 26% more days to identify and contain a breach than those with less than 50% remote work adoption.
Some reports also point to an increase in suspected fraudulent digital transaction attempts originating from India.
Last, but not the least, there has been an increase in the proportion of real-time payment scams that were identity thefts.
The Solution
The need of the hour is to create a stronger security posture and limit potential risk. Businesses must protect privacy across a growing number of digital touchpoints. Protecting what is a scattered ecosystem requires correlation of real-time security context across all security domains.
That is where zero trust approach comes in.
Zero trust approach provides organizations with adaptive and continuous protection for users, data, and assets, plus the ability to manage threats proactively.
The practice of never trust and always verify aims to wrap security around every user, device and connection for every single transaction, and in the process helps CISOs safeguard their crown jewel – sensitive customer data – against cyber threats.
A zero-trust approach never assumes that any user, application, device, or process is trustworthy. Instead, it continuously evaluates whether someone or something should have access to sensitive data based on contextual information. This continuous verification relies on context so that every user, every device, every connection must prove a legitimate need.
Also, zero-trust approach aims to wrap security around every user, every device, every connection — every time, and hence it takes time to build and is continuously adaptive.
It can help organizations protect customer privacy with access controls that are based on least privilege, giving access to only those with a legitimate need and for the agreed upon purpose.
Zero trust approach provides advanced protection from cyberthreats and can help resolve your top security challenges:
- Protect remote workforce: Use zero trust to enable your anywhere workforce with everywhere security.
- Reimagine hybrid cloud security: Move to hybrid cloud with confidence using a zero trust security approach.
- Address rising insider threats: Continuously verify users and reduce data exposure with zero trust.
- Preserve customer privacy: Use zero trust to make data access limited and conditional.
Using a zero trust approach – regardless of how or where you start – helps the security teams advance the business forward in a secure way. It is not surprising then that CISOs are looking to zero trust to manage their digital transformation.
It’s time to grow fearless with zero trust.