Zero Trust: A Q&A with e360's Brad Bussie

Security Zero Trust: A Q&A with e360's Brad Bussie

Learn more about the concept of Zero Trust and gain insights from Brad Bussie, an expert from Entisys360, in this informative Q&A session. Discover how Zero Trust can enhance your security measures. Read now on the e360 Blog.

With ever-emerging threats, continuous introduction of new regulations, and a sea of cybersecurity products, managing a cyber program can be challenging. Entisys 360’s Advyz Cyber RiskServices Division Focuses on cybersecurity consulting with an emphasis on enabling stakeholders to solve complex business challenges. We are product vendor agnostic, which allows us to serve our clients as true trusted advisors. Our approach provides us the necessary tools to work closely with our clients to ensure that their organizations have the right people, processes, and technologies in place to navigate the ever-expanding world of cyberthreats.

One of the areas of cybersecurity that is making headlines today is zero trust.’ We sat down with BradBussie, Vice President, Advyz Cyber Risk Services, to learn more about this concept and what it means for customers.

1. Ever since an analyst at Forrester Research coined the term ‘zero trust’ a decade ago, there has been growing interest in and adoption of the zero trust model for security. What should customers know when it comes to implementing and achieving zero trust?

It’s true that the concept of zero trust remains something that the market is very interested in. When we are talking to a client or potential client about zero trust, while many understand it within the context of the Forrester model, man they don’t clearly understand the benefits, or what the term means within the context of their business. The old way of looking at zero trust, is to trust nothing. The Challenge is that this approach to zero trust doesn’t scale. In Fact, it prevents organizations from performing tasks outside of what a particular technology intended to do. Organizations need to take a step back and first determine what it is they are trying to protect in the first place. Here at Advyz, we are working with our customers to help them understand that zero trust isn’t a product or solution, instead, it is a loose framework of processes that can be tailored based on the specific needs of the organization.

2. What is the size of the market right now for zero trust?

According toMarketsandMarkets Research, the global zero trust security market size is estimated to grow from USD$15.617 million in 2019 to USD$38.631 million by 2024, at a Compound Annual Growth Rate (CAGR) of 19.9% from 2019 to 2024.

3. We hear the term SASE a lot these days. What does that have to do with zero trust?

SASE, or secure access service edge, is a hot term right now in the cybersecurity space. It is driving many of the conversations we have with our clients and definitely falls into the overarching message around zero trust. In fact, it can be a gateway to creating a zero trust framework for many organizations, as it is where they are finding a budget. The reality is that the C-suite is more likely to spend money on solutions that will protect data, applications, and infrastructure security as opposed to frameworks. Entisys360 Helps our clients by enabling them to define what it is they are ultimately trying to protect. Success won’t come from“boiling the ocean”, because it’s impossible, and impractical, to protect everything to the same degree. We encourage our clients to leverage the zero trust model to look at what’s most important and to apply zero trust principles throughout the environment.

4. Can you share an example of where micro-segmentation has worked?

One example of successful micro-segmentation is with an access control engine. This is an area where many organizations struggle because they don’t understand the flow of data in and out of the organization. The point of access control is to provide the user with only the access they need to the data, applications, and infrastructure that do their jobs. Once an organization implements an access control engine, they often find that they already have what they need(i.e. firewalls, proxy servers, etc.)to grant users access to only the right resources. As such, in many cases, they don’t need to purchase additional products or solutions to increase visibility and properly segment traffic.

5. What are some of the most important steps to consider as part of the zero trust model?

First and foremost, it is important to remember that you can’t manage what you don’t measure. Step one when implementing the zero trust frameworks to identify and map the relationship between the organization’s data, applications, and networks. Next, you have to identify what benefits the users and other key stakeholders within the organization gain by participating in the zero trust program. Education Is the key to helping the organization understand how to reduce risk and promote security in all they do.

6. What are the outcomes I should expect when implementing the zero trust model?

When an organization adopts the zero trust model it will experience the following benefits:

  • A more secure network
  • Improved focus across the organization on protecting data, application, and infrastructure
  • Enhanced protection against existing and evolving threats–i.e., zero-day
  • Reduced impact from breaches
  • Improved compliance and visibility
  • Potential cost savings in people, process, and technology required to protect the organization due to the simplified environment.

Last, but not least, the organization will finally gain a full understanding of the technology it is using and how it should be applied in order to promote a secure infrastructure environment.

Written By: Brad Bussie