Here’s a peek into the panel of experts we’ve lined up for you!
Follow #STinsights to join a Twitter discussion with the industry leaders on “Beyond zero trust: safeguarding your identity journey”. Tune in today at 4 PM CET. Click https://t.co/8ivRD6HQGn to add the event to your calendar. #Tweetchat pic.twitter.com/kWMEon3gGA— CIO Straight Talk (@CIOStraightTalk) February 16, 2022
This is going to be a very engaging session! So without further delay, let’s begin with our first question!
Follow #STinsights to join a Twitter discussion with industry leaders on “Beyond zero trust: safeguarding your identity journey”. Tune in at 4 PM CET today at https://t.co/Xbo5NaTJzd to join the discussion. #Tweetchat pic.twitter.com/NxlhmBTaxX— CIO Straight Talk (@CIOStraightTalk) February 16, 2022
Q1: Identity model is far more secured than network model approach for #security. It is more like a bouncer always asking your ID when you're regular to the club @CIOStraightTalk @Paula_Piccard @_TechMode @YvesMulkers @techpearce2 @Nicochan33 #STinsights #cybersecurity #tech— Dr. Robin Kiera (@stratorob) February 16, 2022
The heart of Zero Trust principles is establishing trust between an identity and a resource. UK NCSC breaks these into human identities, service identities, and device identities. However you define it? Identity management is central to Zero Trust.@CIOStraightTalk #STinsights https://t.co/Q71wLu0sDA— J Wolfgang Goerlich (@jwgoerlich) February 16, 2022
A1: As I explain in 'Melting the #CyberThreat Iceberg by Moving beyond #ZeroTrust' https://t.co/d3h9gt25HQ ZeroTrust is just a foundation. You need things like #IAM with granular role-based access lock-down to capabilities/systems @Commvault @CIOStraightTalk #STinsights #OneHCL https://t.co/PHraxRtJo0 pic.twitter.com/ySZTRigMZo— Bill Mew #DigitalEthics #TrustinTech #Tech4Good (@BillMew) February 16, 2022
Now that we’ve established the significance behind IAM in digital transformation journeys, let’s ask the experts for some insights on best practices!
A1: The #ZeroTrust approach states that we do not trust any request based on from where it came; as such, the identity of a requestor becomes a perpetually critical factor to evaluate in determining whether to treat a request as authorized… #STinsights @CIOStraightTalk #OneHCL https://t.co/A5bTsoXLa6— Joseph Steinberg (@JosephSteinberg) February 16, 2022
A2: Patch your #IAM and audit the IAM system #cybersecurity during software livecycle. Often serious security problems are caused by low maintenance of IAM or wrong configuration of IAM systems. #STinsights @CIOStraightTal— 🟣 Mirko Ross 🇪🇺 (@mirko_ross) February 16, 2022
A2: Start with the age-old concept of “least privilege” and log/audit any privilege escalations to ensure proper, continuous access to services & data. Too often focus is solely on AuthN and AuthZ really should be the focus of Zero Trust IAM programs @CIOStraightTalk #STinsights— mike d. kail (@mdkail) February 16, 2022
Q2: Organizations should have the basics like.— Dr. Robin Kiera (@stratorob) February 16, 2022
> strong verification and authentication programs.
> compliancy and typical process as the 2nd gate.
> privilege access.@CIOStraightTalk #STinsights @andy_fitze @Transform_Sec @codedailybot @RAlexJimenez #tech #cybersecurity https://t.co/UBDwi76dmL
We ask our experts the million-dollar question - how do we close the skill gap?
A2: While #IAM is essential, there is a proliferation of point products that are poorly integrated. With #CISOs needing to manage multiple solutions and dashboards, #complexity is becoming as much of a challenge as the #cyberthreats themselves@CIOStraightTalk #STinsights #OneHCL https://t.co/x1y1UGsuYm— Bill Mew #DigitalEthics #TrustinTech #Tech4Good (@BillMew) February 16, 2022
A3: A managed IAM service is a convenient way to get the advantages of a state-of-the-art IAM solution without all the hassle of finding and maintaining the necessary skills on the market. #STinsights https://t.co/rXkH5nYrMU— Magnus Wennergren (@kmagwen) February 16, 2022
A3: We've had identity systems for decades. SSO as a concept isn't exactly new either. And yet orgs have struggled to effectively tackle IAM challenges in-house. Now with a mobile workforce, that's more infrastructure to maintain. IdP as a service FTW@CIOStraightTalk #STinsights https://t.co/wjZpEqIXVa— Jake Williams (@MalwareJake) February 16, 2022
Keep scrolling for more insights on safeguarding your identity journey!
A3: Instead of reinventing the proverbial wheel, it’s strategic (and wise) to leverage a best-of-breed managed service provider/vendor whose sole focus is Zero Trust IAM. There are several tremendous solutions out there, such as @Auth0 @CIOStraightTalk #STinsights— mike d. kail (@mdkail) February 16, 2022
Some of the benefits are also driven by pillars that make up #zerotrust:— Wayne Anderson (@DigitalSecArch) February 16, 2022
- Improve productivity through decentralization
- Enable wider app access through flat #identity estate
- Speed access to resources/provisioning
- Stronger #Privacy governance
Let’s now move on to our final question of the day!
A3: The long-term benefits of #ZeroTrust include…— J Wolfgang Goerlich (@jwgoerlich) February 16, 2022
For the business: resilience, user experience, agility.
For the security function: keeping up with the business, reducing risks, increased operational efficiency.@CIOStraightTalk #STinsights #OneHCL https://t.co/Tse7isEsPh
A5: For me, it's all about measuring exceptions. How many identities aren't onboarded into the IdP? What percentage of identities does that represent overall? How many will be mitigated vs we accepted the risk? Compensating controls for exceptions?@CIOStraightTalk #STinsights https://t.co/8c3WXLXFlC— Jake Williams (@MalwareJake) February 16, 2022
A5: Stating the obvious, a reduction in security events/issues, but overall, one can’t measure what one doesn’t collect data/metrics on, so ensuring that logging/analytics is core to a Zero Trust and IAM program is paramount to success @CIOStraightTalk #STinsights— mike d. kail (@mdkail) February 16, 2022
And that’s a wrap! We hope it was an engaging and insightful session for everyone and promise to be back with some more interesting and valuable topics soon. Stay tuned!
I like that you bring up end user satisfaction - often #zerotrust well implemented with transparent/easy #MFA that obviates complexity in password based approaches can actually IMPROVE experience, not complicate it. @CIOStraightTalk #STinsights— Wayne Anderson (@DigitalSecArch) February 16, 2022
A big thank you to our Power Panel for their #STinsights and those who joined us for this exclusive #Tweetchat.@BillMew @stratorob @jwgoerlich @MalwareJake @JosephSteinberg @mdkail @mirko_ross @DigitalSecArch @kmagwen pic.twitter.com/yXNfa6002h— CIO Straight Talk (@CIOStraightTalk) February 16, 2022