IT and security experts have been advocating for enterprises to adopt zero-trust security disciplines for the better part of a decade. But will the pandemic, and the massive shift of employees now working on the other side of traditional firewalls, finally serve as the tipping point to zero trust?
James Young, security strategist at Splunk believes so, not only because of the new demands enterprises now face supporting remote workers, but also because technology investments in recent years to capitalize on cloud services have made it easier to apply zero-trust security practices.
“Given Forrester first started talking about zero trust well over 10 years ago, it is surprising that only now is this approach really gaining mainstream attention. However, I think it’s fortuitous that we’ve got a real level of maturity from an operational and technology perspective [in place at many organizations.] That means the time is ripe for broader adoption of the zero-trust approach,” he says.
He points to several reasons why zero trust has taken longer than expected to implement, but also offers a way forward for organizations in a new CyberScoop podcast interview, underwritten by Splunk.
“Zero trust can probably seem a little daunting, given the breadth and perceived complexity of such a major shift in how security is applied to both traditional IT approaches and modern IT approaches such as cloud,” he says. “However, given the general transformation of IT, this presents a real opportunity to introduce a zero-trust approach in a way that not only improves the overall security — but also in a way that doesn’t really increase the complexity or operational overhead for the user, and IT teams as well.”
One stumbling block to moving forward with zero trust that Young and his colleagues at Splunk often encounter, he says, is “the growing misconception around what a zero-trust approach really is.” He cites specifically “the belief that zero trust is almost an all-or-nothing kind of approach — or one that focuses solely on the technology aspects or the security controls themselves.”
Given the ever-increasing attack surface most organizations now face, however, “the adoption of a zero-trust approach is really more important than ever before.”
Learning from within
Young describes Splunk’s own journey implementing zero-trust procedures, and how that led to developing a zero-trust guide that Splunk anticipates sharing with its customers soon.
“We’re developed a fairly prescriptive guide that steps through not only what [organizations] need to do from a security control perspective, but also from the perspective of monitoring and building out use cases that enable you to detect security attacks or security incidents,” he says.
Young explains Splunk developed a variety of use cases in the guide, using the MITRE ATT&CK Framework — a widely-reference collection of adversary tactics and techniques — that are relevant for zero trust. “We’ve ended up with a very useful guide that any organization can pick up and step through that’s going to be aligned to their particular requirements from a zero-trust perspective.”
Where to start
Young emphasizes the importance of focusing an organization’s zero-trust efforts on IT operations that represent the greatest risks to their enterprise, rather than taking a broader security transformation approach.
“Our belief is that you should take much more of an incremental approach, focusing on the most critical systems with the most critical assets. You need to secure them first, then step through and repeat — and adapt as required, as the business and the [threat] landscape changes,” say Young.
In addition to understanding how those systems are being accessed, and by whom, and then developing appropriate security policies and controls, Young says it’s equally important to implement the necessary types of monitoring and visibility tools around those systems to fully protect them.
“We only have to look back at the last 12 months to see how rapidly things can change,” he warns.
Download a copy of Splunk’s “Guide to Embracing a Zero Trust Security Model in Government,” and watch for the solution brief coming soon authored by James Young, Zero Trust Data Analytics Strategy for IT and Security Operations, providing practical approaches you can take to implement zero trust security practices.
Listen to the podcast for the full conversation on using zero trust and SOC modernization to respond to the changing threat landscape. You can hear more coverage of “IT Security Modernization” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Splunk.
James Young, security strategist at Splunk, brings more than two decades of security engineering experience, working for a variety of firms in Australia including Nokia, Fortinet , VMware, and most recently at Splunk.