Doha: Organisations should thoroughly assess their IT infrastructure and potential attack paths to contain attacks and minimise the impact if a breach should occur. Today’s digital age has simplicity and companies do not want complexities of the system anymore as technology is advancing rapidly at a fast pace, said a expert during an virtual event.
International Data Corporation (IDC) organised the GCC edition of the IDC Security Roadshow 2021 - ‘Reimagining Security and Digital Trust for the Digital-First Organization’. The event explored the latest developments in the region’s security market and provided expert strategic guidance for security professionals.
Imran Chowdhury, Data Protection Manager, Al Jazeera Media Network discussed on the topic ‘An introduction to Zero Trust’ and shared what the cyber threat landscape looks like. He said, “Information is a big part of the world that we live in, and we have more information available and with which comes disinformation, so we need to differentiate between what is right and wrong. Many of the Internet devices or connected things do not have a proper security mechanism to protect the information which is caused by the threat actors like cyber criminals, hackers, competitors, third party who want to benefit from the information.”
Speaking about zero trust he said, zero trust does not mean that you do not trust anyone but you limit the trust based on the data. “We are in a digital age, the key requirements and characteristics of this age is the velocity of changes, complexities of the environment, speed and continuous disruption. In the last 20 years we have so many different types of disruptive technologies that have taken place,” he said.
Zero Trust is a strategic initiative that helps to prevent successful data breaches by eliminating the concept of trust from an organization’s network architecture. Zero Trust is a security framework requiring all users, whether in or outside the organisation’s network, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. It is a framework for securing infrastructure and data for today’s modern digital transformation which uniquely addresses the modern challenges of today’s business, including securing remote workers, hybrid cloud environments, and ransomware threats.
Chowdhury highlighted that the key parts of the zero trust include data-centric security, policy-driven access controls, modern identity management, and secured zones. He noted, historically security professionals would try to protect the system where the data is stored, this is where the concept started to come in.
“The advantage of having zero trust is that it allows to move outside of our secure zone such as migration to the cloud, leveraging the SaaS providers, continued leveraging of legacy assets in the protected domain, privacy by design is a key part of privacy regulations and it can be achieved through the zero trust,” he added.
