Join executives from July 26-28 for Transform’s AI & Edge Week. Hear top leaders discuss topics around AL/ML technology, conversational AI, IVA, NLP, Edge and more. Book your free pass now!
As part of digital transformation race, cloud adoption has continued to accelerate across the enterprise. But despite its growth, the trends show that many IT and security leaders still lack confidence in their organization’s ability to ensure secure cloud access due to the ever-evolving cybersecurity risks.
The concerns about ransomware threats are so great that: 74% of IT decision-makers believe that ransomware should be considered a matter of national security. While GuidePoint Research and Intelligence Team’s (GRIT) was released recently quarterly ransomware threat report – which showed that the number of ransomware victims fell by 34% in the second quarter compared to the first quarter – may seem like a reprieve, it mitigates the threat of the rising ransomware-as-a-service (RaaS) sector in any way.
in Sophos’ State of Ransomware 2022 Report60% of organizations were victims of ransomware attacks last year. The reality is clear: Ransomware is still the biggest challenge of cybersecurity.
As the enterprise is increasingly affected by ransomware attacks of increasing complexity, the Cybersecurity and Infrastructure Security Agency (CISA) has announced plans to be a new version of Zero Trust Maturity Model.
Ahead of the planned summer release date, Eric Goldstein, CISA’s executive assistant director for cybersecurity, detailed the Zero Trust Maturity Model 2.0 document. Goldstein told VentureBeat that zero trust is so crucial because opponents evolve daily, warning that any assumption that the perimeter defense could withstand attacks will fail.
Zero trust: the preferred model for security
CISA wants to make the Zero Trust Maturity Model 2.0 an evolving document – one that is constantly updated in a rapidly changing cybersecurity landscape. The model aims to prevent unauthorized access to data and services and to make the enforcement of access control as detailed as possible.
Zero trust provides a shift from a location-centric model to a more data-centric approach to granular security controls across users, systems, data, and assets that change over time. This shift provides the visibility needed to support the development, implementation, enforcement and evolution of security policies.
Perhaps the most important thing about zero trust is that it may be necessary to change an organization’s entire cybersecurity philosophy and culture. Created by Executive Order 14028, titled: Improving the country’s cybersecurityit marks a renewed commitment to prioritize federal cybersecurity modernization and strategy.
Among other policy mandates, the Executive Order embraces zero trust as the preferred model for security and tasks for CISA to modernize its current cybersecurity programs, services and capabilities to be fully functional with cloud computing environments with zero-trust architecture.
“We need to move to a new model we call the ‘zero trust’, which aims to ensure that we authenticate every user before they can access applications and data,” Goldstein said.
The Zero Trust Maturity Model represents a gradient of implementation across five different pillars: identity, device, network, application workload, and data. Each pillar also includes general details related to visibility and analytics, automation and orchestration, and governance. While the Zero Trust Maturity Model is one of many critical paths to support the transition to zero trust, Goldstein noted that there is still a long way to go.
“For many organizations, getting from where we are today to that end state where you have solid privilege management and identity management authentication throughout the environment, especially if you’re an organization with a lot of legacy on-premises infrastructure,” said he said. he.
While that may be a long process, the goal of the Zero Trust Maturity Model, Goldstein said, is to help organizations make thoughtful, linear progress toward achieving a zero-trust philosophy.
An evolving philosophy
Goldstein noted that the new version of the Zero Trust Maturity Model would be more efficient, adding that not only will it be better, but it will also be a living, evolving document that incorporates feedback and never ends.
“That was the goal of the Zero Trust Maturity Model that we released at CISA last year,” Goldstein said. “But we know this is new work, and figuring out how we define the maturity categories and the parts they’re in will evolve. We have over 300 comments on version 1 of our Zero Trust Maturity Modelso we’re working on version two this summer.”
Goldstein added, “we may never say we’re done with the maturity model,” noting that this is because it will be an evolving security philosophy.
“As organizations put it into practice, we continue to get feedback and learn and develop the guidance we provide towards what is most effective for entities around the world,” he said.
The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.