As pressure to meet compliance requirements continues to mount, more enterprises are turning to a zero trust approach. To effectively implement the zero trust framework, enterprises should achieve a thorough understanding of its nuances. “[Zero trust] is a paradigm shift to make sure that the people that are actually connecting to the system and looking at data are the proper people to do it,” explains Milt Rosberg, vice president of Vanguard Integrity Professionals, on the “Exploring the Push to Zero Trust” episode of the ISACA® Podcast.
Whether on-premises or in the cloud, zero trust should be applied universally. “People ask the question, ‘should you be more suspect of the transactions and resources that occur in the cloud, vs. trusting what happens in your network?’” says Brian Marshall, president of Vanguard Integrity Professionals. “The answer to that question should always be no. You should trust nobody, all the time.”
Even third-party vendors fall under the category of trusting no one and verifying everyone. Marshall emphasizes that it is important for vendors to explain to customers how every step has been taken to ensure the integrity of their platforms, resources and software. “We have to prove to our customers, through an audit conducted by ourselves or by our customers, that we are secure,” Marshall said. “One of the ways we do that is by implementing zero trust architecture.”
During their podcast conversation, Marshall and Rosberg also discuss how to get executive buy-in to zero trust, how to monitor privileged access, the role of internal organizational threats and more. To listen to “Exploring the Push to Zero Trust” on the ISACA Podcast, visit the ISACA website or stream it on Apple Podcasts, Google Play, Podbean, Spotify or Stitcher.