{"id":41639,"date":"2020-12-09T14:46:37","date_gmt":"2020-12-09T14:46:37","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=fe8da8e4e1ccc88f79d4ce9720bdad8d"},"modified":"2020-12-09T14:46:37","modified_gmt":"2020-12-09T14:46:37","slug":"aws-ciso-urges-companies-to-adopt-a-zero-trust-security-approach","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/aws-ciso-urges-companies-to-adopt-a-zero-trust-security-approach\/","title":{"rendered":"AWS CISO urges companies to adopt a zero-trust security approach"},"content":{"rendered":"


\n Keumars Afifi-Sabet<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
9 Dec, 2020<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

Organisations should embrace the philosophy and principles of zero-trust security to keep up to date with modern demands and security threats, AWS\u2019\u00a0chief information security officer (CISO)<\/a>\u00a0Steve Schmidt has urged.<\/p>\n

Adopting the core tenets of a zero-trust philosophy, including accessibility and usability, and ensuring you\u2019re focusing on the\u00a0core fundamentals of security<\/a>, will ensure businesses can eliminate needless risks in their IT estates.<\/p>\n

<\/p>\n

\nDoing so, however, isn\u2019t as straightforward as businesses may hope, according to Schmidt. This is because the term \u2018zero-trust\u2019 can mean different things in different contexts, with this ambiguity the product of a diversity of use cases to which it applies.<\/p>\n

\u201cZero-trust is, to me, a set of mechanisms that focus on providing security controls around digital access and assets while not solely depending on traditional network controls or network perimeters,\u201d he explained, speaking at AWS re:Invent 2020.\u00a0<\/p>\n

\u201cIn other words, we aren\u2019t going to trust a user based only on their location within a traditional network. Instead, we want to augment network-centric models with additional techniques, which we would describe as identity-centric controls.\u201d<\/p>\n

An example of one such use case that he provided was human-to-application security, which is particularly relevant given the surge in people\u00a0working from home<\/a>\u00a0in 2020. Traditionally, applications sat behind a\u00a0virtual private network (VPN)<\/a>\u00a0front door, but these aren\u2019t compatible with the diversity of devices that workers use to access work-related services. Applying zero-trust principles generates the objective to make the locks on applications effective enough that you can eliminate a VPN-based front door altogether.<\/p>\n

Zero-trust principles have become far more popular across the industry of late, with a number of companies quick to adopt and promote this philosophy either as part of their own strategies or in their products.\u00a0<\/p>\n

BlackBerry, for example, announced\u00a0Persona Desktop<\/a>\u00a0in October, a security platform that uses\u00a0artificial intelligence (AI)<\/a>\u00a0and\u00a0machine learning<\/a>\u00a0to detect user and entity behaviour abnormalities. Persona Desktop works at the endpoint, and eliminates the need to share data back to the cloud before the system acts, and also aims to protect against stolen credentials,\u00a0insider threats<\/a>, and physical compromise.<\/p>\n

Google, too, launched a zero-trust remote access service\u00a0known as BeyondCorp Remote Access<\/a>\u00a0earlier this year that\u2019s designed to give remote teams access to their internal applications without the need for a VPN.<\/p>\n

As part of Schmidt\u2019s outline of AWS\u2019 security strategy, he also proposed a set of questions that businesses and IT administrators should ask about their organisation\u2019s security configuration. Elements such as where the perimeter is, and how large it is, as well as how easy it might be to monitor and audit, should be considered.\u00a0<\/p>\n

Schmidt also, by way of example, suggested that while VPNs are fine to use for network isolation, it would be best to make the implementation dynamic and hidden from the user experience. This might lead to users not even noticing\u00a0that network boundaries are being created and torn down as required. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Keumars Afifi-Sabet<\/p>\n

9 Dec, 2020 <\/p>\n

Organisations should embrace the philosophy and principles of zero-trust security to keep up to date with modern demands and security threats, AWS\u2019\u00a0chief information security officer (CISO…<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41639","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41639","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41639"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41639\/revisions"}],"predecessor-version":[{"id":41640,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41639\/revisions\/41640"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41639"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41639"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}