What is Not Zero Trust?
Pons Mudivai Arun, who is the director of Citrix, addresses the SCIT batch with his deep insights about what is not zero trust in cyber security. He is the director of Products Application Security. He has 20 years of experience as a cyber specialist. He is a speaker and CISO Advisor. He Initiated the lecture by thanking the guest lecture team and Shaji Sir, then started sharing his experience about questions we must address in this domain.
Firstly, why are we talking about cyber security? Secondly, why are customers worried? And third, why do you invest in cyber security controls? He began with student interaction about what we think about the topic and why. We shouldn’t unnecessarily expose our software, and firewalls to reduce exposure of digital assets.
What is zero trust?
NEVER TRUST; ALWAYS VERIFY! Or we can say always verify and then trust. Do not assume things and trust. Don’t inherent trust. We need a mechanism to verify our data and surroundings, such as checking trust patterns. Implement the principle of least privileges, by removing implicit trust and constantly confirming each stage of a digital connection. The zero trust strategy for cybersecurity safeguards a business.
Objectives of zero trust are- the need for frictionless security, ensuring business assets are protected, and simplifying IT administrator and security people’s jobs.
Why do we need zero trust?
Because there are wrong assumptions about traditional access control, a few early assumptions are that the user inside is always trustable, the attack surface is finite, storing all resources in a single data centre, and the user or an employee always accesses from trusted devices.
Core concepts behind zero trust, how to implement zero trust, and a few prime misconceptions were also discussed. Such a detailed discussion followed by a doubt session was conducted, and the students had a great learning experience.