“Zero Trust Model Eliminates The Practice Of Trusting Anything Within An Organisation’s Security Perimeter”

The digitization wave has helped the organizations to speed-up their growth in the competitive market scenario. But cybersecurity remains a key challenge for all of them in today’s time.  CIOs and CTOs are keep on scaling their solutions to find right approach to secure their IT infrastructure from any kind of cyber threats. But in the hybrid work culture, this has become more challenging than ever. Zero Trust model is one of the finest ways to secure the sensitive data amidst sharply increasing cyber incidents. Rajeev Ranjan, Editor, Digital Terminal recently interacted with Ram Vaidyanathan, Cybersecurity Evangelist, ManageEngine to gain the in-depth knowledge about the cybersecurity scenario, how organizations can combat against the potential threats, growth plans and much more. Read below the excerpts-

Rajeev: How do you see the increase in the number of cybercrimes in a hybrid work environment? What is the key reason for the rise in such incidences?

Ram: I am not surprised by the increase in cybercrime that we see around the world. This is because:

• There is no network perimeter or organisational boundary anymore. Sensitive data can reside anywhere, and attackers can compromise it from anywhere.
• Employees may work from home, coffee shops, airports, and even planes. Not all of these places have secure networks. An attacker can easily intercept traffic.
• Employees may use personal devices, including laptops, tablets, and phones, for work. The security of these devices may not be up to the organisation's standards, and attackers can take advantage of their vulnerabilities.
• The hybrid work environment has made it difficult to monitor workspaces.
• Some employees are more easily distracted when working remotely than when they're in the office, which makes them more prone to cyberattacks. 

Organisations have traditionally used VPNs to authenticate users. But VPNs do not provide the necessary continuous authentication and authorisation.

Rajeev: Organizations are rapidly migrating to cloud in order to manage the operations more efficiently so what are the key challenges that organizations face in this journey?

Ram: As per recent findings, the hybrid work model has forced organisations to adopt new technologies like cloud computing at an increased pace, fuelling 20% growth in the use of cloud services in 2021 compared to only 6% growth in 2020. However, security has not kept up with all of this digital transformation.

Migrating systems to an efficient hybrid cloud will never be a simple process. The following are some of the key challenges companies face during the rapid transition to the cloud:

• Data privacy and security is a major concern due to issues in the cloud, like identity theft, data breaches, and malware infections, which decrease the trust users have in the organisation.

• Cloud cost management is extremely challenging as cloud services can incur huge costs.

• Since there is a lack of full control over provisioning, infrastructure delivery, and operations in this cloud-based world, it is increasingly difficult for IT to manage governance, compliance, risks, and data quality.

• Organisations often use the services of multiple cloud providers, so management becomes an extremely challenging task for the infrastructure team.

• When a company moves its data to the cloud, it is mandatory for it to adhere to the relevant compliance regulations. Depending on the industry and region in which the organisation operates, there are various compliance mandates, and every organisation must ensure that it meets the required standards.

Rajeev: How can organizations secure their IT infrastructure with Zero Trust?

Ram: Zero Trust is a security standard based on the principle of “never trust, always verify.” It ensures that no user or device is trusted, regardless of whether they are inside or outside the organisation’s network. Simply put, the Zero Trust model eliminates the practice of trusting anything within an organisation’s security perimeter and instead advocates for stringent identity verification policies to grant access to users both inside and outside the perimeter.

Zero Trust helps secure organisations' sensitive data through:

• Controls being as close to the data as possible: Security and access controls need to be placed as close to the data as possible to reduce the attack surface. This is why the use of a VPN will not suffice.
• Microsegmentation: The network must be divided into logical microsegments to maintain granular access and security controls.
• The principle of least privilege: Users should only get the minimal level of access necessary to perform their jobs (just enough access). Access privileges should be based on risk levels and roles. Just-in-time access should also be implemented.
• The use of dynamic policies: The authentication methods should be based on user context and the sensitivity of the resource being accessed. Context includes the device location, device state, and network health.
• Comprehensive, continuous log collection: It is vital to check for threats constantly and reassess trust. The collected logs should be used to improve the organisation's security posture.

Rajeev: What is your current channel strength? Please name your key partners. How are you planning to enhance your partner network?

Ram: We have a strong network of over 200 partners globally. Our partners help us better connect with our customers and ensure stability. So every partner relationship matters to us, and we do our best to nurture it. We provide technical and techno-commercial training for our partners periodically, during which we bring them up to date on the latest features of our products to help them serve customers better. We also co-brand with them to enhance their visibility in the market. We already have an excellent partner network across the globe, so we are constantly approached for partnering.

Rajeev: What are your expansion plans for the FY 2022-23? What is your targeted revenue/market share for the period?

Ram: Exposing our products and services to a broader audience is our primary goal. We prioritise investing in product design and integration so that our customers can accelerate their own digital transformation. Currently, our main markets are the United States and the United Kingdom, but we have plans to explore new markets and reach out to new groups of people across the globe.