Security presents us with one of today’s biggest business challenges. In a world where data and apps are spread across multiple clouds and people work across multiple locations, organizations are struggling to protect their intellectual property, crucial data and their reputation. At a recent LinkedIn Live event, Matt Baker, senior vice president of corporate strategy at Dell Technologies, sat down with two security experts to contextualize challenges in the ever-expanding threat landscape. Bobbie Stempfley, vice president and business unit security officer at Dell and Stephanie Balaouras, vice president and group director at Forrester, broke down how organizations should approach their security journey whether they’re all in on Zero Trust or just exploring their options. Here are their top takeaways.
The principles of Zero Trust
Baker pointed out that the term Zero Trust is getting thrown around quite a bit in the industry, sometimes irresponsibly. Stephanie Balaouras agreed and added that no single product can deliver full, end-to-end Zero Trust. She offered that Zero Trust is a concept as well as an architecture, with three core principles: all entities are untrusted by default, least privilege access must be enforced and continuous monitoring of the environment for telltale signs of a breach is critical.
Baker added that organizations need to consider their own environments and build a strategy to pursue the ideal state of full implementation of Zero Trust. But this philosophy is going to take partnerships and cooperation in the industry. According to Dell’s Innovation Index, 77% of organizational leaders are yet to explore or build a Zero Trust architecture. Baker added, “That’s where we see our role at Dell Technologies, is assembling an ecosystem of providers and completing the technology integration to help you on your journey towards Zero Trust.”
But what are some tangible things that customers can do today to improve their security posture?
“I actually love the word data protection- if it’s marrying core concepts of data security with the core concepts of protecting our data from more of an infrastructure background- because you do need both of them.
– Stephanie Balaouras, vice president and group director at Forrester
- Start with protection
The first thing organizations can do is secure their data. Balaouras argued: “I think from an effective point of view it would be a mistake, to not treat data protection as a part of core security.” As a reflection of this, Forrester is seeing a trend where more chief security officers (CSOs) are becoming responsible for business continuity, disaster recovery and backup. Balaouras states that this is because the CSO isn’t just focused on security, they’re managing risk to the business.
Balaouras also discussed the importance of data protection in a broader security strategy: “I actually love the word data protection- if it’s marrying core concepts of data security, with the core concepts of protecting our data from more of an infrastructure background- because you do need both of them.” Baker agrees, mentioning how organizations need better data governance, less access and better authentication techniques, which are a fundamental part of Zero Trust, and at the same time, they need to be able to recover in case of a breach.
2. Build resilience
Another way to improve an organization’s security posture is strengthening their resiliency to lessen the impact of cyberattacks. “Forrester defines Resiliency as the ability of your organization to deliver on its brand promise, no matter what the source of disruption is”, according to Balaouras. Resiliency isn’t just another word for Business Continuity and Disaster Recovery, it’s a holistic, proactive approach to downtime that focuses on delivering on an organization’s brand promise rather than just getting your IT systems up and running again.
Stempfley agrees, emphasizing the importance of pivoting from a technical perspective of determining what happened, to being outcome oriented in response to an attack. She continues, “I think that’s really an important part of our resilience constructs today and going forward. Certainly, there’s a technological component to it, but it’s as much about understanding your processes, your workloads and your people as it is having a technological foundation.” Baker agrees, stating that companies need a security strategy with a north star towards the ideal state of Zero Trust, and that requires starting with a plan.
3. Ensure confidence
Improving an organization’s security posture and the journey to Zero Trust isn’t easy, most enterprises will need a trusted partner to help pull it all together. Stempfley mentions that “no single enterprise can do everything themselves; we are in an ecosystem world. And so, we really have to understand what our skills and capacities and expertise are, and where we need to bring in partners”.
Baker agrees, citing how Dell assembled this ecosystem of trusted partners who can help customers on that journey. Stempfley continues: “From Dells perspective, I think about our commitment to intrinsic security, starting at that supply chain and Roots of Trust that we then build our secure development activities on top of and our security features on top of and, and that’s, that’s the core building blocks that can be utilized as we think about what the next steps might be for ourselves or for an enterprise.”
Balaouras doesn’t want anyone to be intimidated by the Zero Trust journey, stating that it may take a long time, but you might as well get started today. Baker agrees, stating, “It’s like on any journey. It’s the first step that’s the hardest, then it’s just step after step after step.”
To learn more, click here to view the full recording of this LinkedIn Live. Click here to learn more about Dell Security.
If you are attending Dell Technologies World, and you need help curating your security experience, our Security Journey offers a roadmap of essential security discussions.