Trust vs Control - Is Zero Trust Inevitable?
Welcome back to Razorwire, the podcast slicing through the tangled world of cybersecurity! I'm your host, Jim and in this episode we’re talking about the crucial balance between trusting your workforce and exerting control over your security ecosystem.
Joining me are Iain Pye, sharing his insights into privacy roles, and David Higgins from CyberArk, who will discuss the challenges and strategies of effective cybersecurity. Whether you're managing remote teams or integrating third party services, this episode is packed with expert analysis and actionable advice.
We discuss: Discover how ISO and SOC certifications are shaping the way organisations approach security, as David Higgins analyses the paradigm shift towards a consumer-empowered landscape within cybersecurity. Discussion on the interplay between trust and control in the era of remote work, with insights on the importance of effective incident response capabilities, even when resources are lean. Learn about pragmatic approaches to vendor risk assessment and understand why a tiered method for evaluating vendor criticality could be pivotal for your cybersecurity strategy.
Prepare to challenge your perspectives on cybersecurity's conventional wisdom and join us on Razorwire, where we cut through complexity to bring clarity to the professionals on the digital frontlines.
“We've got devices that we no longer own. We've got platforms that we no longer run. We've got data stored in locations we're not responsible for and we've got employees working in environments that would that we've got zero control over. So moving to zero trust so that was it a ‘never trust, always verify mindset’? Makes a lot of sense."
David Higgins
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- Adjusting Control to Criticality: The more critical the processing and servicing, the greater the expectation of control.
- Certifications as Trust Indicators: The importance of obtaining certifications to demonstrate commitment and investment in establishing trust.
- Consumer Empowerment Through Software as a Service: How the shift to SaaS models puts more power into consumers' hands, necessitating service providers to meet their security expectations.
- Remote Work Security Challenges: How to tackle concerns about trust, control and security in home working environments.
- Sensitive Data in Risk Zones: Identifying and dealing with risks associated with employees working in red-listed countries.
- Cybersecurity Budgets and Risk Games: How to manage budgets and risk assessments effectively.
- Third Party Risk Management: How to implement third party assurance programmes for managing risk and ensuring thorough vulnerability assessment with vendors.
- The Evolving Cyber Threat Landscape: How to effectively deal with the rise in targeted phishing attacks through a balance of trust and control for detection and response.
- Zero Trust and Continuous Authentication: Why we should focus on implementing zero trust architecture and continuous authentication methods like MFA and biometrics.
- Economic Impact on Security Measures: Increasing costs and the economic downturn are major concerns affecting the budgets for security tools, certifications and overall organisational security measures.
GUEST BIO
David Higgins
David is the Senior Director – Field Technology Office at CyberArk. Since joining in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with privileged escalation, lateral movement and credential theft and discusses best practices and driving innovation around privileged management processes.
Other episodes you'll enjoy
Security vs Privacy: The Ethics of Data Collection https://www.razorthorn.com/security-vs-privacy-the-ethics-of-data-collection/
The Use Of AI In Cybersecurity – Consultants Roundtable
https://www.razorthorn.com/the-use-of-ai-in-cybersecurity-consultants-roundtable/
Lessons from an InfoSec Icon: A Fireside Chat with PCI Guru Jeff Hall
https://www.razorthorn.com/lessons-from-an-infosec-icon-a-fireside-chat-with-pci-guru-jeff-hall/
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com