Connect with us

Expert Speak

Why and How Channel Partners Can Be Zero Trust Allies

Published

on

Jon Kane, Channel & Alliances Director EMEA at Gigamon, discusses the importance of Zero Trust adoption and how the channel can enable success for their customers

Zero Trust is a growing trend in cybersecurity. However, the term has previously been labelled a ‘buzzword’, with many admitting they have little understanding of what a Zero Trust framework includes. In fact, a growing number of IT and security leaders across EMEA are concerned about what it entails; 44% of those surveyed in 2022 claimed they worry it requires too much oversight and resources – up from 23% in 2020.

Yet at the same time, implementing a Zero Trust architecture seems to be a solution many want to prioritise. According to studies, 70% think it would be unwise not to consider Zero Trust in the current climate of rising cyber-attacks. As the threatscape continues to evolve and cloud security remains a concern on every IT professional’s mind, end-users require increasing support from partners across the channel to embark on their journey to attaining Zero Trust. This is where the channel can become the allies and trusted advisors, their customers desperately need.

Zero Trust is a mindset
First off, it’s crucial that organisations across the IT channel understand Zero Trust is not a product nor a technology, it’s a mindset. In order to bolster security resilience, teams need to shift away from the assumption that any user or asset within the network perimeter can be trusted. Indeed, the core aim of Zero Trust is to remove any implicit trust in a network and, in its place, require each individual case to be assessed before granting access.

Unlocking security success for customers therefore means channel partners acting as savvy advisors, differentiating from competitors by not only helping end-users to adopt better tools but also implementing better processes and educating them about the risk of implicit trust. The value of the channel for end-users therefore lies in the technical knowledge and expertise partners can share, supporting what is a complex, but necessary, shift towards a zero-trust mindset.

The good news is over three-quarters of global organisations accept Zero Trust is a journey, not a tick-box exercise. And with 83% of IT and security leaders in EMEA saying they now feel comfortable implementing Zero Trust in the next three years, the time is ripe for partners to become Zero Trust allies.

The role of deep observability
Vendors in the security space will continue to release products and solutions that play an important role in embarking on a Zero Trust journey – but there is no ‘silver bullet’ technology that could solve this conundrum alone. It’s therefore the role of the channel to support end-users in identifying and implementing an ecosystem of interconnected solutions that bolster their security posture and reduce implicit trust.

At the very foundation of this has to be deep observability. It’s impossible to monitor users, assets, devices and traffic that you can’t see, and consequently extremely challenging to assess and grant access on a case-by-case basis. Organisations therefore need to obtain a clear view of everything happening on their network to enable a comprehensive Zero Trust strategy.

It’s therefore positive that 98% of global IT and Security leaders believe that deep observability is connected to Zero Trust on some level. This addition of real-time network-level intelligence amplifies the power of metric, event, log and trace-based monitoring and observability tools to mitigate security risk and ease operational complexity. This is particularly important in the era of the hybrid cloud, where many traditional monitoring tools for on-premises cannot see into virtual environments and vice versa.

Security professionals who blend deep observability and Zero Trust will be best positioned to ensure business continuity by preventing bad actors from infiltrating their network and exfiltrating data. It’s up to the channel to educate on the value of this holistic visibility for creating a solid foundation on which a zero-trust mindset can be built.

A Zero Trust future
Zero Trust should no longer be a buzzword, but a recognised framework that is neither a quick nor simple security solution. It is an extensive and challenging approach to better cybersecurity and a journey that channel partners will need to guide their customers along. Although many in EMEA are yet to truly see Zero Trust as an attainable architecture for their organisations, it is certainly becoming a priority. In this environment, channel partners can be crucial allies to their customers by educating them on the value of deep observability – a pre-requisite for Zero Trust that will make the journey far easier.

Cyber Security

The Human Factor: Why Cybersecurity is as Much About People as Technology

Published

on

Global Entrepreneur Roman Ziemian explores why organisations must prioritise human awareness and culture to build a truly secure future. (more…)

Continue Reading

Cyber Security

How Public-Private Collaborations Contribute to Cybercrime Disruption

Published

on

Written by Derek Manky, Chief Security Strategist & Global VP Threat Intelligence | Board Advisor | Threat Alliances at FortiGuard Labs (more…)

Continue Reading

Expert Speak

Combating Advanced Cyber Threats in the Middle East’s Financial Industry

Published

on

The Middle East’s financial sector is increasingly a target for sophisticated cyberattacks, driven by numerous factors. Mobile financial services, online transactions, and emerging technologies like AI and cloud computing have expanded potential attack surfaces. As a result, according to the World Economic Forum’s Global Risks Report, cybersecurity ranks among the top five global threats over the next two years, with banking systems as key targets.

For cybersecurity professionals working within the sector, the pressure doesn’t end there. New data protection laws, such as the three new policies being developed by the UAE Cybersecurity Council on “cloud computing and data security”, “Internet of Things security”, and “cybersecurity operations centres” demand that financial institutions rigorously protect customer data. However, the increasing sophistication of attacks, driven by AI, often outpaces the requirements of such regulations, let alone the time taken for them to come into force.

All this creates significant pressure on financial institutions to establish a best practice that enables them to secure their operations, reduce vulnerabilities and maintain consumer trust.

The Role of Regulations in Cybersecurity
Regulations heavily influence the financial sector’s cybersecurity strategies, often focusing on risk management. However, while threats evolve quickly, regulations tend to lag and take time to develop.

Traditional corporate security teams can no longer prevent breaches as swiftly as attackers compromise systems, and monitoring tools have limited ability to stop a threat. That’s because the time it takes for attackers to compromise and exfiltrate data is now quicker than the time it takes for an organisation to remediate, which is typically 4-6 days.

With the average data breach now costing around $4.45 million, financial institutions need a proactive cybersecurity strategy, not one that is reactive to regulation alone, including investment in advanced technologies to quickly detect and neutralise threats.

Financial institutions should only view regulatory requirements as a foundational baseline, rather than a comprehensive basis for defence. Within the financial sector, more than any other, proactive, threat-based strategies are essential.

AI: Both a Threat and a Solution
AI is reshaping business functions in financial services, enhancing the customer experience and operational efficiency, but it also introduces new security risks. Today, attackers are using AI for reconnaissance, social engineering, malicious code development and more. These tactics accelerate attacks, making them harder to combat with traditional cybersecurity measures.

Even within the security department, it has become a double-edged sword, aiding both cyber criminals and defenders. While many organisations adopt AI to improve operations, the technology also expands attack surfaces, allowing cybercriminals to automate and scale attacks.

By consolidating security products and shifting to a platform approach, AI-driven cybersecurity solutions can be best utilised to help institutions detect and respond to threats in real-time, protect data and be more agile in response to incoming regulation.

Communicating Cybersecurity Needs
To put the right solutions in place, security teams first need trust and investment and that means taking the cyber challenge to the board. C-level leaders in the financial sector often underestimate their cyber-resilience so effective communication from CISOs and CTOs about cybersecurity risks and investment needs is essential.

Maintaining trust is critical for any business that holds sensitive, personal or critical data. Where financial services institutions rely on reputation, any investment in cyber is a good investment. It means a reduction in risk from cyber attacks, which do carry financial implications, in addition to the fact that an effective security posture carries the potential for funds to be released from a business’s cyber insurance policy.

In the digital financial landscape, robust cybersecurity measures safeguard reputation, customer trust, and operational continuity. As digital transformation continues at pace, banks and other financial entities must embed security into every aspect of their operations – turning investments in AI and cybersecurity innovations into competitive advantages.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.