APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Blockchain

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Singapore Startups

    Smart City

    Software Testing

    Startup

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Retail

    Travel and Hospitality

  • Dell

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Cyber Security
    • Software Testing
    • Procurement
    • Managed Services
    • Gamification
    • Blockchain
    • CRM
    • E-Commerce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Cyber Security
    Editor's Pick (1 - 4 of 8)
    left
    IAM May Help Secure Data, But It Needs to be Protected as Well

    Marc Ashworth, Chief Information Security Officer, First Bank

    The Changing Landscape of Cyber Security

    Scott Brandt, CIO & Director of IT, Texas Office of the Secretary of State

    Cyber Security - Integrated enterprise approach required to address the multifaceted challenges

    Sumit Puri, CIO, Max Healthcare

    Leadership Framework for Building Elite Teams

    Douglas Duncan, CIO, Columbia Insurance Group

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Marc Probst, CIO & VP, Intermountain Healthcare

    Enterprise Security And The Elusive

    Andre' Allen, CISO, City of Houston

    Secure Text Messaging in an Academic Medical Center - Experience and Lessons

    Kari Cassel, SVP & CIO, UF Health

    It's Time to Turn Security Inside Out

    Gilad Raz, CIO, Varonis

    right

    Building Untrusted Networks to Improve Security

    EARL DUBY, CISO and Vice President, LEAR Corporation (NYSE: LEA)

    Tweet
    content-image

    EARL DUBY, CISO and Vice President, LEAR Corporation (NYSE: LEA)

    In the early 2000s, owners and managers of tall buildings scrambled to improve the security of their assets, their tenants, and the millions of visitors that frequented their sites annually. In a rush to enhance the security and safety of their buildings, along with the people who occupied them, facility managers invested millions of dollars on access controls, monitoring systems, and people to ensure they were better prepared for unexpected events. On the heels of historic and unprecedented events, the Building Owners and Managers Association of Greater Los Angeles (BOMA) partnered with the RAND Corporation in 2002 to review the state of building-security in that city. The results of the study, noting a surge in additional cameras, perimeter controls and security personnel, would look familiar to today’s InfoSec professionals. In an especially foretelling passage, the 20-year-old study predicts: “Although a ‘security standard’ has not emerged, we expect stricter access controls of one type or another to be permanent additions to downtown high-rise buildings.” Prior to 2000, it was not uncommon for visitors to be able to roam from floor to floor, hallway to hallway, and business to business, unfettered once they passed through the lobby doors. After 2001, this free access was significantly curtailed by security guards, turnstiles, card-controlled doorways, which were in turn monitored by cameras, facial recognition systems. More recently, visitors are even monitored by artificial intelligence engines designed to predict disruption. When it comes to protecting corporate digital assets, it’s high time that the owners and managers of corporate networks take the same approach and sense of urgency as their physical-security counterparts.
    In another interesting parallel between defending physical buildings and digital castles, the RAND report stated the following: “The prevention decisions within the control of building owners and managers center on ‘hardening the target,’ which can accomplish (1) deterrence and (2) detection and denial.” This same approach rings true for digital defenders as well. One of the best ways to defend the digital assets of a company is to adopt the Zero Trust framework of controls. Given the recent attacks on corporations and governmental agencies alike, whether through SolarWinds or any other advanced attack, it is imperative that access to data be further locked down, protected, and monitored. We must complete the progression from open trust to full verification. As Forrester Research’s John Kindervag pointed out in 2009, the guiding principal of Zero Trust is a mindset of “never trust, always verify.” Anyone who has experience with Red Teaming a corporate network knows full well that there is still a lot of implicit trust that can be exploited. A Zero Trust control framework provides digital defenders the same value as a complimentary mindset does for the protection of physical structures. Restricting and monitoring access provides better visibility into who and what is attempting to access business assets. Building rules and contextual decision-making into the controls makes it harder for attackers to exploit and bypass the controls that are in place. With the correct implementation, these additional controls can lead to a better experience for legitimate users of the assets (think of an access management portal that provides a single, secure way to access multiple applications).

    When It Comes to Protecting Corporate Digital Assets, it’s High Time That the Owners and Managers of Corporate Networks Take the Same Approach and Sense of Urgency as Their Physical-Security Counterparts

    The key components of establishing a less trusting network, and building in better verification, detection, and remediation, are tied to enhanced controls at the data and user level. Instead of assuming that anyone on your corporate network is supposed to be there, it is necessary to establish the identity of that person (or device) at the outset, then track that identity through the entire interaction. Systematic decisions of trust must then be made with every request for additional resources. Just as building managers had to improve their access controls 20 years ago to better defend against an evolving and asymmetric threat, network managers today need to adopt new and increasingly untrusting strategies to protect digital assets from a rapidly evolving, well-funded, and increasingly destructive set of adversaries.
    tag

    review

    Weekly Brief

    loading
    Top 10 Cyber Security Companies - 2022

    Featured Vendors

    I-Sprint Innovations

    Dutch Ng, CEO

    HP

    Richard Bailey, President - Asia Pacific & Japan (APJ)

    ON THE DECK

    Cyber Security 2022

    Top Vendors

    Cyber Security 2021

    Top Vendors

    Cyber Security 2020

    Top Vendors

    Cyber Security 2019

    Top Vendors

    Cyber Security 2018

    Top Vendors

    Cyber Security 2017

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Deliver Resiliency with Managed Services

    Deliver Resiliency with Managed Services

    Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, CIO and Director, BT
    How to align Supply Chain with Corporate Strategy

    How to align Supply Chain with Corporate Strategy

    Chanaka Rathnayake, Senior Production Manager (Packaging) at The HEINEKEN Company
    A dose of our own medicine

    A dose of our own medicine

    SABINA JANSTROM, IT DIRECTOR, DYNO NOBEL
    Insider Threat

    Insider Threat

    AI is America's best weapon for disrupting health inequities

    AI is America's best weapon for disrupting health inequities

    Michael Dowling, President & Ceo, Northwell Health and Tom Manning, Chairman, Ascertain
    Combating IoT Challenges with Smart Choices

    Combating IoT Challenges with Smart Choices

    Sandeep Babbar, Head Of Technology Innovation, Gwa Group Limited
    Artificial Intelligence regulations and its impact on medical devices

    Artificial Intelligence regulations and its impact on medical devices

    Leo Hovestadt, Director Quality Assurance Elekta
    Loading...

    Copyright © 2023 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://cyber-security.apacciooutlook.com/cxoinsights/building-untrusted-networks-to-improve-security-nwid-8923.html