DATA SECURITY PODCAST
In a recent podcast interview with Zack Hack, Host of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses the latest views on the importance of implementing Zero Trust. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today is President and CEO, Robert E Johnson III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cybersecurity software. Robert, welcome back. Great to be talking with you, it's good to have you back on the show.
A: Great to be back on the show with you guys, Zack.
Q: Our topic today is going to be Zero Trust. We've begun to hear a lot about Zero Trust for those in cybersecurity. Can you elaborate a little bit on what Zero Trust truly means?
A: Sure. Zero Trust is this security paradigm, which really flips the model on how we actually protect systems. Traditionally, most of our defenses are centered around protecting the perimeter of our entire network. Now, in contrast, the Zero Trust model focuses on protecting all of the resources in your network, regardless of the location of those resources or the location of the user. So, I use that word, "resource". What is a resource? Well, a resource is anything on your network from servers to network devices to storage devices, and so much more - pretty much anything with an IP address.
The objective is to ensure that only the right people have access to the right authorized resources in an organization. You're hearing about Zero Trust quite a bit right now, but it isn't new, but it is starting to get more and more attention. Now, it was formally defined in the NIST 800-27 document and it defines seven tenets towards Zero Trust implementation. Some examples of those tenets are: "All communication is secure, regardless of network location." Another is, "All data sources and computing services are considered resources." Another tenant is, "The enterprise monitors and measures, the integrity and security posture of all owned and associated assets." And here's another one, "All resource authentication and authorization our dynamic and strictly enforced before access is allowed." And there are a few more - there are about three more.
Q: Great recap, Robert, thanks for discussing. So what is the most important tenet of Zero Trust?
A: Well out of the seven, the one that we feel is most important is tenant number five: "The enterprise monitors and measures, the integrity and security posture of all owned and associated assets." Here's why I feel this way - It is important to always ensure that your resources and, again, that means your servers your network devices your databases - those things that drive your business, are always in a state of integrity first. If you think about it, what is the point of restricting access to a server, if a server has been compromised or is not in a state of integrity? So this is an extremely important concept and is really the foundation that this entire Zero Trust strategy is built.
Q: So why do you think they forget about this, though?
A: Lately, most of the industry chatter has been around micro-segmentation and authentication. And I feel those are important concepts, however, creating that strong foundation and ensuring that all of your resources are in the expected state of integrity, well that is simply critical. At Cimcor, this aligns directly with our mission. Our product, CimTrak, can directly help you with Zero Trust tenant number five: "Monitor and measure the integrity and security posture of all owned and associated assets." CimTrak can detect unexpected changes to your IT assets in real-time and notify you of any of the changes to those systems or the integrity of those systems has occurred, whether their network devices active directory, databases, cloud infrastructures, and so much more. Furthermore, CimTrak can also monitor the security posture of your IT assets by continuously monitoring if your systems are in a properly hardened state as defined by CIS Benchmarks or DISA STIGs. We feel that CimTrak is the foundation of Zero Trust and is key to ensuring the security systems, both on-prem and in the cloud.
Q: Robert, thanks a lot for this great information. It's been fantastic speaking with you.
A: It's been great being on the show, Zack.
August 30, 2022