DATA SECURITY PODCAST
In a recent podcast interview with Zack Hack, Host of Cybercrime Magazine, Robert E. Johnson III, Cimcor CEO/President, discusses the importance of implementing a Zero Trust strategy, not a solution. The podcast can be listened to in its entirety below.
Welcome to The Data Security Podcast sponsored by Cimcor. Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud, and virtual IT assets in real-time while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak.
Q: Joining us today is President and CEO, Robert E. Johnson III. Robert has been a pioneer in the development of next-gen system integrity monitoring, self-healing systems, and cyber security software. Welcome, Robert. Nice to talk to you again. How've you been?
A: I've been great, Zack how about you?
Q: Things are well. So today, our topic is Zero Trust as a strategy, not a solution. Now, we talked about Zero Trust before. It seems like everybody these days is discussing how they can help with Zero Trust, but you've discussed before how it truly is a strategy, not necessarily a solution. What exactly does that mean to us?
A: Well, you know, I was really expressing a general concern. You know, I noticed at a recent trade show, that almost every other booth had a banner positioning themselves as a "Zero Trust Solution." That's very concerning to me because there are many aspects to Zero Trust. The common theme that's been defined by the vendors, is that Zero Trust has primarily got an identity and access management type of mechanism that is somehow tied to SIM. And yes, identity and access management are extremely important, but the Zero Trust Architecture is so much more than just those two items.
There's no single solution that provides all the key tenants of a Zero Trust strategy. In the end, the objective of a Zero Trust strategy is to ensure that the right people have access to the right resources at the right times, ensuring that those resources are configured in the right way, and operating in the right manner.
Q: Now you mentioned there are key tenants to Zero Trust. What exactly are the key tenants of a Zero Trust strategy?
A: NIST has actually defined those key tenants in their 800-207 document. They describe those seven key tenants as:
One: all data sources and computing resources, all the assets in the organization are considered resources. The second tenet is: that all communication is secure, regardless of where they are in your network. The third tenet: access to individual enterprise resources is granted on a per session basis. Four: access to resources is determined dynamically by a dynamically generated policy. And number five: the enterprise monitors and measures, the integrity and security posture of our owned and associated assets. Six: all resource authentication and authorization our dynamic is strictly enforced before access is allowed. Seven, and the final one is: the enterprise collects as much information as possible on the current state of assets, the network infrastructure, and communication that it uses, so it can improve the security posture.
All seven of those provide the perfect roadmap for creating and implementing, really, the perfect Zero Trust strategy for your organization.
Q: So what do you think is the most overlooked aspect of Zero Trust strategy?
A: Well, in my opinion, I believe the most important aspect of Zero Trust is tenant number five. The one that said that the enterprise monitors and measures the integrity and security posture of all owned and associated assets. I mean, if you think about it, integrity is the key to any strong cyber security strategy and is equally important in regards to Zero Trust. Let's put it this way, what is the point of ensuring that the right people are accessing the right resources at the right time if those resources are not in the state of integrity? What is the point if you can't trust the assets or resources that you're accessing? That's exactly what our team has been working on for years.
We believe that we have created the most robust solution for monitoring the integrity of your resources and the most robust solution in the entire market. Our product, CimTrak, makes it easy for you to ensure that your IT assets are configured in the expected state. and are in the expected state of integrity. This is a great way to kickstart your Zero Trust strategy while simultaneously helping to increase the uptime, availability, and resiliency of your IT infrastructure.
Q: Excellent information, Robert! Thank you so much for sharing it with us. It's been great speaking with you. We'll talk to you again!
A: Great being on your show again, Zack and look forward to our next conversation.
September 6, 2022