At the recent RSA Conference, industry and public sector leaders came together to talk security. This year, the focus was on the Human Element and how people impact security posture. From cyber talent to insider threats, the Human Element touches all aspects of a secure industry or agency. This topic along with various aspects of security from AI to data storage were explored. One topic that was highlighted throughout the conference was Zero Trust.
Zero Trust means just that. No one, from in or outside, the network is trusted and instead must be verified to gain access to valuable resources. Delivering this Zero Trust security architecture requires solutions that leverage AI and machine learning to provide agencies with visibility across multiple endpoints including mobile, server, desktop, and IoT, enhancing security.
“For [the USDA], the driver becomes ‘how do I make sure that the data that I’m providing is, in fact, trusted?’,” said USDA CISO Venice Goodwine. “Have I classified my data properly, so that those who need access to that data have it relatively available?’, and then, of course, the general principles … of cybersecurity still apply.”
Platforms, like BlackBerry Spark, are built to enable Zero Trust security – focused on endpoint trust and continued validation through each event. “By validating user actions, the platform continuously authenticates users to deliver a zero-touch experience that improves security with no user interruption. In this way, dynamic trust is maintained across all devices, networks, data, users, and apps,” explained Billy Ho, Executive Vice President of Enterprise Products at BlackBerry.
This zero-touch application results in stronger security, a better user experience, and reduced costs. According to Risk Based Security, there were over 3,813 data breaches reported during the first half of 2019 – about 21 breaches every day – showcasing the need for stronger security structures, especially within government.
“At the end of the day, we’re trying to protect the data and a lot of people talk about ‘access,’” said GSA Executive Director of Identity Phil Lam. “I’m looking at it as continuous access and continuous conditional rules that apply … We’re looking at making [access] transactional so we can understand what’s ‘normal’ … it’s not always a user that’s [accessing] that data — so what is accessing that data? Transactions, machines … it’s got to be transactional, and it’s really got to be policy-driven.”
With this Zero Trust platform agencies have full visibility to easily define risks, analyze data, and apply controls to address risks while maintaining the Zero Trust environment all managed within one cloud. Agencies can also leverage a unified endpoint security (UES) layer to further Zero Trust security.
“The addition of custom role-based access controls to BlackBerry’s endpoint protection offering reduces risk by granularly defining and enforcing administrative permissions based on roles within an organization,” said Michael Suby, Research Vice President, Security and Trust Products at IDC. “Security teams will appreciate the ability to limit each user to only the features needed to perform their business functions.”
For agencies housing valuable data, enforcing a strong security posture is paramount. With new technology, employees will no longer have to sift through growing numbers of alerts and instead, focus on the overall security posture of the agency. “Prevention-first security can significantly reduce the number of alerts generated by the security stack, decreasing the burden and frustration associated with perpetual alert investigations that lead nowhere,” said Thomas Pace, Vice President, Global Enterprise Solutions at BlackBerry Cylance. “Preventing malware, malicious scripts, rogue applications and file-less attacks from harming the agency to keep data and the mission secure.”
Ready to learn more? Click here.