A Working Model for a 'Zero Trust' Security ArchitecturePanel of Experts Offers Implementation Insights
Implementing a "zero trust" architecture for the remote workforce during the COVID-19 pandemic requires secure authentication methods, a role-based access strategy and encryption standards based on micro-segmentation, according to a panel of security experts.
"An effective 'zero trust' strategy needs to deploy a central identity management strategy … and context-based authentication to allow APIs to talk to each other securely," Brijesh Datta, executive vice president and CISO at Reliance Jio, said in a video panel discussion. The panel was part of Information Security Media Group’s recent Cybersecurity Virtual Summit India: “Zero Trust.”
Charanjit Singh Sodhi, executive director and head of IAM at Nomura Wholesale, says another essential element is a role-based access control mechanism. "A very regular reconciliation of the access control process along with the self-recertification and manager recertification process automated in real time for secure user access in a 'zero-trust' model is helpful," he said.
Sridhar Sidhu, senior vice president and head of the enterprise security services group at Wells Fargo, added: "One of the key tenets of a 'zero trust' framework is to assess the risk exposure of the organization, which starts with privileged access."
In this video panel discussion, the three experts address:
- Taking an identity-centric approach to “zero trust”;
- How CASB and Web DLP technologies help manage risk;
- Using artificial intelligence and machine learning to help track user access.
As the executive vice president and CISO at Reliance Jio, Datta manages security for all the company's vertical markets. Datta has more than 25 years of experience in telecommunications, IT, and information security. He was a former army officer who was instrumental in defining cybersecurity practices for the Indian Army in the late 1990s.
Sodhi is the executive director and the head of identity and access management at Nomura Wholesale. He served as an officer in the Indian Navy, where he was awarded the Chief of Naval Staff Gold Medal and the Sword of Honor. After that, he has worked at SecureSynergy, Fidelity, Airtel and JPMorgan Chase.
Sidhu leads the enterprise information security services function at Wells Fargo Enterprise Global Services - India. He holds certifications in IT risk management and IT governance matters.