Governance & Risk Management , Video , Zero Trust

Zero Trust: How to Manage Access to Applications

Soumak Roy Shares His Strategy to Map Access to Applications and Networks
Soumak Roy, vice president and global practice leader of cybersecurity, SDG Corp.

Soumak Roy, vice president and global cybersecurity practice leader at SDG Corp. and winner of the ISMG Dynamic CISO award in the zero trust category, proudly says he implemented zero trust within a year. Roy shares his journey, learnings and strategies for a smooth zero trust implementation.

See Also: OnDemand | Navigating the Zero Trust Landscape: Security Mastery for Remote Work and Cloud Dominance

An essential component of zero trust is to map access to applications and networks, but Roy said the process isn't easy.

"Mapping access matrix with identity and network is cumbersome," Roy said. "It is not easily identifiable in a complex environment - who needs to access what, from what network, and which applications are to be allowed."

To demystify this, he applied the Kipling method of who, what, when, why and how. "This helped me answer some questions, like: Who should be addressing the resource? What applications are being used to access that resource, especially inside a secure area? When should a resource be accessed? Where is the packet destination to? How is the packet accessing the secure application throughout its life cycle?

"This was our building block for zero trust framework and with this level of granular enforcement, we ensured that only legitimate users and legitimate applications can communicate to their destination, and the rest all are by default blocked. This is the fundamental of zero trust."

In this video interview with Information Security Media Group, Roy also discusses:

  • The various technologies he invested in for zero trust;
  • How he secured legacy systems with zero trust;
  • His advice to his colleagues on their own zero trust journeys.

Roy has more than 20 years of experience in cybersecurity. He has been in leadership roles across organizations and has expertise in both enterprise and consumer security - IAM, fraud and risk intelligence, infrastructure security, security operations and cyber intelligence.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.