ESG Blogs

Last week’s Executive Order by President Biden provided a glimpse into each branch of government’s cybersecurity accountabilities and a strong declarative on the mandatory use of foundational security tools.

In part, the Fact Sheet says: “The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.”

Effectively addressing national emergencies and times of crisis has always required private and public sector collaboration. The most recent and obvious example being the development and delivery of COVID-19 vaccines. And like COVID-19, ransomware attacks cross borders, necessitating a coordinated national and international response by government agencies and technology leaders.

This month, as we head toward RSA Conference USA 2021, where  more than 40,000 security practitioners are usually all buzzing throughout the Moscone Center in San Francisco, we will all be signing in to virtual sessions instead. And just like last year, compromised credentials continue to be one of, if not the top vector for breach, fraud, and theft. These stories are in the news daily.

April showers bring May flowers, and this year’s RSA Conference. Usually there’s one topic at RSA that everyone is talking about but this year there will likely be 3: secure access service edge (SASE), eXtended detection and response (XDR), and zero trust. In my last blog, I described 8 things security executives want to hear about XDR. This one focuses on zero trust.

Big data estates, advanced analytics and insights, and the democratization of artificial intelligence (AI) are accelerating digital transformations aimed at harnessing the value of data across the business landscape. It is especially prominent in financial services, healthcare, and consumer services where customer experience reigns (and an unfortunate feeding ground for fraud and abuse).

Now that we are within a month of the RSA conference, the security diaspora must prepare itself for a cacophony of hyperbole around three industry initiatives: Secure Access Service Edge (SASE), eXtended Detection and Response (XDR), and zero trust.

Yup, all three areas are innovative and extremely promising, but a bit overwhelming as well. Look for more from me on SASE and zero trust in the coming weeks. For now, we'll focus on XDR.

We all understand that zero trust is a complex initiative. There’s a wide array of use cases, supporting technologies, starting points, and strategy options. On the bright side, one of the keys to succeeding with zero trust remains something companies arguably have the most control over – collaboration across the organization. The less encouraging news? These cross-functional relationships could be better.

The identity and access management ecosystem has come a long way in the past decade, invigorated by cloud identity, customer identity, mobile identity, and open identity standards. Industry incumbents and cloud providers have made significant investments to support scalable, distributed, multi-factor enabled and decentralized identity systems.

In my first (and exciting) week at ESG, I met with a series of sharp-minded entrepreneurs and newly funded startups that are tackling the complexities of authorization, access governance, and multi-cloud identity orchestration.

The topic of network and security convergence has been front and center in the industry over the last year. The line between networking and security continues to blur, with collaboration increasing across traditionally siloed IT functions and technologies used by these teams continuing to inch closer together. One of the more notable initiatives is secure access service edge (SASE), and both enterprises and vendors alike are now embarking on their SASE journey.

Secure access service edge (SASE) has continued to garner significant interest in the market due to the need to ensure that security and networking strategies and technologies are aligned to better address the increasingly distributed nature of the modern enterprise. In this video, Bob Laliberte and I discuss some of the different vendor approaches to SASE, the balance between platforms and best-of-breed approaches, and the organizational issues users must consider with regards to SASE.