New CISO research points to zero trust
July 14, 2022
5-MINUTE READ
July 14, 2022
5-MINUTE READ
CISOs have long warranted a seat at the table and now they have it – they have become one of the most critical roles in the modern enterprise. And they find themselves under immense scrutiny, leading the frontline defense against cyberattacks that threaten operational continuity, data security, and business success.
In the federal government specifically, CISOs face even more unique challenges given shifting geo-political tensions, accelerating digital transformation and convergence, and critical talent shortages. Whether its threats to mission systems or critical infrastructure, these attacks are growing in sophistication, aggression and impact, with a real ability to harm governments’ ability to provide vital services to citizens and uphold national security.
New research – The CISOs Report: Perspectives, Challenges and Plans for 2022 and Beyond – from Aimpoint Group, W2 Communications and CISOs Connect sheds light on how CISOs across all industries are meeting the moment. We found these global findings insightful for federal CISOs, especially in underscoring the importance of zero trust.
The report found CISOs’ horizons are darkening: Seven out of 10 perceive the threat landscape to be more severe now than it was a year ago.
<<< Start >>>
Seven out of 10 CISOs perceive the threat landscape to be more severe now than it was a year ago.
<<< End >>>
In our conversations with federal CISOs, they share similar perspectives. Other insights from the research include:
By detailing the depth and breadth of challenges facing enterprises, the research ultimately underscores why federal CISOs must adopt new assumptions about the IT environment:
<<< Start >>>
<<< End >>>
Cloud-native applications dynamically reconfigure the network based on users, performance optimization, and workload demand. CISOs must lean into this complexity by making innovative use of automation; integrating device and user identities; and ensuring a streamlined user experience by employing human-centered design.
<<< Start >>>
<<< End >>>
Defenders must lay the foundation of independent and autonomous resiliency by employing dynamic threat analysis of multiple attack vectors.
<<< Start >>>
<<< End >>>
What we’re really protecting is our sensitive data and intellectual property, not devices and endpoints.
These three principles summarize the importance of implementing a zero trust security model to create a dynamic, robust, and proactive cybersecurity defense. While the basics of zero trust have been part of federal standards and regulations for some time, more must be done to succeed, including:
For federal CISOs, deadlines from the May 2021 executive order and the planning rhythm for the upcoming fiscal year create opportunities for zero trust investments now. During this time, there are four questions every federal CISO should be asking themselves:
As federal CISOs move to implement zero trust, these four questions can guide agency action. Effectively implementing zero trust can help CISOs succeed in their increasingly important and complex roles, to better tackle today’s demanding cybersecurity needs.