'Zero Trust': A Strategy for SuccessPanel Provides Tips on Creating a Frictionless Experience for Remote Workers
An effective "zero trust" strategy requires creating a frictionless experience for the remote workforce, according to a panel of security experts. Essential elements include multifactor authentication, continuous monitoring, an effective risk management program, and improved identity and access control mechanisms, the panel says.
See Also: Move Beyond Passwords
"To enable a frictionless environment for the remote workforce with 'zero trust,' the right authentication strategy, identity-powered security and a multi-layered security approach is essential," Gautam Aggarwal, senior vice president and Singapore-based regional CTO for Mastercard, said in the panel that was presented at Information Security Media Group's recent Cybersecurity Virtual Summit, Southeast Asia.
"As part of the 'zero trust' strategy, we looked at improving access the control mechanism for the users by preparing a threat modeling and risk management program to extend it to the remote users in identifying their end-point computing devices," said Singapore-based Manoj Tewari, senior director, information security and compliance, at International SOS, medical and security services organization.
Anthony Bargar, former deputy CISO at the U.S. Department of Defense and vCISO for Asia, adds: "The key building block in improving access control is to develop a strategy of modeling and mapping your enterprise risk with an effective IAM program. And the starting point for this is to deploy user behavior and analysis tools as an investment in capturing the user footprints.
In this video panel discussion, the three experts address:
- How CASB and Web DLP technologies help manage risk;
- Building a signature approach to assess data types;
- Monitoring of systems failures and strengths.
As the regional CTO for Mastercard, Aggarwal is responsible for leading the technology and service operations in the Asia Pacific region. He heads Mastercard's technology investments in China, India and Indonesia and the real-time payments infrastructure hub for the region.
As senior director of information security and compliance at International SOS, Tewari is responsible for the cybersecurity services and underlying technology infrastructure as well as information security compliance. Previously, he served as a senior consultant at BT Global Services, a compliance assurance manager with DXC, an associate consultant at Wipro, and an assistant system engineer at TCS.
Bargar is former deputy CISO at the U.S. Department of Defense and vCISO, Asia. He now leads the Cyber Security Consulting Group in Singapore. Bargar has more than 22 years of experience, having served in senior positions within the global financial services sector. He advises critical infrastructure sectors on implementing the latest strategies and technical countermeasures to reduce risk and transform programs to focus on resilience.