Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management
Zero Trust: A 5-Step Approach
Dave Lewis of Duo Security Discusses Essential Steps to Improving Cloud SecurityDave Lewis of Duo Security describes a five-step program to deploy the “zero trust” model, which can help organizations address cloud security issues.
See Also: The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience
”First, you want to establish trust in your user identity,” he says. “Step two is you want to evaluate the trustworthiness of your user devices. Step three is that you want to enforce access policies on user device combinations. Step four is enabling secure connections to all applications. And step five is examining user device activity looking for anomalies and things that are out of the ordinary.”
In a video interview with Information Security Media Group following a series of virtual executive roundtables on the subject, Lewis discusses:
- Implementing the five-step approach to zero trust;
- How attitudes of roundtable attendees changed over the course of the series;
- How the COVID-19 pandemic led to higher interest in the zero trust concept.
Lewis is global advisory CISO for Duo Security, a unit of Cisco. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast as well as host of the Plaintext and Murder Board podcasts. Lewis serves on the advisory boards for several firms.