Events , Governance & Risk Management , RSA Conference
Zero Trust: Lessons Learned and Lessons Identified
CIS CISO Sean Atkinson on Risk Management, Privacy Controls and ComplianceAs COVID-19 made remote work more prevalent, managing identity through both network and remote capabilities became a challenge for organizations. Zero trust is a big initiative for the Center for Internet Security, but applying zero trust principles to its infrastructure has not been easy, said Sean Atkinson, CISO at CIS. "You are never done with zero trust implementation," he said.
See Also: SASE Architecture For Dummies
Zero trust implementation is not a "set and done" approach, Atkinson said. Practical implementation and organizationwide adoption of zero trust are crucial, as is undergoing a maturity cycle to ensure organizations have the right tools and appropriate security controls for implementing identity throughout their organization.
"There are lessons learned, and there are lessons identified. One of the things CIS is doing is managing identity through the network," he said. "Our envisionment of infrastructure is no longer within the four walls. COVID-19 has set a remote capability, so we've now got to manage that underlying infrastructure as an approach to integrate security."
In this video interview with Information Security Media Group at RSA Conference 2023, Atkinson also discussed:
- The three most common data breach risks organizations are facing;
- The challenges for security organizations in defending against threats;
- Tips for avoiding data breaches.
Atkinson uses his broad cybersecurity expertise to direct strategy, operations and policy to protect the Center for Internet Security's enterprise of information assets. His responsibilities include risk management, communications, applications and infrastructure. Prior to CIS, he served as global information security compliance officer for GlobalFoundries. Prior to that, he led the security implementation for New York's statewide financial system.