{"id":27979,"date":"2022-03-30T07:53:53","date_gmt":"2022-03-30T07:53:53","guid":{"rendered":"https:\/\/cyberleadershipinstitute.com\/?p=27979"},"modified":"2023-12-11T08:30:48","modified_gmt":"2023-12-11T08:30:48","slug":"the-7-proven-essentials-cisos-must-consider-to-master-zero-trust","status":"publish","type":"post","link":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/","title":{"rendered":"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0"},"content":{"rendered":"<p><span><img decoding=\"async\" alt=\"\" width=\"800\" data-init-width=\"1024\" height=\"413\" data-init-height=\"529\" loading=\"lazy\" src=\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-1024x529.jpg\" data-width=\"800\" data-height=\"413\" style=\"aspect-ratio: auto 1024 \/ 529;\"><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Zero Trust has transitioned from a buzzword to the centre of most cyber resilience strategies far more rapidly than many CISOs ever predicted. According to&nbsp;<a href=\"https:\/\/www.bloomberg.com\/press-releases\/2021-07-14\/zero-trust-security-market-size-worth-59-43-billion-by-2028-cagr-15-2-grand-view-research-inc\">Grand View Research, Inc<\/a>, the global Zero Trust security market size is expected to reach USD 59.43 billion by 2028, registering a compound annual growth rate (CAGR) of 15.2% from 2021 to 2028. The rising need to protect digital enterprise environments underpins the rapid Zero Trust adoption. Solutions such as preventing lateral movement, leveraging network segmentation, simplifying user access control, and implementing layer 7 threat prevention work to protect computers, programs, and networks from unauthorized access.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">In this blog, co-written with one of CLIs distinguished Alumni, <a href=\"https:\/\/www.linkedin.com\/in\/ashwin-ram-54b2aa1b\/\" style=\"outline: none;\">Ashwin Ram<\/a> (Cybersecurity Evangelist, Office of the CTO at Check Point), we simplify Zero Trust, discuss its benefits and offer practical ways CISOs can deploy to cost-effectively bake Zero Trust into their strategies.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>What is Zero Trust?<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Zero Trust is a security framework or model, not a specific technology. While many vendors tout their products as panaceas to Zero Trust, it\u2019s important to remember, <a href=\"https:\/\/www.wired.com\/story\/what-is-zero-trust\/\">as one expert put it<\/a>, that \u201cZero Trust isn&#8217;t a single piece of software you can install or a box you can check, but a philosophy, a set of concepts, a mantra, a mindset.\u201d<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">At its core, Zero Trust <a href=\"https:\/\/www.checkpoint.com\/cyber-hub\/network-security\/what-is-zero-trust\/what-is-a-zero-trust-architecture\/#:~:text=With%20a%20zero%20trust%20security,Zero%20Trust%20Architecture\" style=\"outline: none;\">eliminates implicit trust within an organization\u2019s<\/a> IT infrastructure. Access is granted or denied based upon the access and permissions assigned to a particular user according to their role within the organization. But as most CISOs have learnt the hard way, no single framework, including Zero Trust, can stop high-profile cyber incursions. A <a href=\"https:\/\/itwire.com\/guest-articles\/guest-opinion\/why-zero-trust-architecture-will-disrupt-the-cybersecurity-industry,-the-same-way-netflix-disrupted-blockbuster.html\">recent article<\/a> states that \u201cWhen prevention fails, (and it will), this approach will contain the spread of a breach, and minimize the impact and consequence for a business.\u201d<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Under Zero Trust, users, devices, and applications are granted the minimum access permissions required to carry out specific functions. Under the traditional security model, a VPN user is granted full access to the network. Assuming this user\u2019s credentials are compromised, <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-06-04\/hackers-breached-colonial-pipeline-using-compromised-password\" style=\"outline: none;\">as was the case in the Colonial Pipeline breach<\/a>, the threat actors can easily traverse the networks and compromise several unrelated assets. But the principle of least privilege and \u2018default deny\u2019 advocated by Zero Trust limits the damage to a specific system the user is authorized to access.&nbsp;<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>Why Should CISOs Build Zero Trust into their Cyber Resilience Strategies? <\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">For the first 20 years or so of the internet, our networks were simple; companies invested in perimeter defences (firewall, proxy servers, email security gateways, intrusion prevention systems, etc.) to limit their exposure to internet threats. Any traffic emanating from outside the network was untrusted and potentially harmful, while anything inside this perimeter was considered safe and trusted. This approach worked for a while, but times have changed.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Historically protected by firewalls, antivirus software and segmented networks &nbsp;\u2014 the traditional <a href=\"https:\/\/www.amazon.com.au\/Five-Anchors-Cyber-Resilience-enterprises\/dp\/0648007847\">enterprise network perimeter<\/a> is fast dissipating. More and more enterprises are migrating mission-critical applications into the public cloud, fuelled by the promise of greater financial flexibility, the ability to deliver infrastructure on the fly and faster time to market. COVID-19 has changed everything \u2014 employees are working remotely and logging into enterprise networks from their mobile phones, home computers and other unknown devices. Furthermore, the supply chain keeps getting more complex, with businesses looking beyond their geographies to address supply chain issues.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Simply put, the traditional perimeter security approach can no longer keep up with the demands of today\u2019s fast-changing digital environment, let alone stealthy cyber threats that can easily evade traditional security defences. Zero Trust offers three formidable benefits:<\/span><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">The primary role of any CISO is to improve the cyber risk profile. Zero Trust helps accelerate this mandate by focusing on prevention, as it\u2019s far more cost-effective to reduce the likelihood of high-impact attacks than recover from their messes.<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Done right, Zero Trust can boost cyber resilience by shifting from the one-size-fits-all cybersecurity investment models and prioritizing the <a href=\"https:\/\/cyberleadershipinstitute.com\/covid-19-crisis-forcing-business-savvy-cisos-to-focus-on-crown-jewels\/\" style=\"outline: none;\">protection of crown jewels <\/a>\u2014 the most critical information assets, which, if compromised, could severely undermine the enterprise\u2019s bottom line, competitive advantage, reputation, or even threaten its survival.<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Developed in conjunction with enterprise architecture, Zero Trust can simplify security, reduce overheads and, most importantly, help safely accelerate digital transformation. <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWJJdT\">Microsoft<\/a> confirms this notion, stating, \u201cA Zero Trust approach empowers people to work productively and securely when, where, and how they want.\u201d<\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>The Seven Essentials Of Zero Trust<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>1. Zero Trust Network <\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">One of the biggest challenges for CISOs over the last decade was limiting lateral threat actor movement. Cybercriminals keep exploiting weaknesses in one system and quickly move across to compromise crown jewels. So, the first essential we recommend is that CISOs redesign their network infrastructure to isolate digital assets into different segments based on risk.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">A segmented network makes it significantly harder for an attacker to compromise one system and hop on to others. This requires physically or logically separating high-value digital assets, such as industrial control systems (ICS), systems that hold payment card data or those that process high-value payments. Once this is achieved, restrict access to high-risk network zones based on a strict need to-do\/know basis, opening connections only to those systems and users. Furthermore, CISOs must deploy advanced security threat prevention controls at the application layer to inspect the flow of traffic between segments. Performing deep packet inspection in the core of your network offers an additional critical control to detect and deter attacks.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>2. Zero Trust People<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">According to the <a href=\"https:\/\/www.ibm.com\/security\/data-breach\" style=\"outline: none;\">Ponemon Institute\u2019s 2021 Cost of a Data Breach Report<\/a>, compromised credentials was the number one attack vector successfully exploited by cybercriminals. Humans will always make mistakes, intentionally or otherwise. Therefore, it is essential that CISOs complement their cyber awareness with technical controls to <a href=\"https:\/\/cyberleadershipinstitute.com\/want-to-improve-your-cyber-crisis-response-think-beyond-technology\/\" style=\"outline: none;\">minimize the threats associated with stolen credentials<\/a>. For example, minimizing the number of complex passwords users should maintain through single sign-on, reinforcing access control through MFA, protecting superuser credentials through a commercial privileged access management solution, and context-aware security policy enforcement.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Here are additional questions CISOs should ask to ascertain the effectiveness of their controls:<\/span><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Are our Active Directory and any other centralized identity stores hardened to prevent takeover?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Do we have systems in place to detect and fix material Active Directory misconfigurations?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Have we baked the principle of least privilege within business operations, specifically employee onboarding and lifecycle management?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Have we enforced MFA across all high-risk access points to mitigate credential theft?<\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>3. Zero Trust Data<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Needless to say, Zero Trust is fundamentally designed to protect data, whether in use, at rest or in motion. Here are five primary controls CISOs should consider when building Zero Trust into their strategies.<\/span><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Publish an easily digestible data classification policy and associated tools to help users tag data\/documents according to their level of sensitivity and automate restrictions according to sensitivity levels.<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">High-value data, such as health records, passwords, and board papers, must be encrypted at rest and in transit using industry-grade encryption tools. End-user device hard drives must also be encrypted to minimize the risk of unauthorized data leakage should the device fall into the wrong hands.<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Deploy data loss prevention controls to prevent the exfiltration of confidential data into unsanctioned cloud environments or removable drives.<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Encrypt any confidential data backed up to tape and ensure decryption keys are adequately protected.<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Deploy a commercial mobile device management solution (MDM) to enforce data protection policies (authentication, encryption, remote wipe, etc.) on personal devices with access to corporate data.<\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>4. Zero Trust Devices<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">At its core, the Zero Trust security model recommends treating every device connected to the network as untrusted and potentially hostile. This includes not only laptops and servers but also mobile phones, IoT (Internet of Things) and OT (operational technology) devices. It is critical that you have the ability to isolate compromised devices in your environment as quickly as possible. This requires designing a network infrastructure to isolate your digital assets into different segments based on risk and implementing a context-aware security policy that adapts to the posture of devices in your environment. For instance, you could ask the following questions:<\/span><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Do we have the ability to control the flow of traffic to and from IoT devices based on device posture, such as firmware versions that are known to have high-risk vulnerabilities?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Can we trust the mobile phones our employees are using to access and process corporate data?<\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>&nbsp;5. Zero Trust Workload<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Most enterprises struggle to protect their cloud-based workloads due to cloud ecosystems\u2019 dynamic and ephemeral nature, especially when moving from IaaS (infrastructure as a service) to serverless and containers. Cloud assets are stood up at the click of a button, which can lead to a host of misconfigurations issues. Unsurprisingly, cloud misconfiguration was cited as the third most exploited attack vector by the <a href=\"https:\/\/www.ibm.com\/security\/data-breach\" style=\"outline: none;\">Ponemon Institute&#8217;s 2021 Cost of a Data Breach Report.<\/a><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">To minimize this risk, CISOs must place a heightened focus on cloud security visibility and adaptive policy enforcement. Automated controls must continuously monitor cloud infrastructure for gaps in security policy enforcement, while adaptive security controls must enforce the principle of least privilege. Furthermore, cloud security teams must enforce segmentation and micro-segmentation using advanced threat prevention security controls. For instance, the team can implement a hub and spoke network in which traffic from each spoke traverses through a hub, which enforces advanced security controls.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Here are some important questions to consider as part of the cloud transformation journey.<\/span><\/span><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Are we leveraging \u2018just-in-time\u2019 security to control privilege access?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Can we automatically remediate misconfiguration and security oversights in our public cloud?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Are we validating that third-party code used within our cloud applications are safe from threats?<\/span><\/span><\/span><\/span><\/span><\/li>\n<li style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">Do we have a way to enforce security best practices across all our cloud environments?<\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>6. Automation and Orchestration <\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">The <a href=\"https:\/\/www.devo.com\/resources\/2020-devo-soc-performance-report-download\/\">2020 Devo SOC Performance Report: A Tale of Two SOCs<\/a>, reported that three out of four SOC (Security Operations Center) analysts reported that increased workload is the number one reason for burnout. The same report also found SOC analyst stress, burnout, and turnover is getting worse. To combat this, the study recommended introducing automation into workflows.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">This aligns with Zero Trust principles, which recommend the use of automation and orchestration to reduce human error and improve security posture. Leading CISOs are implementing <a href=\"https:\/\/www.fireeye.com\/products\/helix\/what-is-soar.html\">Security Orchestration, Automation and Response (SOAR)<\/a> platforms, which utilize a combination of human and machine learning to analyze this diverse data in order to comprehend and prioritize incident response actions. The advantages are threefold: automate mundane tasks and free up resources to focus on other strategic initiatives; prioritize alerts that could result in material harm from noise; and boost compliance by creating repeatable and auditable processes.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>7. Visibility &amp; Analytics<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\">As the research giant <a href=\"https:\/\/www.cisco.com\/c\/dam\/m\/en_sg\/solutions\/security\/pdfs\/forrester-ztx.pdf\" style=\"outline: none;\">Forrester<\/a> put it, &#8220;You can&#8217;t combat a threat you can&#8217;t see or understand.&#8221; It goes without saying that one of the anchors of a robust Zero Trust strategy is building situational awareness. It is essential for cybersecurity teams to have 24\/7 visibility into their networks, endpoints, mobile devices, public\/private clouds, IoT and OT. Alerts from these systems must be correlated into credible threat intelligence and inform practical strategies to detect and prevent cyber incursions. These alerts should be promptly triaged to relevant teams to contain any threats and minimize downstream customer and business harm. Ensuring that their security logs are constantly shipped and centralized 24\/7 must be a non-negotiable before new systems are commissioned.<\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"color: rgb(51, 68, 79) !important;\"><span style=\"--tcb-applied-color: rgb(51, 68, 79) !important;\"><span style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><strong>Is Zero Trust enough?<\/strong><\/span><\/span><\/span><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-family: Mukta; font-weight: 400; --tcb-applied-color: rgb(51, 68, 79) !important; color: rgb(51, 68, 79) !important;\">A robust Zero Trust strategy builds on the foundations an organization has put in place over the years. Done right, it helps dismantle the fort mentality, accelerate digital transformation, and boost cyber resilience. As <a href=\"https:\/\/www.microsoft.com\/en-au\/security\/business\/zero-trust\" style=\"outline: none;\">Microsoft summarized<\/a>, \u201cToday\u2019s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they\u2019re located.\u201d<\/span><\/p>\n<p style=\"\"><a href=\"https:\/\/www.bloomberg.com\/press-releases\/2021-07-14\/zero-trust-security-market-size-worth-59-43-billion-by-2028-cagr-15-2-grand-view-research-inc\" style=\"outline: none;\"><span style=\"font-family: Mukta; font-weight: 400;\">https:\/\/www.bloomberg.com\/press-releases\/2021-07-14\/zero-trust-security-market-size-worth-59-43-billion-by-2028-cagr-15-2-grand-view-research-inc<\/span><\/a><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.linkedin.com\/in\/ashwin-ram-54b2aa1b\/\" style=\"outline: none;\">https:\/\/www.linkedin.com\/in\/ashwin-ram-54b2aa1b\/<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.wired.com\/story\/what-is-zero-trust\/\" style=\"outline: none;\">https:\/\/www.wired.com\/story\/what-is-zero-trust\/<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.checkpoint.com\/cyber-hub\/network-security\/what-is-zero-trust\/what-is-a-zero-trust-architecture\/#:~:text=With%20a%20zero%20trust%20security,Zero%20Trust%20Architecture\" style=\"outline: none;\">https:\/\/www.checkpoint.com\/cyber-hub\/network-security\/what-is-zero-trust\/what-is-a-zero-trust-architecture\/#:~:text=With%20a%20zero%20trust%20security,Zero%20Trust%20Architecture<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/itwire.com\/guest-articles\/guest-opinion\/why-zero-trust-architecture-will-disrupt-the-cybersecurity-industry,-the-same-way-netflix-disrupted-blockbuster.html\" style=\"outline: none;\">https:\/\/itwire.com\/guest-articles\/guest-opinion\/why-zero-trust-architecture-will-disrupt-the-cybersecurity-industry,-the-same-way-netflix-disrupted-blockbuster.html<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-06-04\/hackers-breached-colonial-pipeline-using-compromised-password\" style=\"outline: none;\">https:\/\/www.bloomberg.com\/news\/articles\/2021-06-04\/hackers-breached-colonial-pipeline-using-compromised-password<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.amazon.com.au\/Five-Anchors-Cyber-Resilience-enterprises\/dp\/0648007847\" style=\"outline: none;\">https:\/\/www.amazon.com.au\/Five-Anchors-Cyber-Resilience-enterprises\/dp\/0648007847<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWJJdT\" style=\"outline: none;\">https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWJJdT<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.ibm.com\/security\/data-breach\" style=\"outline: none;\">https:\/\/www.ibm.com\/security\/data-breach<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.devo.com\/resources\/2020-devo-soc-performance-report-download\/\" style=\"outline: none;\">https:\/\/www.devo.com\/resources\/2020-devo-soc-performance-report-download\/<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.fireeye.com\/products\/helix\/what-is-soar.html\" style=\"outline: none;\">https:\/\/www.fireeye.com\/products\/helix\/what-is-soar.html<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/www.microsoft.com\/en-au\/security\/business\/zero-trust\" style=\"outline: none;\">https:\/\/www.microsoft.com\/en-au\/security\/business\/zero-trust<\/a><\/span><\/span><\/p>\n<p style=\"\"><span style=\"font-weight: 400;\"><span style=\"font-family: Mukta;\"><a href=\"https:\/\/cyberleadershipinstitute.com\/covid-19-crisis-forcing-business-savvy-cisos-to-focus-on-crown-jewels\/\" style=\"outline: none;\">https:\/\/cyberleadershipinstitute.com\/covid-19-crisis-forcing-business-savvy-cisos-to-focus-on-crown-jewels\/<\/a><\/span><\/span><\/p>\n<p style=\"\"><a href=\"https:\/\/cyberleadershipinstitute.com\/want-to-improve-your-cyber-crisis-response-think-beyond-technology\/\" style=\"outline: none;\"><span style=\"font-family: Mukta; font-weight: 400;\">https:\/\/cyberleadershipinstitute.com\/want-to-improve-your-cyber-crisis-response-think-beyond-technology\/<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zero Trust has transitioned from a buzzword to the centre of most cyber resilience strategies far more rapidly than many [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":27980,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"categories":[36,49,18],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.4 (Yoast SEO v22.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0 - Cyber Leadership Institute<\/title>\n<meta name=\"description\" content=\"Consider these 7 Essentials to master the implementation of a Zero Trust model as a CISO and protect your organization against cyber threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0\" \/>\n<meta property=\"og:description\" content=\"Zero Trust has transitioned from a buzzword to the centre of most cyber resilience strategies far more rapidly than many CISOs ever predicted. According\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Leadership Institute\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/cyberleadershipinstitute\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-30T07:53:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-11T08:30:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1323\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Phil Zongo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@C_L_Institute\" \/>\n<meta name=\"twitter:site\" content=\"@C_L_Institute\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Phil Zongo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\"},\"author\":{\"name\":\"Phil Zongo\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/person\/d59d030ee7fb23e5ffbde515ad123b55\"},\"headline\":\"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0\",\"datePublished\":\"2022-03-30T07:53:53+00:00\",\"dateModified\":\"2023-12-11T08:30:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\"},\"wordCount\":2084,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg\",\"articleSection\":[\"Career Guidance\",\"CISO Role\",\"Cybersecurity Strategy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\",\"name\":\"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0 - Cyber Leadership Institute\",\"isPartOf\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg\",\"datePublished\":\"2022-03-30T07:53:53+00:00\",\"dateModified\":\"2023-12-11T08:30:48+00:00\",\"description\":\"Consider these 7 Essentials to master the implementation of a Zero Trust model as a CISO and protect your organization against cyber threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg\",\"contentUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg\",\"width\":2560,\"height\":1323,\"caption\":\"3D illustration of the text zero trust over black background with padlock shapes in relief. Concept of network security.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cyberleadershipinstitute.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#website\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/\",\"name\":\"Cyber Leadership Institute\",\"description\":\"Know You&#039;re Ready\",\"publisher\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cyberleadershipinstitute.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#organization\",\"name\":\"Cyber Leadership Institute\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg\",\"contentUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg\",\"width\":512,\"height\":512,\"caption\":\"Cyber Leadership Institute\"},\"image\":{\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/cyberleadershipinstitute\",\"https:\/\/x.com\/C_L_Institute\",\"https:\/\/www.instagram.com\/cyber_leadership_institute\/\",\"https:\/\/www.linkedin.com\/school\/cyberleadershipinstitute\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/person\/d59d030ee7fb23e5ffbde515ad123b55\",\"name\":\"Phil Zongo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cyberleadershipinstitute.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/PhilZongo-1-150x150.jpg\",\"contentUrl\":\"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/PhilZongo-1-150x150.jpg\",\"caption\":\"Phil Zongo\"},\"description\":\"Phil is an international keynote speaker, multi-award winning virtual CISO and bestselling author. He is an official member of Forbes Business Council, an Invitation-Only Global Community for Successful Business Owners and Leaders. He was named one of 2020\u2019s Top 100 Most Influential People of African Descent (New York USA), as well as 2017 winner of ISACA International\u2019s Best Article Award (Chicago, USA). His views have been featured by Forbes, CISCO, NZ Business Herald, Financial Standard, SAP, etc., and one of the Top 7 Global Cyber Security Leaders in 2023 by the Security Magazine and ISACA.\",\"url\":\"https:\/\/cyberleadershipinstitute.com\/author\/pzongo\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0 - Cyber Leadership Institute","description":"Consider these 7 Essentials to master the implementation of a Zero Trust model as a CISO and protect your organization against cyber threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/","og_locale":"en_US","og_type":"article","og_title":"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0","og_description":"Zero Trust has transitioned from a buzzword to the centre of most cyber resilience strategies far more rapidly than many CISOs ever predicted. According","og_url":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/","og_site_name":"Cyber Leadership Institute","article_publisher":"https:\/\/facebook.com\/cyberleadershipinstitute","article_published_time":"2022-03-30T07:53:53+00:00","article_modified_time":"2023-12-11T08:30:48+00:00","og_image":[{"width":2560,"height":1323,"url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg","type":"image\/jpeg"}],"author":"Phil Zongo","twitter_card":"summary_large_image","twitter_creator":"@C_L_Institute","twitter_site":"@C_L_Institute","twitter_misc":{"Written by":"Phil Zongo","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#article","isPartOf":{"@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/"},"author":{"name":"Phil Zongo","@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/person\/d59d030ee7fb23e5ffbde515ad123b55"},"headline":"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0","datePublished":"2022-03-30T07:53:53+00:00","dateModified":"2023-12-11T08:30:48+00:00","mainEntityOfPage":{"@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/"},"wordCount":2084,"commentCount":0,"publisher":{"@id":"https:\/\/cyberleadershipinstitute.com\/#organization"},"image":{"@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg","articleSection":["Career Guidance","CISO Role","Cybersecurity Strategy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/","url":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/","name":"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0 - Cyber Leadership Institute","isPartOf":{"@id":"https:\/\/cyberleadershipinstitute.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage"},"image":{"@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage"},"thumbnailUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg","datePublished":"2022-03-30T07:53:53+00:00","dateModified":"2023-12-11T08:30:48+00:00","description":"Consider these 7 Essentials to master the implementation of a Zero Trust model as a CISO and protect your organization against cyber threats.","breadcrumb":{"@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#primaryimage","url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg","contentUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg","width":2560,"height":1323,"caption":"3D illustration of the text zero trust over black background with padlock shapes in relief. Concept of network security."},{"@type":"BreadcrumbList","@id":"https:\/\/cyberleadershipinstitute.com\/the-7-proven-essentials-cisos-must-consider-to-master-zero-trust\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cyberleadershipinstitute.com\/"},{"@type":"ListItem","position":2,"name":"The 7 Proven Essentials CISOs Must Consider To Master Zero Trust\u00a0\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/cyberleadershipinstitute.com\/#website","url":"https:\/\/cyberleadershipinstitute.com\/","name":"Cyber Leadership Institute","description":"Know You&#039;re Ready","publisher":{"@id":"https:\/\/cyberleadershipinstitute.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cyberleadershipinstitute.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cyberleadershipinstitute.com\/#organization","name":"Cyber Leadership Institute","url":"https:\/\/cyberleadershipinstitute.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/","url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg","contentUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/2021\/03\/cropped-CLI-Favicon.jpg","width":512,"height":512,"caption":"Cyber Leadership Institute"},"image":{"@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/cyberleadershipinstitute","https:\/\/x.com\/C_L_Institute","https:\/\/www.instagram.com\/cyber_leadership_institute\/","https:\/\/www.linkedin.com\/school\/cyberleadershipinstitute\/"]},{"@type":"Person","@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/person\/d59d030ee7fb23e5ffbde515ad123b55","name":"Phil Zongo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cyberleadershipinstitute.com\/#\/schema\/person\/image\/","url":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/PhilZongo-1-150x150.jpg","contentUrl":"https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/PhilZongo-1-150x150.jpg","caption":"Phil Zongo"},"description":"Phil is an international keynote speaker, multi-award winning virtual CISO and bestselling author. He is an official member of Forbes Business Council, an Invitation-Only Global Community for Successful Business Owners and Leaders. He was named one of 2020\u2019s Top 100 Most Influential People of African Descent (New York USA), as well as 2017 winner of ISACA International\u2019s Best Article Award (Chicago, USA). His views have been featured by Forbes, CISCO, NZ Business Herald, Financial Standard, SAP, etc., and one of the Top 7 Global Cyber Security Leaders in 2023 by the Security Magazine and ISACA.","url":"https:\/\/cyberleadershipinstitute.com\/author\/pzongo\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg",2560,1323,false],"thumbnail":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-150x150.jpg",150,150,true],"medium":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-300x155.jpg",300,155,true],"medium_large":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-768x397.jpg",768,397,true],"large":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-1024x529.jpg",1024,529,true],"1536x1536":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-1536x794.jpg",1536,794,true],"2048x2048":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-2048x1058.jpg",2048,1058,true],"authorship-box-avatar":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg",150,78,false],"authorship-box-related":["https:\/\/cyberleadershipinstitute.com\/wp-content\/uploads\/Zero-Trust-scaled.jpg",70,36,false]},"uagb_author_info":{"display_name":"Phil Zongo","author_link":"https:\/\/cyberleadershipinstitute.com\/author\/pzongo\/"},"uagb_comment_info":3,"uagb_excerpt":"Zero Trust has transitioned from a buzzword to the centre of most cyber resilience strategies far more rapidly than many [&hellip;]","_links":{"self":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/posts\/27979"}],"collection":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/comments?post=27979"}],"version-history":[{"count":8,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/posts\/27979\/revisions"}],"predecessor-version":[{"id":41221,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/posts\/27979\/revisions\/41221"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/media\/27980"}],"wp:attachment":[{"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/media?parent=27979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/categories?post=27979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberleadershipinstitute.com\/wp-json\/wp\/v2\/tags?post=27979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}