Intelligent CIO Africa Issue 68 | Page 75

FINAL WORD bypassed in the race to push out a new application , with only minimal controls in place , which could create a wider attack service .
Users and applications are no longer defined by location . As a result , we can no longer use traditional perimeter-based security practices and it can significantly hinder progress if we try to do so .
How confident do you believe CISOs are regarding their employees ’ ability to apply sound cyber judgement ?
A recent Gartner report highlighted that 88 % of CISOs said they were not confident in this regard . It ’ s important to remember that when it comes to security , employees such as accountants , lawyers , nurses , salespeople and call handlers are being asked to identify clever criminal activity – something that is well outside of their normal job function . A one-hour training session every six months is not really going to move the needle in terms of effective detection of malicious activity . We should focus on trying to ensure that we can provide the best available environment for our employees to work in .
What are the principles of Zero Trust and how challenging is it to achieve ?
A greater number of companies have expressed an interest recently in taking a Zero Trust approach , in addition to getting a greater understanding of what it entails .
Zero Trust means removing location as an arbiter of trust in the corporate world – which means that being in the office does not grant you more trust than if you are connecting from your home . It also means that every request to use an application must be authenticated .
Continuous authentication and authorisation is an important aspect of Zero Trust , to check whether the individual is exactly who they say they are and is entitled to access those given assets .
www . intelligentcio . com INTELLIGENTCIO AFRICA 75