Companies Need to Move to a Zero-Trust Model
Companies need to move to a zero-trust model
On November 28, 2010, the Executive Office of the President (in the Office of Management and Budget) issued a memo to the heads of executive departments and agencies regarding WikiLeaks and misuse of classified information. The memo includes the following immediate instruction in support of zero-trust:
"Each department or agency that handles classified information shall establish a security assessment team consisting of counterintelligence, security and information assurance experts to review the agency's implementation of procedures for safeguarding classified information against improper disclosures. Such review should include (without limitation) evaluation of the agency's configuration of classified government systems to ensure that users do not have broader access than is necessary to do their jobs effectively, as well as implementation of restrictions on usage of, and removable media capabilities from, classified government computer networks."
There are many issues that need to be addressed by a solution that run the gamut of Internet security challenges and the need to share data. At a minimum, though, organizations should tackle high-risk challenges posed by well understood threats that are easy to solve-such as controlling administrator and privileged access to data and systems with today's existing technologies that are not prohibitively expensive.
In fact, a proper privilege management platform designed to control, contain and audit access to assets and systems needed to perform one's job could have prevented the WikiLeaks crisis altogether.
Ken Ammon is Chief Strategy Officer at Xceedium. A recognized expert in security issues, Ken joined Xceedium from LookingGlass, a high-technology consulting firm that advises corporations and private equity funds on emerging security trends and technologies. Prior to LookingGlass, Ken was founder and president of managed security services provider NetSec.
A noted security expert in matters relating to the federal government, Ken has testified before the House Government Reform Committee on dramatic security vulnerabilities affecting sensitive government information and infrastructure. Ken has also served as an adjunct faculty member at the National Cryptologic School where he was recognized with the Scientific Achievement Award. Ken began his career in the United States Air Force where he was a captain assigned to the National Security Agency. He can be reached at firstname.lastname@example.org.