Never Trust - Always Verify! Strategies for Zero Trust

The Cybersecurity Midwest Summit 2022, hosted by CDO Magazine and ComSpark, recorded sessions on the need for security and compliance in data and technology. The session “Never Trust-Always Verify! Strategies for Zero Trust” features the following speakers discussing the need for identity and security functions to work together to build zero trust strategies:

• Brian Minick, Chief Information Security Officer, Fifth Third Bank

• Chris Sibila, Financial Services Executive, Dietrich Partners

• James Cupps, Vice President of Security Architecture and Engineering, Berkeley Technology Services

• Shaun Mahoney, Senior Sales Engineer, Beyond Identity

Julie Dompa, Enterprise Sales Executive, Beyond Identity, moderates the session.

According to Minick, the zero trust journey looks different depending on where they are in that journey. He says Fifth Third Bank had a ‘90s-designed network, decided to change things, and started working from the edge rather than the core, adhering to a zero-trust approach.

Sibila recalls investing time to work on legal, compliance, and technology aspects with a third-party chief information security officer (CISO) to approach information security holistically at Dietrich Partners.

It boils down to authentication and authorization working correctly, and if the organizations have the data necessary to approve a transaction, Sibila notes. In his opinion, it is all about connecting technology and business with security.

The panelists believe that zero trust is about being proactive in understanding the current status of things and checking on continuous spaces.

Continuing, the panelists highlight the following challenges in building a zero-trust strategy:

• Dealing with legacy architecture and mindsets. It is challenging to put legacy architecture in place and convince people to alter processes to enable zero trust.

• Creating a vision of the required change and mobilizing commitment.

Panelists agree that users' feedback is crucial for making them feel part of the process.

Minick mentions that organizations need to work on many technological challenges within this space. Cupps highlights the emergence of protocols like OAuth, providing granular, cryptographically controlled identity verifications for authorization. Data literacy plays a vital role in this scenario, he adds. 

In conclusion, the panelists concurred that technology drives change, and the key is to adapt to change.

Watch other Cybersecurity Midwest Summit 2022 sessions HERE