Building a 'Zero Trust' Architecture for a Remote WorkforcePanel of Experts Offers Insights on Strategies During COVID-19 Crisis
A panel of experts says implementing a "zero trust" architecture for the remote workforce during the COVID-19 pandemic requires redefining access control and security strategies.
In a video panel discussion with Information Security Media Group, Bharat Panchal, chief risk officer-India, the Middle East and Africa, at FIS Global, a financial services organization, says: "While building a 'zero trust' framework, it is critical to capture every physical and digital footprint of the users' access to the enterprise applications and services using AI on top of every log to understand the user behavior in the system and grant access accordingly."
In a "zero trust' model, access is not given to everyone at all times, adds Ashish Khanna, CISO, The Oberoi Group of Hotels & Resorts, the hospitality firm. "Users are given access to a particular system or applications, with the purpose well-defined and for a defined period only, after ensuring that the user's device has met all the baseline security principals," the CISO says.
Bharat Anand, chief of technology at India's National Intelligence Grid, or NATGRID, explains: "The COVID-19 crisis has enlarged the canvas of the remote working culture, with users logging into the systems, anytime, anywhere and from any device. This makes it imperative for security teams to protect data flowing from outside the perimeter. And the 'zero trust' model helps in defining the policy of protecting that data."
In this video panel discussion, the three experts address:
- How to build a case for a zero-trust approach within the enterprise;
- Key security tenets of zero trust;
- Creating an effective access control strategy.
Panchal, chief risk officer for India, Middle East, and Africa at FIS Global, is responsible for monitoring, evaluating, and implementing improvements of risk management controls and governance areas. He formerly was the senior vice president and head of risk management at the National Payment Corp. of India and also worked at Kotak Mahindra Bank, Citi, Reliance Communications, and Avaya Global.
Khanna is CISO at The Oberoi Group of Hotels & Resorts. He is a hospitality techno-business professional with 20 years of experience who has worked with large business groups, including Mahindra and Mahindra, Taj Hotels and Resorts, and with The Oberoi Hotels and Resorts.
Anand is the chief of technology at NATGRID in the Ministry of Home Affairs, Government of India. Previously, he was vice president and head enterprise applications with Mphasis.Disclaimer: The views expressed by the practitioner are purely personal and do not necessarily represent the organizational strategy.