Forrester: Trust no one when it comes to IT security

By Bob Brown, Network World |  Security, Forrester Research, insider threat

Forrester Research is releasing a report titled "Introducing the Zero-Trust Model of Information Network" (excerpt here) in conjunction with its Security Forum event in Boston this week.

The report attempts to retire the oft-used description of an IT security strategy comprising a crunchy outside (that's where you really clamp down) and a chewy center (where you let IT users roam free): "We've built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To confront these new threats, information security professionals must eliminate the soft chewy center by making security ubiquitous throughout the network, not just at the perimeter."

John Kindervag will go more in-depth on the topic Thursday at the Security Forum.

Also read: Red Hat tops list of hottest security certifications

The insider threat has increasingly been grabbing headlines, with high profile cases including the arrests of former Sprint employees for allegedly collaborating on an identity theft scheme. 

Study after study of late has emphasized the increased insider threat. Verizon's Data Breach Investigations Report showed that nearly half of breaches were the result of users abusing their right to access sensitive data. 

What's more organizations have been taking action to thwart the insider threat. This includes DARPA, which recently launched a project for protecting the Department of Defense from itself. 

Vendors have long warned of the insider threat, but they've been racheting up their efforts to help companies plug potential leaks. CA Technologies, for example, recently released tools to gain better control over so-called privileged users. 

Follow Bob Brown on Twitter at www.twitter.com/alphadoggs

Read more about wide area network in Network World's Wide Area Network section.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Ask a Question