What is Zero Trust Network Access?
Tracks
Cyber Strategy (SU 108)
| Friday, October 14, 2022 |
| 1:30 PM - 2:30 PM |
| Student Union 108 |
Speaker
Mr. John Bruggeman
Vciso
CBTS
What is Zero Trust Network Access?
Abstract
What is Zero trust?
One of the many buzz words in Information Security media today is Zero Trust Networks or ZTN.
The average company today has multiple vendors that either provide a service to your business or consume data or services of your business. Those vendors need access to your network or data or systems.
CIOs or IT Directors have to create a very secure network, typically that network has a VPN for remote access for employees. Sometimes you manage the devices that access the VPN, sometimes you don't. The CIO also has to give vendors, that you don’t control, that are outside of your trusted network, access to your private network or data or systems.
How can you do that safely and securely?
What does Zero Trust Networks have to do with this?
ZTN is a methodology, it’s not a product or SKU. You can grant access to your private network, or just a part of your network, or data or services, when you start from the position of not trusting anyone or any device.
When you trust no one, you have zero trust.
How can you grant access then?
By putting controls in place where trust is granted for a limited time, to limited resources, when identification, authentication, and authorization has been provided to the degree that you require for that resource.
One of the many buzz words in Information Security media today is Zero Trust Networks or ZTN.
The average company today has multiple vendors that either provide a service to your business or consume data or services of your business. Those vendors need access to your network or data or systems.
CIOs or IT Directors have to create a very secure network, typically that network has a VPN for remote access for employees. Sometimes you manage the devices that access the VPN, sometimes you don't. The CIO also has to give vendors, that you don’t control, that are outside of your trusted network, access to your private network or data or systems.
How can you do that safely and securely?
What does Zero Trust Networks have to do with this?
ZTN is a methodology, it’s not a product or SKU. You can grant access to your private network, or just a part of your network, or data or services, when you start from the position of not trusting anyone or any device.
When you trust no one, you have zero trust.
How can you grant access then?
By putting controls in place where trust is granted for a limited time, to limited resources, when identification, authentication, and authorization has been provided to the degree that you require for that resource.
Biography
John is a veteran technologist, CTO and CISO, with nearly 30 years of experience building and running enterprise IT and shepherding information security programs towards maturity.
Using industry standards like CIS Controls and NIST CSF, he helps companies improve and develop their Cyber Security programs.
John is well versed in the area of regulatory compliance and has helped companies advance their compliance programs for PCI-DSS, HIPAA, FERPA, A133 and GDPR.
John has his CISSP certification as well as several GIAC certifications (GSEC, GCIH and GCWN) and has been active in the local information security community, through groups like Infragard and ISSA.
John is a regular presenter at conferences and has a LinkedIn video series called, "Inside the CISO's office" that airs new episodes every month.
