温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.ssh.com/blog/zero_trust_journey
点击访问原文链接

Where are you now on your zero trust journey?

进入原网站 导航首页
Where are you now on your zero trust journey? About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers December 10, 2019 Where are you now on your zero trust journey? Written by: Joe Scaff Every company has different cybersecurity priorities, but top-level trends tend to bubble up to the top among all organizations. The stage these organizations are at in those trends is what varies from company to company. Some organizations are at the cutting edge of their cybersecurity with the need to protect not just massive amounts of money for financial industries, but also personally identifiable information (PII), or simply their reputation. Others would rather buy a new excavator, turbine, or medical device that would directly affect their bottom line.

Most companies we talk to share Zero Trust as a major high-level security topic or strategy, and that discussion certainly continued during our attendance at the ISMG Fraud and Breach Summit.

Does Zero Trust truly exist, is it a road map, or is it simply a belief or concept that helps formulate our thinking around how security should be implemented?

One vendor’s keynote argued that Zero Trust doesn’t exist. To truly and completely have Zero Trust in the cybersecurity industry, you would need to completely erase, unplug and shut down a system, but we all know that’s not logical. This is why I believe that Zero Trust is closer to a concept to strive for, but not one we can fully achieve without making your systems unusable. With that being said the mythology of only giving “trust” to the people, software robots or machines that need it is something every company should strive for. We should no longer offer wide levels of access just because it's easier, or because they are system admins and they are “trusted individuals.”

Alongside ISMG’s Nick Holland, SSH.COM CTO Markku Rossi co-hosted a special intimate lunch with many of the security leaders that are making critical cybersecurity-related decisions for their companies. As part of the event, each participant ranked their “Zero Trust Readiness” from 1 to 10, with 10 meaning having a fully Zero Trust environment. The answers didn’t come as a surprise to us, but with an average answer in the 2-4 range, maybe it should.

Zero Trust has been a concept for at least one and a half years. So why aren’t some of the most advanced and cutting edge companies when it comes to cybersecurity still at such low levels of Zero Trust readiness? We believe it's for a few reasons.

First, it’s almost impossible to completely define Zero Trust holistically across all companies or industries. Second, vendors are doing a great job trying to cover the most critical levels of access, but technologies are so widespread, with different access capabilities, functionality, and protocols, that it’s difficult to get full Zero Trust coverage. Lastly, companies struggle to narrow down a starting point without getting stuck in the weeds of planning. Zero Trust needs to be easy to set up, user adoptable, automated and dynamic like the new environments we are seeing these days. There are already opportunities to act now in advancing your Zero Trust journey. Zero standing privileges (ZSP) and Just in Time access (JIT) is a part of the overwhelming concept of Zero Trust that companies can act on now. JIT and ZSP provide access to only those users that should have it only when they should have it and also make sure that the privileges aren’t always active. Access shouldn’t be on all the time, the credentials should be short-lived, and the end users should never be given visibility to those credentials to prevent accidental or intentional bypassing of access restrictions.

Although as a whole we have a long way to go with our overall Zero Trust readiness, I enjoyed seeing the passion, acceptance, eagerness to learn, and wiliness to continue to push cybersecurity forward. I want to personally thank those that spent time with us at the ISMG event and look forward to engaging with you and anyone else that shares that same passion in the future as you all progress along your Zero Trust and zero standing privileges journey.

 

PS: Our Zero Trust PAM project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 881221.

Tag(s): cybersecurity , cloud security , Zero Trust Joe Scaff Joe Scaff has over 15 years of experience in information security technology and network communications industry. Joe has held various management roles at SSH Communication Security including Technical Sales, Technical support, Professional services. He has a strong technical and managerial background that allows him...

Other posts you might be interested in compliance 5 min read | August 2, 2019 Mismanaging who has access to sensitive data is as serious as a breach Read More compliance 5 min read | August 2, 2019 Data breaches have a long-lasting impact Read More cloudification 8 min read | November 11, 2019 Three tips for managing admin access to your cloud-hosted servers Read More Subscribe to email updates SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal

智能索引记录