Navigating the Zero Trust Landscape: Strategies, Challenges, and Solutions

Navigating Zero Trust
  • Media: CXO Today
  • Spokesperson: By Mushtaq Ahmad

CXOToday has engaged in an exclusive interview with Mushtaq Ahmad, CIO at Movate

What’s the level of interest among customers in adopting Zero Trust?

The concept of Zero Trust has been there for nearly a decade. However, the interest has increased in the last 2 years. The pandemic rampant the proliferation of remote work, WFA, and hybrid work culture. This rushed security adaptations across many enterprises to tackle increased vulnerabilities.

Traditional security operation platforms /tools or alert/event handling responses are no longer adequate to address and prevent sophisticated and advanced threats. Besides, the concept of “implicit trust or trust but verify” does not work well in protecting enterprise network from cybersecurity threats in a post-pandemic world. Today, organizations have been forced to rethink how they handle remote access, WFA/WFH. The security principles have shifted to “never trust and always verify”.

Multiple research reports underline that corporate users and their devices are the weakest links when running outside the corporate security zone in a traditional security framework. These weakest links are magnified with cloud adoption as access to many services and portals are given, assuming that the endpoints in a work-from-anywhere situation are secure.

At Movate, we have deployed advanced security tools on the endpoints that leverage AI/ML-based malware protection, behavioral analysis, data leak prevention, secure browsing, and remote deployment of software. To ensure complete endpoint security, we have introduced a proactive rather than reactive approach to fight against malicious intent and threat actors.

Today’s organizations need a new security model that effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data, irrespective of their location. And this can be achieved by implementing the Zero Trust architecture.

What services are you offering customers to help them implement Zero Trust?

Movate is an adopter of Zero Trust even before the pandemic stuck. Given our experience in collaborating with large teams spread across geographies, we have successfully adapted different kinds of models with ease. We have teams that have been hired in a 100% WFH model, and currently this constitutes about 15-20% of our workforce.

I firmly believe that Zero Trust adoption is a journey and not a replacement of existing infrastructure and process. The journey should start by incrementally adapting the Zero Trust principle across people, process and technology.

The ideal approach would be to operate with a strategy focused more on Zero Trust and slowly phase out the traditional approach to security. Depending on the security posture and maturity, this journey may take anywhere between a few months to 5-6 years as many organizations follow 5-year refresh cycle. In some cases, a greenfield implementation is an option to consider for building the zero-trust process and architecture from ground up.  This is more suited for new age cloud-based companies.

Irrespective of the approach, Movate has the capability to provide greenfield and hybrid Zero Trust solution. Our Zero Trust journey entails the following:

  • Survey of assets, identities, network, data and workflow
  • Risk Assessment of security posture to understand the security maturity level
  • Zero Trust Architecture (ZTA) design and deployment. Process formulation and incremental deployment of Zero Trust architecture.
  • Monitor and iteration of the above steps across processes
  • Continuous monitoring, assessment and implementation of necessary corrective measures
  • Ongoing ZT operations and management.

A single solution or an OEM product cannot provide Zero Trust architecture entirely. It involves multiple products and solutions.  Movate being an early adopter of ZTA and with its experience in supporting multiple customers, is well-positioned to suggest Zero Trust solutions and products that is cost effective, least disruptive with assured business outcomes.