WEBVTT

00:00.000 --> 00:10.000
Good evening everyone.

00:10.000 --> 00:14.960
Thank you so much for joining us today here and welcome to the last session from Security

00:14.960 --> 00:16.960
Devroom.

00:16.960 --> 00:19.160
Let me start with a question.

00:19.160 --> 00:25.240
How many of you think that the internet work within the premise or the organization

00:25.240 --> 00:27.240
you are working is secured?

00:27.240 --> 00:32.800
If you are unsure, you know that's why exactly I am here and all of you are here.

00:32.800 --> 00:34.680
So my name is Ambidna.

00:34.680 --> 00:39.760
I work as a senior staff member in IBM and I have all the way I have come here for first

00:39.760 --> 00:49.480
them to gain knowledge to share knowledge with all of you from India Bangalore.

00:49.480 --> 00:53.920
The first question comes is why you know zero trust rate.

00:53.920 --> 01:01.000
So this is like a very, you know, moving from the traditional casselat mode model,

01:01.000 --> 01:08.640
very it is considered that the perimeter based security approach no longer can apply.

01:08.640 --> 01:13.720
Why zero trust is a very simple question and in that when you think about it, the rising

01:13.720 --> 01:20.360
threat in form of the cloud involvement, in form of the remote work, in form of the various

01:20.400 --> 01:25.880
you know, the perimeter less communication that we are having today, it is impossible to

01:25.880 --> 01:32.000
have a perimeter based security in which anything beyond or within the within a premise, within

01:32.000 --> 01:33.960
a network is considered as stored.

01:33.960 --> 01:40.520
That is not going to work in today's environment and that is why the key drivers that are

01:40.520 --> 01:46.520
driving the zero trust are something for example related to all the products slowly and

01:46.920 --> 01:48.920
moving to the cloud environment.

01:48.920 --> 01:54.680
We have the workforce which is not only you know, you can see them every day, it is all

01:54.680 --> 02:00.200
you know consist of remote workforce and finally there are lot of regulatory compliance

02:00.200 --> 02:06.640
that requires all our security controls to be very strong and to meet all of them,

02:06.640 --> 02:12.080
to meet all of them we need to have the at least to have the attack surface limited

02:12.240 --> 02:17.960
and to achieve that attack surface limited zero trust is the action which not only helps

02:17.960 --> 02:24.760
you to reduce the surface by considering some of the factors but also have the impact

02:24.760 --> 02:31.760
overall in case of breach less you know and then you know we will go through some of

02:31.760 --> 02:36.760
the actionable items that will help you achieve zero trust in your work.

02:37.080 --> 02:42.680
So in the left side you see the traditional perimeter based defense wherein the castle wall

02:42.680 --> 02:52.200
actually represent the idea of security in which once you are beyond that castle you are

02:52.200 --> 02:58.680
in a secured environment but now there is a concept of layered security in which you can see

02:58.680 --> 03:05.720
that each and every point based on the context based on the behavior based on the you know various

03:05.800 --> 03:14.040
factors the security is layered and you are being scanned to ensure that you are the right

03:14.040 --> 03:20.840
person at the right time in the right context to access the information and the very very common

03:20.840 --> 03:27.480
example is the modern security which is present in the airports these days each layer is actually

03:27.480 --> 03:33.160
you are being scanned for your identity for your purpose and then finally you know for for the

03:33.240 --> 03:40.680
future that you are going to do in in the airport. So this is how you know it it will look like

03:40.680 --> 03:45.640
you have an application you have data you have compute you know very simple very normal you know

03:45.640 --> 03:53.560
software environment. So all these enterprise network used to make a system or a process considered

03:53.560 --> 03:59.480
as secured which is a traditional way I login to IBM network I login to a company network

03:59.800 --> 04:06.200
in the secured zone but that is not going to work in today's era. In today's cybersecurity

04:06.200 --> 04:12.840
environment you need to have various policy you need to have layered structure define per your

04:12.840 --> 04:18.840
application the type of data that is going to be accessed and finally the type of compute resources

04:18.840 --> 04:25.160
it is going to use. In this one of the very you know known example is from one of the vendor

04:25.240 --> 04:31.080
actually what they try to do is to adopt zero trust they picked up the most critical data

04:31.080 --> 04:36.600
in in any vendor management system the vendor data is will be the most critical information

04:36.600 --> 04:44.920
and that was considered first which was made to be zero trust modern wherein admin the admin

04:44.920 --> 04:50.280
who was doing the operation day in day out operation even that admin was not given access to the

04:50.520 --> 04:58.360
data all the time when they had neat just in time they get access they do the work and then you

04:58.360 --> 05:04.760
know that the access is no longer there with that the cost of the maintenance was reduced plus

05:04.760 --> 05:09.720
the breach time was also reduced because the admin or the person who was supposed to do the

05:09.720 --> 05:17.320
management they also do not have access to data all the time. Now think of you know the traditional

05:17.320 --> 05:25.080
security as you keep your door locked maybe with the recent or you know very digitized lock

05:25.080 --> 05:30.920
but keep all the windows open that is not going to help you know with respect to the modern

05:30.920 --> 05:37.880
security in the traditional security you had implicit trust and that implicit trust is the one

05:37.880 --> 05:45.080
rebel this zero trust will actually help to make this vulnerability convert into cyber resilience

05:45.160 --> 05:51.480
and for that how how it does is it will stop or it will restrict the lateral movement it will

05:51.480 --> 06:01.000
also help to reduce the insider threat limited we cannot have something like gone forever but

06:01.000 --> 06:08.120
but what happens is the the implicit trust is what something which is exploited. I think earlier

06:08.120 --> 06:13.560
in one of the sessions somebody mentioned that it is not that attackers are attacking from outside

06:13.640 --> 06:18.040
they are logging into the system and that is where the zero trust actually you know gives you

06:18.040 --> 06:24.680
principle to how to ensure that you know the situation where this whole boundary is blur how you

06:24.680 --> 06:31.480
can achieve you know the security how you can address the modern challenges how you can have the

06:31.480 --> 06:38.040
principle very simple principle of you know never trust always verify module very new continuously

06:38.040 --> 06:43.480
monitor you you continuously authenticate and then only you actually allow that that you know

06:43.640 --> 06:49.080
individual to access the system and finally you reduce the attack surface.

06:50.280 --> 06:57.240
Now every breach tells us story so these three are three case study wherein first one is about

06:57.240 --> 07:04.440
healthcare industry in that the identity was weak meaning even the MFA forget about the

07:04.440 --> 07:12.680
complex password and policy the MFA itself was not adopted and that caused the you know the attack

07:12.680 --> 07:18.600
actually weak access point the second example is on the research and development wherein you know

07:18.600 --> 07:23.880
the perimeter base access was provided in the research and development environment and that caused

07:23.880 --> 07:29.720
the attack and finally the critical infrastructure attack in the energy sector it was because

07:29.720 --> 07:35.720
the network connectivity was compromised through the through vulnerability in the VPN itself

07:35.800 --> 07:43.320
and that caused the you know some of the data to be leaked so you know understanding about

07:43.320 --> 07:50.680
when we talk about modern security three pillars comes like a very prominent to be addressed first

07:50.680 --> 07:57.720
is the identity setric protection then we have dynamic micro segmentation and finally continuous monitoring

07:57.720 --> 08:04.120
so when I talk about identity synthetic protection we have all of the SSO you know single sign on

08:04.200 --> 08:10.360
all I am management anything related to unauthorized access protection comes into picture here

08:10.360 --> 08:17.320
the second pillar is your dynamic micro segmentation why we talk about dynamic micro segmentation is

08:17.960 --> 08:25.080
you have considered you know you have divided your or into departments but that is not going to be

08:25.080 --> 08:32.120
static is what it will not help you it has to be based on the network and application type

08:32.200 --> 08:37.320
and at the runtime how the data is flowing how this critical data is flowing in your network and

08:37.320 --> 08:43.480
that is what you have to dynamically micro segment your you know applications and finally it has

08:43.480 --> 08:50.280
to be all real time it is not a one time project that is release and I am done you have to

08:50.280 --> 08:58.280
real time actively monitor it using all idea tune which is possible do the behavioral analysis do

08:58.440 --> 09:04.600
the correlation and then you can say that you know I am completely adopting to zero trust architecture

09:05.480 --> 09:11.720
so in a typical zero trust architecture you have all type of user business user privilege user

09:11.720 --> 09:17.080
they exist the corporate network through any you know endpoint protection mechanism you

09:17.080 --> 09:23.560
have SSO and all of them in place once the user gets into corporate network they have these micro

09:23.640 --> 09:29.960
segmentation in which based on their role they you know defined policy fireball eventually they

09:29.960 --> 09:36.280
exist you know in this example it is an hybrid cloud and finally there are two important things

09:36.280 --> 09:41.400
for monitoring your security operating system sorry team they are monitoring using it

09:41.400 --> 09:48.600
idea all of the activities and then there are some security team data security team they manage the

09:48.680 --> 09:55.160
keys they manage all the certificates so that you know you have even though you you are part

09:55.160 --> 10:00.920
of the organization but your keys your tokens should all be valid to be used so talking about

10:00.920 --> 10:06.680
framework is one thing but how it is being adopted is actually when the real story begins right

10:06.680 --> 10:12.920
so let us talk about something on the numbers buys you know over 70% of organization they have

10:13.000 --> 10:21.560
already on to zero trust principles by 2025 I am sorry for the little late data remote access

10:21.560 --> 10:29.400
deployments are already you know 70% mark and finally when you see all these you know information

10:29.400 --> 10:36.920
you cannot enforce anything to make it you know add more friction it has to come from as an

10:37.880 --> 10:45.000
so it has to be divided that yes you are responsible to have this implemented you are

10:45.000 --> 10:51.320
responsible to monitor it if I enforce it it will cause friction and that is not going to help so

10:51.320 --> 10:58.600
that this is when you actually will you know think that my org my company my product is at what

10:58.600 --> 11:06.440
level to adopt to zero trust implementation now how to implement it it has to be a phase wise approach

11:06.520 --> 11:12.680
wherein we start with the high critical asset move to the core security principle where you bring

11:12.680 --> 11:20.840
the all identity centric concepts you bring all of the micro segmentation you monitored them continuously

11:20.840 --> 11:26.920
and then you eventually you know adopt it to other components that you would like to have zero trust

11:26.920 --> 11:35.320
architecture it's not like a really really good idea that I give you some product or I give you some

11:35.880 --> 11:41.400
process but I don't take input from the user who is going to basically use it right if I

11:41.400 --> 11:47.000
don't make it seamless to more people are going to complain that you know security only is enforcing

11:47.000 --> 11:53.080
lot of policies lot of regulations and lot of work on me how to make it seamless is so important

11:53.080 --> 11:59.240
and that is when the user centric design even if it is a button it is a checkbox it is a radio

11:59.240 --> 12:06.680
button it is a simple you know pop up all of them requires a user discussion and based on the

12:06.680 --> 12:11.160
you know comfort label from the user that that design should is what we should be adopted

12:11.800 --> 12:18.920
when we talk about you know that you know the seamless access I when I am in office I already

12:18.920 --> 12:24.280
have crossed one of the authentication place and then only I reached office right I mean I might have

12:24.280 --> 12:30.440
ID card or I might have some way to a six biometric data right so after I reach office my laptop

12:30.440 --> 12:36.680
should not ask me 1000 of question before I actually start doing my work so it can be adaptive

12:36.680 --> 12:41.880
but when I go to home office when I login from cafeteria or I know any cafe on weekend or my

12:41.880 --> 12:48.760
relative space it has to ask are you really you know the person who is trying to access so these

12:49.080 --> 12:54.920
are the thing that will help to give you seamless just in time access based on the perimeter

12:54.920 --> 13:00.920
where you are operating your system and you know even even it goes for the adaptive authentication

13:00.920 --> 13:05.320
wherein when you are in office environment when you are in home environment the various way

13:05.320 --> 13:10.120
in which you are authenticated will give you more and more seamless access to the work that you are

13:10.120 --> 13:18.680
trying to do and finally we cannot have like very complex graphical user interface or rest or anything

13:18.760 --> 13:24.040
that makes the whole product so complex that you know people stop using it that is not the

13:24.040 --> 13:30.120
intent here intent here is the security but intent also is to make the user experience very

13:30.120 --> 13:37.160
you know friendly so that it is a popular product it is a you know helpful product and eventually

13:37.160 --> 13:42.120
the user is actually appreciating the fact that I am getting a secure product even though you

13:42.120 --> 13:48.360
know there are lot of zero trust principle which have provided to you so you know there are a few

13:48.360 --> 13:53.800
things that we should keep in mind when we implement any zero trust we should not over complicate

13:53.800 --> 14:03.960
the policy because at the end of the day the main goal is that we as a person you know authenticated

14:03.960 --> 14:09.080
person I should have access to it there should be a strategy around that you know we should have

14:09.800 --> 14:16.040
identity governance pick up the product which is like more very much clean clear or very near

14:16.040 --> 14:22.520
to the product that you are going to implement it and finally there are lot of you know products

14:22.520 --> 14:28.600
which are adopting AI based analysis AI based tools for the you know the correlation activity

14:28.600 --> 14:35.400
or things like that that will help to achieve the you know future so just for a reference purpose

14:35.400 --> 14:42.200
I have put 2 to 3 products here from the open source which which actually helps us to achieve

14:42.280 --> 14:47.720
some of these steps that we discuss now for example 3 clock it will help you to achieve single

14:47.720 --> 14:55.160
sign on it is provided by red hat and it has a very seamless integration with MFA and a several

14:55.160 --> 15:03.160
identity federation tools the second one is about Poemorium it is identity of a reverse proxy it

15:03.160 --> 15:08.520
also will provide you you know without the need of VPN but still you can achieve the secure

15:09.480 --> 15:15.080
open cities another you know overlay network you know it provides a zero trust network which

15:15.080 --> 15:22.600
is very helpful for you know stringent identity and context verification after that it allows

15:22.600 --> 15:27.960
the user to log in and finally you know I think one of the session actually was in the

15:27.960 --> 15:33.960
morning it talked about the whole monitoring thing right in that it is very important to get a

15:34.040 --> 15:40.840
aggregated view I implement thousands of you know controls for you but how many of them are actually

15:40.840 --> 15:47.000
useful how many of them are actually protecting any kind of breach is so important so that you can

15:47.000 --> 15:51.960
invest your time money and energy into it rather than doing all the other things which actually

15:51.960 --> 15:59.000
were not not doing much of help so all those you know such view you can get through ELK stack and

15:59.480 --> 16:04.920
Elastic says log stash and kibana and all those stack will actually give you the view of all end point

16:04.920 --> 16:10.840
how the things were accessed how various visualization of logs also can be done through that and

16:10.840 --> 16:16.040
eventually it can be fed to any AI engine to actually you know give you any behavioral analysis in an

16:16.040 --> 16:24.920
automated way now finally you know you understood the importance of zero trust you also have

16:25.480 --> 16:31.800
you know phase wise implementation in place and then you will have some kind of balance in your

16:31.800 --> 16:40.600
mind to bring that robustness into you know security attach it with smooth user experience and

16:40.600 --> 16:48.360
finally it is not about like you know becoming too much of paranoia about you know zero trust

16:48.360 --> 16:53.000
and how to get it in my product or things like that it is about little bit of you know

16:53.800 --> 17:02.440
skeptical and think about security in terms of you know that it is going to it is to help us

17:02.440 --> 17:09.320
but at the same time how to bring that trust through a process not you know through implicit trust

17:09.320 --> 17:16.440
that will make you know this whole journey as a very easy to adopt to to easy to you know implement

17:17.000 --> 17:25.320
about so always remember that the trust is very very expensive and breach they are always

17:25.320 --> 17:31.640
helpless and if you think that zero trust is actually very you know difficult thing to explain or

17:31.640 --> 17:37.720
understand just you know remember that it is very easy then explaining the any breach to your

17:37.720 --> 17:43.400
senior executive so always you know keep a keep that in mind and let us try to have the

17:44.360 --> 17:49.880
meter reading for this trust as zero so that is all I want to share to the thank you so much

17:49.880 --> 18:01.560
for staying so late here and have a nice list of your day thank you we will get still some time for questions