Welcome to the co webinar. Effective Im in the world of Modern business it. This webinar is supported by Zoho. Speakers are within senior technology evangelist and Analyst in. In this webinar we'll discussed continues to I best practices with zero trust approach as as roll of identities, zero trust start housekeeping slides,
Audio control all ad centrally so you don't need to worry about that to mute or unmute yourself. We are taking care of these features. Question and answers. There will be a separate Q session by the end of the webinar.
You can your questions at time during the webinar using the go to webinar panel. This q a session towards the end will be off around 15 to 20 minutes so we'll time to many questions possible in this webinar. We are a couple of poll and the results of this poll be discussed end of the Q, so the first poll will be right after the introductory slides and the second poll will be just before begins. And finally recording. We recording this webinar and the and the and go afterwards. After this webinar is done, let's begin with the first point. Which component of zero trust is most important to you?
A user device security, the network security, the application security and data visibility, the orchestration and automation. I think you'll have another 20 to 30 seconds once you can start clicking your, okay, I think that's enough. So thank you for your answers and we'll discuss towards the end of the webinar
Agenda. The webinar i'll about agile and the role of identities in the trusts as well. The are for affecting transformation section we is about how to close the security gap in continues important and practices for H. Im at the zero trust approach.
We'll discussed the discussion in q and a session that we'll discuss the result of thes and answer your questions.
Agile, IM businesses under change, IM must extend beyond workforce IM and become agile. In the last few years it has been demonstrated that the exploration of businesses and services towards digital transformation has increased. It's either to cloud or other operating models. Digital business is now standard and not an option. If you look at the digital transformation, there are certain drivers of change and areas of change which are affecting it. First is the external impact.
This includes past changing competition that has been disruption in all sectors of the industry and the traditional players are now forced to accept these new changes and compete with these new emerging competitors. Also there is rapid innovation. AI and machine learning is at the forefront of innovation. For example, if you take do market in this last one year itself, we have seen a strong trend of shift towards AI and machine learning and with rapid innovation it comes ever-increasing anti.
Also, there are business partnerships which are responsible for digital transformation and other factors such as volatile regulatory environment and as all these things these days are going by software internet, this calls for changing the business process. So how to tackle these external impacts. What you need is changes in and core competencies and these are bringing in agility or traditional flexibility and innovativeness.
In order to achieve these core competency changes, we need to identify what are the core changes we need to tackle in businesses and they range from changes in manufacturing including smart manufacturing, customer interaction, internet of things. And again, all of these things are not connected via internet or based on software. If you take customer interaction just for example, in the last few years this has drastically changed and in order to now help businesses and organizations these changes, you need a few technologies which will help you into this digital transformation.
First is managing digital identities. Then you need to have a strong and robust data and analytics engine. Artificial intelligence, as I talked earlier, that remains at the core as well. You need to identify new cybersecurity threats and ensure privacy is also also insured. And the remaining things regarding robotics, blockchain, internet of things.
This now brings you to IM agility and to be agile you need to have a few factors.
First, you need organization and people around it. These people need to be educated and this will then translate to having a strong and powerful team.
Next, you need a model. You need to, you need to have a high level plan. Once you have a high level plan, you can then plan a roadmap which remains agile and flexible, which can be supported by good operating approach. Focus more on shifting towards modern target operating model. You need to extend this and build it in a well thought modular way. This is defined more in depth in the in rd. Fabrics on all of this needs to open. This brings us to the target operating model. Target operating model helps refine how organization structure looks.
We have done a few webinars on this before so, and which will help you
As it previously discussed rapid innovation and evolution in the market and transformation. The next most talk about is, and I want to start talking about the role of identities in trust. In zero trust. We have seven pillars and the first and most important pillar's is entities. On the right side you can see the seven pillars of zero trust plus pillar is identity could be someone or something that is using a device and is communicating via network to the system to run applications that manages data.
And all of this is powered by software. But today we want to focus just on the s part of the pillars of zero trust. For example, let's me for example, I'm an identity and then my device as well as well as network I'm using. So this depends completely on identity. The essence of zero trust as it says is don't trust, always verify.
So what we need to focus on is, are we good enough in verifying identity? We need to the identity, the device that is being used, all these and all the stepss regarding system stem education. And these days there are multiple types of identities.
You have your customers, workforce vendors and even non-human identities, which is very complex now and that is why we need to be more careful about the quality of identity information as you're seeing identity that the forefront, but how can we ensure that it's by implementing zero trust? As you can also see zero trust is a long journey. It starts by identifying the actors on the enterprise. You need to identify who has special privileges, who request additional scrutiny.
And once you have identified that you need to identify the assets owned by the enterprise, you need to identify the devices and this also includes configuration management and monitoring of these devices. After that you have to identify the key processes and the associated risks. Start with the low level started the low level businesses which have low risk and which would not have a negative impact on the entire organization.
Now once you have identified all your actors assets and processes, next step is formulating policies based on the information which set of criteria and conference level for the resources once you have identified your policies. Next is now is coming down to identifying a perfect solution. Now it's not possible to have one single solution support all your requirements. So need to find a good balance between different solutions. It will support your requirements and when the easiest way is to start with the pilot project as a proving ground to create trust.
And once you have done that, next step would be to, so for the initial deployment and monitoring, this should be initially done only in the reporting only mode to identify the gaps in the policies and if to check if the policies that you have are working or not. And finally when there's confidence gained, when you at risk all the issues, then you can start exploring the possibility of expanding zero trust.
It's important to involve subjects and stakeholders and their feedback to improve the process again, so it's a very long process but there are a few quick wins on the way which you can get which focus on the accurate challenges. And this can be done using your existing tools.
Let's start the first with the user. Most obvious solution would be implementing multifactor authentication if you don't have it to it right now this has shown to avoid external account extent, implement management and ion of duties at least on some key systems within your company like finance or business operations.
And if you do not have any of these tools, a if you still want to cover new RT types that I next is devices you the same approach. Use existing endpoint detection response solution or mobile US management or unified in board management tools which can identify your devices and identify if any of them are breached. Monitor user behavior as well and use endpoint or assessment network. It's one of the important area to consider. For example, if you have many people who are working from home and they're now return into office, it's important to not let them connect directly into the office land.
This is a huge step to zero trust, although is consider deploying SaaS desk zero trust network access implementation is rather quick and it can be done in days instead of weeks or years. Then we have the system and applications zero trust can be built directly into existing softwares using SDKs which can be built into applications. We have a few research materials about this on our research website. So if you want to understand more how this works. And finally the data discovery and classification of data is important for enforcing all security controls.
We have to make sure data is always protected against every attack vector and you also have to make sure you're continuously monitoring the data. It is encrypted and automation on station across all parts to the we now come towards the second part. What now that you have seen the steps for implementing zero trust and the journey of Zero trust, what would your first step be? Implementing zero trust. Is it Im deployment B STEAM coupled with behavioral analysis, batching or the ING parameter. I then you have another answer these questions, you'll discuss the results to 10 seconds to go.
Thank you for your answers. Next we have, I'll start discussing out how to close the security gap in the cloud AM continued to be important and the best practices for I'll let you take over. Thank you.
Thank you very much. First things first, thank you very much for setting some time apart amidst your busy schedule and joining us for this event.
Thank, big thank you to all the attendees and Naisha, thank you very much for the session. I'd like to take a very important, you know, point from your session where you showed the seven pillars of zero trust and you you told that identity is the most important pillar among the seven. I couldn't agree more when you said that. That's really the team for my session as well. So I am going to be talking about the role of identity and access management and log forensics in mitigating insider threats.
So this is more from an identity security standpoint, which is in sync with whatever Naish just said. A quick introduction about myself, my name is Vivian. I'm the senior technical evangelist working with Manage Engine, which is a division of Zoho Corporation and I've been with Manage Engine for 11 years.
I do two things. One is I take part in virtual and physical events and I talk to hundreds and hundreds of IT administrators, IT directors as all the C-level executors people from the IT fraternity basically. So it's always been a mutually learn mutual learning experience.
And the second thing, I implement identity and access management solutions and IT security security solutions of manage engine in small, medium and large enterprises. So with that little bit of experience in hand, I thought I'll put together a deck for about 15 to 20 minutes and then share some insights on what do I think about the role of IM and log four six in mitigating insider threats. All right.
Now before we even begin the topic about, before we even talk about insider threats, what I'd like to do is I'd like to perform a hack on an active directory infrastructure, of course on-prem infrastructure.
Now you might ask me why on-prem, okay, the reason is I really believe that almost all of us who have joined this webinar are using on-prem active directory. Okay? Of course you can be operating hybrid, you have the on-prem active directory and also the, you know, Azure ad that's perfect, but you still have on-prem, right? And active directory.
OnPrem has been around for more than 20 years and it is widely used in at least the fortune thousand companies, right? So I thought I'll start by demoing a small hack on active directory, which is a widely used infrastructure that emphasizes that we need to pay attention to our insiders more than anything else. Okay? When it comes to priority of the seven pillars, identity security has to be at the top of the list. That's the whole idea of this exercise.
Okay, let's, let's get started here, right?
Let me ask you this question to the attendees. How many of you listening to my talk right now use on premise active directory? Can I see some answers? Please? You can make yourself the chat box and then probably send a quick yes that that should do. So if you could just let me know whether you're using on-prem or just as Azure, that'd be great. I'm just looking for a couple of answers here.
All right, so we see couple of answers coming in, which is good. So I believe most of you, from what I understand, most of you are using hybrid in the sense you still have your on-prem active directory on, okay?
All right, let's, let's begin with this experiment. Okay, so what you're seeing on the screen right now is my 2012 R two server and this is a domain controller. And you can see that you have, I mean I have my active directory users and computers here.
I have close to 300 user accounts in this installation of active directory.
Now, for any attacker to take down active directory, they need two files. And I'll show you those two files, right? So if you go to the C drive Windows folder, NTDs folder, you have this file called NTDs dot d i t file. This is your active directory database. All of us know this. Now this file has user information and this file also has password hashes, right? I'm not saying this file has your actual passwords, but the hashes of the passwords are right there on this file. So my target number one is this active directory database.
Right now this file is encrypted, so you need a a key to open this file, okay? I'm trying to make this as simple as possible. The key to open this file is present in a different location, of course in the same server C drive, windows folder system 32 folder config, and you have the system file, right?
So to take down any active directory installation across the globe, be it Australia, Germany, India, United Kingdom, whatever, you just need these two files, right? So if you try to copy, okay, if you just try to do a right click copy and then paste.
If you're trying to do this, this is not going to work because we are trying to copy a live database. No matter how many times you try, that's going to be a failure. Okay? So the second option is now that the copy paste has is not working, the second option is I can install a software on the server and then use that software to rip the files that I want. But if I install the software on the server, the alarm goes off and my identity as an insider who's trying to take down your active directory is revealed. I don't want that.
Okay?
Now the third option is use common tools to take down active directory. Common tools in the sense something like Command Prompt. Right?
Now, command Prompter loves you to do a lot of things. One, one of my favorite utilities that Microsoft has given us that is built into command prompt is we s admin. Okay? Now this utility can help you do a lot of things. It can help you create a copy of C drive, D drive, E drive, or anything inside that it can help you delete the copies that you have made so that you'll leave no trails, delete shadow storage, list volumes, all of that. Okay? But now we are going to use BS admin and try and copy the active directory database.
I'm gonna show you how Wes admin create, sorry, create shadow for the entire C, right? So we have now successfully created a shadow copy of the entire C colon, okay?
And you have the shadow copy ID and the shadow copy while you name.
Now, please don't bother about these two. All you have to keep in mind is first you need to create a shadow copy, which we have done. And now we'll have to copy our first target, which is the active directory database. So copy. Now since we are working with the shadow copy that we already have, I cannot type C colon because C colon is an invalid reference. So instead of cco, I'll have to rera CCO with the shadow copy volume name that you see right here. Okay?
So I'm just going to do, I'm just gonna back this up and then copy the shadow copy volume name of cco, which is right here, and then paste it, okay? And go to the Windows folder, NTDs folder and NTDs dot D IP file, right?
So we have now fixed the target. Now for the sake of this demonstration, I'm going to paste this file on the desktop. So you'll see the file getting pasted somewhere here right now. You can point it to any location that you want. So see users within hyphen 1 4 38, and I want the file on the desktop right now.
If I hit enter, and if the command is right, you will see the active directory database getting pasted here. I just want you to watch the screen. So it says one file copied and then you have the active directory database. Right now all you have to do is to repeat the same command just by changing the location to copy the system file, which the key to open the active directory database right now, this is stage one. Stage one is all about copying the two files that we want.
Now stage two is using the key to open the active directory database and then extracting all the password hashes that stage number two. Okay? Just because we are pressed for time and skipping stage two, I've already extracted the password hashes that are there in the active directory database. And after extraction, the hashes will look something like this, right? So what you're seeing on the screen right now are password hashes. Okay? So this could be the password hash of the first user, this could be the password of the second user, so on and so forth.
So I roughly have the password information for 10 or 15 users here. Now we'll have to crack these hashes because hashing is a non reversible process. Encryption is reversible, which is decryption, but this is hashing. So you'll have to break the hashes. So you do a control A control C, and then open up a web browser.
Okay? I live on a budget, so I'm gonna be using a free password hash cracker. I personally like working with crack station.net, which is a free password hash cracker. So I just paste all the hashes. I confirm that I'm not a robot and I hit crack hashes. And there you go.
So you have the hash, the algorithm that was used for hashing. In this case, this was ssha one, not a strong one. You also have MD five hashes, not necessarily strong, okay? So I would say anything about SJ one, let's say SJ two, SJ 2 56 or five 12 should be good. So weak algorithms for hashing, and you have the passwords right here. Now you have some, you know, really weak passwords. Now the whole point of this exercise is to drive home the point.
As an insider, I will be able to elevate my privilege, use a commonly used tool like the command prompt, and then copy the files that I want and know what the user passwords are.
Okay? Now I have roughly 10 passwords with me.
Now, with these 10 passwords and access to my active directory infrastructure, the sky is the limit for me as an insider, okay? Now, if I take down the on-premise active directory with the passwords that I have, it's just a matter of time that the attack moves from on-prem to your Azure and from Azure to your cloud work. Okay? So the point that I'm trying to drive here is please focus on insider identity security.
So if you were to prioritize something today, when it comes to implementing zero trust, I kindly request you to pay attention to insider identity security because if one is down, it's just a matter of days or weeks, you know, UN until the attack laterally spreads to other parts of the network. Right?
Now, that is why I rarely believe that even though you have application identity, device identity, network identity user is the most important component when it comes to, you know, secure IP security.
So securing user identities is the core, and that's where I'd like to begin my talk from.
Now, one simple reason why I'd like to focus on on a user is all it takes is one negligent user to open the wrong door of your IT security measures. So you can have state of the art IT security, you know, measures, but if, if humans are in the link, and if some of them are negligent, some of them are malicious, some of them are accidental insiders, well then we still have to rely on the little bit of luck factor to things to go, right? Right. So now let's talk about the new network parameter.
We are living, I, I do not know whether we can call it officially the post covid times, but let's, let's call it the post covid times here. Now we have a new network parameter.
Now the old network parameter was all about four walls, okay? Now every data that belongs to your organization was stored inside your corporate network, okay?
Now, if people wanted access to that corporate information, let's say an external entity wants access to that data, of course you had technologies like VPN and network access control. That was the old parameter based model. But the new cloud and remote work model, you don't have the concept of corporate network anymore, okay? Corporate network does not mean one building, okay? Data is increasingly stored outside of your corporate network nowadays. Number two, users are accessing that data from various applications and devices, not just their office laptops or office mobile phones.
They even access office data from their personal devices outside the corporate network. So that is the new network parameter, okay? Now as a result of the new network parameter, we have the soft boundaries issue.
So you do not have a clear demarcation of what is corporate network and what is not corporate network. So that's the problem that we are dealing with.
Now, what I have observed is I have interacted with hundreds of administrators over the last 11 years, and especially in the last two years. What I have personally observed is a lot of organizations are moving, are opting for a hybrid active directory approach. They were on-prem before, but in the last two years, they have now rapidly transformed their organization to a hybrid platform, okay? For obvious reasons.
So the Azure gives you innovation, speed, storage, scalability, and everything that you want, whereas the on-prem gives you regulatory compliance data, gravity in the sense you have more control of the data that you manage and administer. So that's why people opt for hybrid, especially in the last two years. But as organizations opt for hybrid, more and more organizations go hybrid.
One problem that comes along with, I mean, I mean as as a famous movie dialogue, when you pray for rain, you'll have to deal with the mud, okay?
So when you want innovation and scalability and speed and availability, of course there, there's always the other side of the coin. And the other side of the coin is the lack of transparency that you get with hybrid ad. So you don't get clear cut answers for who, what, when and where. Okay? With active directory things were pretty much simple and straightforward. I'm not saying that it was a hundred percent transparent, but relatively the on-prem was much more transparent when compared to your hybrid.
So you had protocols like L D A and to actually manage identities, authenticate them, modernize them and all that. But with the cloud it has become more difficult for IT departments especially to monitor which users are accessing which applications and services.
Now, as a result of that problem, we have more and more and more and more of applications getting onboarded, okay? So we started off with on-prem and then hybrid because of the lack of trans transparency problem, we started adopting more applications to gain the visibility that we wanted, right? So I always see it like this. So old technology has old challenges, new technology has new challenges. So challenges are here to stay. It's just that we keep evolving.
You know, one thing that mankind does best is it keeps evolving. So does technology. So the new challenge that we have right now is what I call as the fragmented identities problem, okay? I'll tell you what that problem is. So for one physical user, Viv, you have three digital identities, one in the on print, one in Azure, and another one in the cloud vertical, right? So you have one physical user with three fragmented identities, right?
So that's the fragmented identities problem. So the problem here now is how do you manage all these identities under one single roof?
So you'll have to ensure that every user or application or device that's accessing data inspective of the location, because we are not going to take location as a trust factor anymore. Initially in the physical model or in the parameter based approach, location was a trust factor. For example, if the IP was equal to something that equals to your organization's IP address access was allowed. If it's not from not belonging to the subnet of ips that belonged to your organization, access was denied. So location was a trust factor earlier, that's not the case anymore.
So every user application and device has to be granted secure access and the access should be contextual. Now, what do I mean by contextual is you'll have to create access policies based on location, based on IP address, based on device and also based on the risk score.
Okay? So you have a lot of context contextual parameters to keep in mind that when you form access policies to manage fragmented identities, okay? But where you actually begin this, so we have now discussed the problem, but what is the solution? The solution to manage fragmented identities is by implementing zero trust. Okay?
Now, but let me ask you a very simple question. How many of you listening to this session have successfully implemented zero trust?
Okay, now I have asked this question many times and trust me, only 60% of the audience, or let's say 60% is an exaggeration. Only 40% of the audience that I have interacted with have actually done something to implement a zero trust, okay? And that would make this gentleman very, very sad. So for those of you who do not know this gentleman, he is John Kinder rug who is the creator of Zero Trust, okay?
So John Kinder created this concert almost 12 years ago and there is a whole marketing spin around zero trust.
And I personally believe that's why most of the organization think that it is too complex to implement zero trust and they don't try it at all, okay? But this I really believe is the need of DR and to implement zero trust, you can just do two things to take the first steps, okay?
You, you can use an existing IM solution and an SI M solution that you have in your office to begin your first steps. An IM solution helps you in verifying and then providing secure access to every user or device or application that is trying to access resources. Number two, an IM solution will also help you implement JIT just in time access. So you want a user to be given access at nine o'clock after verification and the access to be revoked at 4:00 PM in 4:00 PM So just in time access is possible.
So that, I mean using an IM solution so that this paves way to least privilege access and at the same time this avoid something called apo mission blo and lateral movement number three, it also helps you with automating cleanup activities, which is the need of the R. You don't want inactive accounts, you don't want STA accounts to, to be lingering around in your organization. So there has to be a mechanism by which you automate the whole identity management process. And Im helps you do do that.
Number four, an S IEM solution, which actually reads, you know, gigabytes and terabytes worth of data and digital trails from variety of sources has to be empowered with mission learning, right? Because if I log into my laptop at nine o'clock and your S I EM tracks that, that is auditing, right? But I have been logging into office only at 4:00 PM because I work in the evening shifts and now I actually log in at nine o'clock, which is a deviation in my login behavior.
Such deviations and behavior can be effectively tracked only through mission learning algorithms.
And that's why I really believe that you have to have S siem that is empa word with mission learning algorithms such as U epa, user and entity behavior analysis. So an whenever an anomalous behavior is detected either from the the user part or from the device part, we should be able to track and pin them down immediately, okay? So with this said, manage engine can help you begin that journey of zero trust with less complexity.
We, because we do have two offerings for you, one is 83 60 and I am offering and Log 360 is the S SI offering, which is emperor with the U EPA that we just mentioned. Of course there are other things to discuss, but just because we are press for time, I'm focusing only on the identity security part. And if you'd like to discuss more, you can always hit me up in LinkedIn. My LinkedIn IDs within satin and my email address is right here. Thank you very much for your time and patience and now it's time for some question and answers. Let's go ahead.
All right, so if we can maybe start with the results, that would be fantastic. The first question which we asked was which component of trust? Just a second.
All right, so the answer where the 53% people voted for application security and data visibility, 35% voted for user and device security while voted for orchestration and automation. Given what you think about the results of this Porwal,
Fantastic. I mean as we expected, so na, if you take a look at the 35 percentage and the 53 percentage split here, one thing is very evident, okay? So people are more focused on the layers that have human interaction, okay?
In a sense, humans directly interact with applications, humans directly interact with devices, and of course you have the user entity there as well. So all put together what I, you know, make a, you know, what I understand from the poll results is that as you rightly pointed out though, you have seven pillars in the zero trust identity security is the most important pillar. That's exactly what the poll result has summarized.
So from what I understand is users, especially the attendees, think that it is time for us to prioritize areas that are most in touch with the human part of your organization, which is let's say the application and the data associated with it and also user security and device security. So no surprise and thank you very much for who voted.
Perfect, thanks. Yeah, thanks as to everyone who voted makes sense. I mean that was fantastic and if we now go towards questions, we have a few questions here. I remember even you mention about the post era about that we have how did the reveals of based approach to security,
Right? Not just for our client ish, but in general this pandemic has literally exposed the issues with the parameter approaches to network security. Now the core idea with parameter based network security has been around for more than 20 years. Okay?
So the whole logic was, you know, anything or anyone inside the parameter was inherently trusted. So anyone outside wasn't trusted. So they need to verify and then gain access to your inside network. That's the parameter based approach.
Now, if you closely look at the parameter based approach, we can understand that it is a layered approach to security. So IT teams would normally, you know, set up security parameters around important assets. So they would have layer one, layer two, layer three, and only if an attacker crosses all three or four layers, they then get access to your corporate data. Okay? That was the initial approach.
Whereas a user who's already in your organization can actually go past these layers of security and they will just, you know, log into their laptops and then gain access to IT resources.
That was the model. But the parameter based approach made more sense when your setup was just OnPrem and predominantly Windows based. But it's not the case anymore. Organizations are not just Windows shops anymore and they're not OnPrem. So as we saw in the last two years, lot of organizations are now moving or at least adopting a hybrid approach. They want their OnPrem for obvious reasons, but they also want the cloud element.
So the parameter based approach is not going to work, and that's what I have seen with our clients and I really believe since technology is common, that's the case for the people listening to this session as well. That's my take on it.
Perfect, thank you. I mean, we have many questions coming up, mostly based on your parts. I'll start with the other one. What is the leading source for identities, HR data, government identities, defined by ID card, password? In that sense, what is the leading source for identities?
Okay, can we get the options once again if that's okay?
Yeah. So the options were for example, ID card, passport, legal documents and that,
Okay, so I would say the leading source for identities, the answer to that question is if my question to the person who asked the question would be, what do you think is the biggest identity repository out there in any organization?
Okay, say for example, I have 5,000 employees in my organization, I need an account for all those 5,000 employees. So I quickly log in and then create accounts and I give them access and all that. But where are those 5,000 accounts stored?
Okay, that is the biggest identity repository or let's say the source of digital identities. It's not your ID card, it's not your digital passports, it's not that when you refer to an IT organization, the biggest repository that you have in your hands are the repositories that you are already familiar with. For example, active directory. So every organization has active directory. So you have 5,000 employees, 50,000 employees, a hundred thousand employees. Information about all of them stored in, let's say, megabytes worth of one file.
So that's the biggest identity re are the source of identity that we are trying to protect as administrators or as IT department as a whole. So that's my
Thanks. I hope that was the answer you was looking for and I think it's also a perfect time to not check the results of the second poll, which we took. What would be your first step be when implementing zero trust? So very soon you will not see the results. 75% has said I am to deployment, 19% has seen behavior analysis moving. Do you agree with this results?
Absolutely.
I mean, I'm glad that you know, your session at my session is in sync with the polls, which means we think the same way as the attendees think because technology is common. The reason why I think most people wanted for I am is because I am is the first step that you can take to bring the, you know, the fragmented identities under one umbrella. So only when you bring all those fragmented identities under one roof, you will be able to manage them, monitor them, administer them effectively. And for example, single sign on, right?
We have on-prem applications, we also have cloud applications, and these two applications don't talk to each other, but we have identities here. We also have identities here. How are we going to bring these two identities under one roof?
Well, sso. So if you have ssl, which is a part of your IEM strategy, you can very well bring these two identities under, under one roof, give users controlled access, it becomes much more easier for you to go on and also manage application access. So Im is a blind choice, I would say.
Perfect, thanks. I think we have questions coming up right on zero trust. The latest one is how do you do zero trust with Ds? Robot is asking questions.
Sorry, how do
You, how do you lose zero trust with dds?
Distributed identities?
Yeah, yeah,
Right. So with digital identities, I would say firstly, let me, we have a small disclaimer here. So any zero trust transformation is not going to happen overnight that we all know that.
So it's, it's always one step at a time. And the first step with DS would be to actually find a common platform under which you can bring all those identities together. Because if you take a look at effective management strategies, when you're trying to manage something in bulk, I'm, I'm going to be deviating from the topic, but I hope that answers the question. When you need to manage a mass of anything for that matter, the only way by which you can manage a bulk of things or a mass of things is to group them. Okay?
So you first need to bring them under one roof, classify them based on their value, group them label them, and then think about ways by which you can manage and audit them.
That is the only way by which you can begin the zero trust process, be it with ds, be it with the identities that we have back in our office, be it the identities that you're talking about in the cloud, vertical, whatever it, it is the case, the principle is the same, bringing all the identities under one roof, grouping them, classifying them based, I mean based on values and labeling them, and then start the process of managing, auditing and then granting access. So that's my answer.
Hopefully that answer the question. There's one more on that. Sure.
Do you move any implementation of Zero Trust with SGMs or software defined networking?
All right, so I might not be the best person to talk about, you know, software defined network parameters. I agree that you have, you know, thankfully we do have, let's say software defined micro segmentation that is picking up large scale. And I really understand that it is a process or an essential component of Zero Cross in order to secure your networks. But I might not be the, the right person to offer you the advice on how to go about the process.
But what I can do is if, if you can ask that gentleman to get in touch with me via LinkedIn or any of the platform for that matter, I'll be more than happy to hook that person with the right resource so that they'll be able to grant them more insights on how to actually micro segment we are talking about, let me be very specific here. We are talking about software defined micro segmentation, which is the, which is one of the core components of Zero Trust and how to implement. So I'll be able to hook them up with the right people to have some expert advice on it.
I hope that would help,
Hopefully that that sounds great. Can link with LinkedIn so that if you have any other questions, but we do have a few more questions here as well. So to what extent do Zero Trust affect the operating model for cybersecurity teams? What do you think?
Well, it is not actually about affecting the operating model for the cybersecurity teams. It is all about process and visibility. So according to me, if you're using the right tools to implement the zero trust process, I'm not going to specify a vendor or I'm not saying only this vendor does it best or this tool does it best.
No, every organizational requirement or need varies. So you'll have to find the right tool that suits your zero trust journey. I can give you a a common theme though. Number one, an IM tool for identifying users and devices that attempt to connect to the network. Number two, maybe a next gen firewall to create micro segmentation that can help you set up access controls for your applications file and even service access. And number three is tools for monitoring your network and understanding suspicious user and also device behavior. So these three would be a good thing to start.
So it's not about, the question is not about how is it going to affect my cybersecurity teams. It's all about are the cybersecurity teams using the right tools depending on their organizational needs to successfully complete the zero
I hopefully question is, we have a left, so of questions, what do you think is the difference? Network access control and zero trust. So that is one question we have received here.
All right. The primary difference or the glaring difference I would say is zero trust basically starts with the assumption that your network is already breached. Okay?
So the assumption is that, but with NAC it's not the case and NAC wouldn't require you to access every, I mean, wouldn't require you to verify every other time. Okay, though it's a bit of an inconvenience, zero trust actually help you does that. So say for example with nac, if I log into, or if I gain access to the network, I have complete access, okay? But with zero trust, even if I gain access to the network, I don't have complete access, I just have limited accessibility. So if I need more access, again I need to verify. Okay?
So the core idea here is NAC works on inherent trust, whereas zero trust doesn't work on inherent trust. So it according to the, you know, philosophy, never trust, always verifies. So these are the core ideologies that I see between zt, I mean ZT and nac. I hope that answers the question.
I think we have time for question I This is what Zero to you,
Right? Well we know that the term is is not necessarily new. It has been around for more than 10 years now, clearly, but I really believe that because of the pandemic and the situation related to the pandemic, it is becoming zero.
Trust is becoming increasingly relevant today, especially with remote and dispersed employees. Zero trust models are becoming the Togo.
That's, that's what I feel. The question was what does zero trust mean to you? So that's what I mean, that's what I believe. So it's just that now the technology or the term has gained the traction that it deserves. And one other reason why I believe that Zero Trust is becoming, you know, a rapidly adopted model is that it helps you with dealing with the changing dynamics of what is going in the backend. So initially networks were on premise, okay? More than 70% of them were on premise, we are talking about in the last 10 years.
But if you take a look at the last two or three years, especially the last two years, networks aren't just on-prem and second reason, networks aren't just Windows based anymore either, right? So we have Windows, you have a mix of Linux, you have cloud boxes, you have your nas, you have your sand, you have vulnerability, all kinds of entities interacting in your network. So the only concept that makes sense to IT security right now is zero trust. I'm guessing that Zero trust was meant to get the limelight that it deserved.
Only after Covid happened and because of covid, a lot of organizations had to go remote and only then they realized, oh, oh, we had some problems with the on-prem and what do we do so well? We have zero trust. So that's why organizations are going behind zero trust at a rapid pace now. That's what I believe.
Thank you. Thanks Viv. I think that's the end questions and we are also towards the end of our webinar. So thank you everyone who joined. Thank you Viv for presentation and for your insights. It was really helpful and hope to see you again in some webinar. Thank you so
Much.
Thank you very much. Thank you everyone.
Thank you.