Newsroom
User experience and ‘trust’ must come together for cyber resilience.
February 10, 2023
Our latest Trust Barometer roundtable brought together some of the brightest and most experienced security minds in the country with our partners Palo Alto Networks and TechCentral together to discuss current security trends and challenges. The focus of the discussion was on transforming security, and whether Zero Trust and SASE was a realistic answer to the challenges faced.
The Trust Barometer roundtable was held at the Saxon Hotel and brought together some of the brightest and most experienced security minds in the country together to discuss current security trends and challenges. The focus of the discussion was on transforming security, and whether “Zero Trust” and “SASE” was a realistic answer to the challenges faced.
The participants noted that digital transformation happened quickly and that the world is now in a different place. Remote work and the increasing use of cloud technologies have complicated the security landscape, making it more difficult to maintain control and visibility.
One of the key aspects discussed was Secure Access Service Edge (SASE). SASE is a new approach to network security that provides a comprehensive security solution for remote and mobile users. It integrates multiple security functions such as firewall, VPN, Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and software-defined WAN (SD-WAN) into a single, cloud-delivered service.
SASE focuses on improving security for users accessing applications and data from different locations, devices, and networks, and aims to provide a seamless user experience while ensuring that data and applications are protected from security threats. Ultimately, the goal of SASE is to simplify security operations and improve network performance by consolidating multiple security functions into a single platform.
While SASE is a philosophy, underpinned by several technologies, the participants agreed that the user experience is the most important aspect of security, and that operations and technology should be considered secondarily.
The Microsoft and recent AWS outages were also discussed, and the participants noted that the increasing complexity of cloud systems has made it harder to pinpoint the root cause of problems. They shone the spotlight on the importance of understanding the technologies and the need to take a Zero Trust approach to security.
The participants stressed that the user experience was highlighted as the most important aspect, with the user at the center of all security considerations. If the user has a bad experience with security, they will find workarounds, and this is not acceptable from a security perspective. Operations were also considered key, with technology being the last on the list. The group emphasized that we need to get things right operationally and from a user perspective first before we can even think about the technology.
Having a relationship with your vendor is key. It’s important to understand your technology vendor’s strategy and ensure that it is aligned with your strategy. Trust is increasingly important with your vendor and partners.
Trust at a human level needs to be very different to trust at a technology level, especially when it comes to security. This is why ZTNA was discussed as a solution to the challenge of securing remote workers and the loss of control over the network.
ZTNA is a security model in which every access request is treated as untrusted and subject to authentication and authorization, regardless of the origin of the request. The objective of ZTNA is to minimise the trust in network-connected devices and applications, reducing the attack surface and enhancing the security posture of the network.
Zero-trust is based on the following philosophies:
The participants compared ZTNA to a house, where access is granted and monitored through authentication and CCTV. This concept of least privilege was seen as the key to providing security while still allowing users to be productive.
The participants also highlighted the need for simplification in security solutions, as the growing number of tools can create complex environments that are difficult to manage. The shift in thinking to become more network-aware and the increasing importance of identity were also discussed.
Finally, the participants noted that the biggest problem in security remains the user’s device, and that SASE can help by providing consistent security across the network. They stressed the importance of making security simple and user-friendly to ensure that users are productive and that security solutions are actually used.
In conclusion, the Trust Barometer roundtable provided valuable insights into the current state of security and the challenges that organisations face in a rapidly changing landscape. The participants highlighted the importance of considering the user experience, simplifying security solutions, and taking a zero-trust approach to security.
Share Content
We use cookies to improve your experience, personalise content and ads, to provide social media features and to analyse our traffic.By accepting this notice, you agree to our use of cookies.
These cookies are essential for the website to function properly. They help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. They usually set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, or filling in forms.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may be set through our site by our advertising partners. They do not store directly personal information, but are based on uniquely identifying your browser and internet device.
Helps analyze site usage to improve user experience. Assists us to understand how visitors interact with the website by collecting and reporting information anonymously. These may be set by us or by third party providers whose services we have added to our pages.
Used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.