RSA Conference Day 2: IBM, Microsoft, Zero Trust Security

RSA Conference Day 2: IBM, Microsoft, SolarWinds Reaction, Zero Trust

Written by Edward Gately
May 18, 2021

Zero trust implemented correctly will reduce barriers to innovation.

RSA CONFERENCE — The importance of zero-trust security in the face of increasingly sophisticated cyber threats took center stage during day two of this week’s virtual RSA Conference.

In a keynote, Mary O’Brien, general manager of IBM Security, talked about her company’s zero-trust security efforts. She also spoke with Mauricio Guerra, Dow Chemical’s CISO, about that company’s switch to zero trust.

IBM’s Mary O’Brien

“Zero trust offers a better way to address the complexity in security that’s challenging our businesses today,” O’Brien said. “Traditionally, security focused on building a perimeter of protection around valuable assets. That worked well for decades for the majority of our valued assets. But that’s not the way we do business anymore. Today, it’s not uncommon to have all of your users, your data and your applications operating in different environments. And it all needs to connect to one another quickly, seamlessly and securely.”

At its core, zero trust is a multidimensional approach to addressing risk and protecting data where nothing is inherently trusted, she said.

Zero trust is helping Dow manage the new environment and ecosystem it has to support now, Guerra said.

“I’m referring to the new reality of the digital age where we have more mobile users, cloud applications, IoT and IoT devices … when internet is our new network,” he said. “So we had to transform our cybersecurity program and practices. And the answer we found was adoption of a zero-trust architecture.”

Dow’s Zero Trust Journey

Guerra said he started by understanding Dow’s digital transformation, the business’ outcomes and priorities.

“We decided to start with a zero-trust network architecture because that’s what we needed to enable our users to have full access to all forms of internet, cloud, services, etc.” he said. “So one of the first deliverables of our zero-trust model was secure access to internet. Second, we have delivered a secure access to our different locations, replacing data pools that we had before. We are replacing our telecommunications network, and zero trust is helping us with an SD-WAN solution.”

And being a manufacturing company, IoT is a big priority for Dow, Guerra said. So Dow is designing and implementing secure models to manage all the new devices that it’s implementing in the manufacturing space.

“And finally, it’s the whole area of conditional access and authentication,” he said. “So all in all, zero trust is a giving us the flexibility to support all the business needs, but in a secure way.”

When implementing zero trust security, it’s important to plan what you want to achieve and draft a detailed, multiyear road map, Guerra said. Also, be prepared to revisit it to make sure you meet your objectives.

A zero-trust approach done correctly will reduce the barriers to innovation by incorporating security and privacy into the design and development of new services, O’Brien said. In addition, it will facilitate migrating to a modern infrastructure that provides customers and your workforce with secure, frictionless access to the services they need.

“And it will enable prioritization of continuity and resiliency by facilitating contact-space monitoring of both internal and external threats that would jeopardize the availability of critical assets and operations,” she said.