8CIOReview | | FEBRUARY - 2023IN MY OPINIONIMPLEMENTING A ZERO TRUST MINDSETBy Gerald Caron, Chief Information Officer (CIO),U.S. Department of Health and Human ServicesTimes are changing and we no longer rely on the "traditional way" of doing things, especially in technology. When was the last time you have saved important numbers in a phone book or stored documents in physical folders? We can bet that it has all transitioned over to your mobile phone or another type of cloud storage. We now rely heavily on the cloud to keep our data secured. However, this time around, the traditional desktop is no longer the only powerhouse to the network. Phones, tablets, thin/zero clients and laptops are the new kids on the block, augmented by desktops. They are keeping data accessible while also creating new pathways that make data vulnerable. In yesteryear, a secured perimeter was the chosen method. I like to refer to it as the `Tootsie Pop' security method, it is hard on the outside but gooey in the middle. We basically trusted everyone that was within the perimeter or at least that is how our legacy networks were built, this can also be referred to as the `Castle and Moat' approach. Network protection has always been important, but as time has changed so have our method of protection. Having access to all information within the perimeter has become just as detrimental as all threats outside. Some of the largest security exploits have been within the boundaries of organizations' networks. Thus, why `Zero Trust' has come to the forefront of the way many are now shifting their focus in cybersecurity.One example to compare the traditional security model and Zero Trust is to think of a multiplex movie theater. The theater shows different movies (think of these as data) Gerald Caron
< Page 7 | Page 9 >