Where Are You in Your Zero Trust Journey?Experts Discuss Their Zero Trust Road Map for 2022
Where are security practitioners in their zero trust journeys, and what approach to zero trust have they taken? Three experts - David Fairman, CSO, APAC, Netskope; Mario Demarillas, CISO and head of IT consulting and software engineering, Exceture; and Soumo Mukherjee, head of security architecture, cybersecurity, Petronas - share their thoughts in a panel discussion.
"We started our zero trust journey from the identity of device side. We also need to think of cloud network and data. For me, it is all about continuously evaluating various data points," Fairman says.
"Data is something I would advise to start with. Data is not only about knowing your crown jewels or your customer data. It is also about knowing your assets," Mukherjee says.
"Those who already have access must be vetted again from time to time and need to be monitored. And expand the same to network, devices and other systems that may contain entry points to any other systems," Demarillas says.
In a video interview with Information Security Media Group, the panelists also discuss:
- What zero trust means to them;
- The hurdles they faced in their zero trust journeys;
- Their road maps for 2022.
Fairman is CSO, APAC at Netskope. He has extensive experience in the global financial services sector. Fairman is also a partner at SixThirty, a venture fund that invests in early-stage enterprise technology companies from around the world.
Mukherjee is the head of security architecture for cybersecurity at Petronas. He is responsible for end-user security, identity and access management, cloud security, and Microsoft 365. During his long career in information technology services, he has been a transformation leader, a change agent, and someone who keeps challenging the status quo.
Demarillas is a member of the board of directors, CISO and head of IT consulting and software engineering at Exceture Inc., based in Manila, Philippines. He has over 20 years of professional experience in information systems and internal audit, fraud examination, information and cybersecurity, data privacy and IT governance consulting with financial institutions, audit firms and IT consulting companies.