In recent years, as the attack surface for cyber attacks has expanded due to the use of cloud services and teleworking, more and more companies are introducing measures based on the concept of “zero trust security”. However, as cyber attacks have become larger and more sophisticated, and new zero trust guidelines have been enacted by the government and other organizations, companies that have introduced these measures are being forced to reconsider their existing measures and plans.
With zero trust, the optimal solution for how far measures should be taken varies depending on business characteristics, management strategies, security policies, existing IT infrastructure environment, staff knowledge and operation systems, IT budgets, etc., and the scope and level of control changes. An increasing number of companies are facing issues such as being unable to set goals or review plans because they are unable to grasp the current progress or measures that need to be taken, not being able to fully utilize the functions of zero trust despite having introduced it, and being over or under-invested in the cost of measures and systems.
To solve the above problems, in this service, NRI Secure consultants will assess a company’s degree of zero trust achievement in five areas – identity (authentication), devices, networks, applications/workloads, and data – and three cross-functional functions – visualization and analysis, automation and integration, and governance – in line with the “Zero Trust Maturity Model” of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Based on this, we will consider the target company’s desired goal setting and measures, and develop a roadmap for achieving the goals.
SOURCE: PRTimes