5 Minutes With: Shambhulingayya Aralelema at Infosys

With plenty of businesses continuing to work remotely, it has inevitably left greater room for cyberattacks worldwide. The Zero Trust approach has been celebrated as offering new ways to protect businesses in a reliable and flexible way.

Shambhulingayya Aralelema recently spoke with Cyber Magazine about seeking to help organisations demystify Zero Trust architecture within the security landscape and how they can ensure all of the benefits of secure access and prevent data breaches.

With more than 25 years of professional experience in IT infrastructure and cybersecurity systems, Aralelema is well-versed in hybrid cloud, cybersecurity and network transformation systems. 

What exactly is Zero Trust security?

“Whether you call it the latest buzzword, the most modern blueprint. or the hottest trend for security, zero trust adoption is at a tipping point. 

“As per Okta’s The State of Zero Trust Security 2022 report, 55% of organisations surveyed have a zero trust initiative in place and 97 percent plan to implement a zero trust framework over the next 12 to 18 months. Several organisations have progressed from early-stage adoption to defining roadmaps to maturity since 2022. 

Aralelema describes how the Zero-Trust concept offers a new standard of cybersecurity measures for enterprises looking to evaluate trust on a “per-transaction” basis. 

He said: “Zero trust architecture (or ZTA) ensures the highest level of cyber protection, with a foundational framework and enterprise strategy that need not change as technologies evolve and become redundant.

Key fundamental principles for ZTA:

According to Aralelema, some of the most important considerations for ZTA is when the user is given minimum levels of access to perform their job in order to fully authenticate every entry attempt before granting access. 

The ZTA strategy assumes that a cyber breach will occur and as a result, verify each request regardless of if it originates from internally or externally to the organisation. Aralelema also stated that context aware access was paramount, via controlling which application and user can access the network based on their context (ie. location, device security posture, connections, country of origin, etc.)

He said that all cybersecurity controls, processes and policies are based on data criticality in place of a one-size-fits-all solution - emphasising protection against “lateral movement” after endpoint security is compromised.

Why should global businesses opt for zero trust cybersecurity policies?

Aralelema says: “Given how complex current IT ecosystems are, legacy perimeter-based network security is insufficient. The pandemic and ensuing lockdowns also pushed millions of workers out of office and into their homes, where they connected to company systems remotely.”

In addition, as the volume of sophisticated cyberattacks are increasing, he argues that the focus on ZTA has significantly increased across Europe.

“According to the March 2023 Forrester report “Zero Trust Comes Into The Mainstream In Europe”, over two-thirds of European organisations have begun developing a zero trust strategy,” he said.

“These factors have increased the number of vulnerable points for cyber attackers to exploit and resulted in an uptick in cyber breaches. 

“Zero trust focuses on protecting enterprise security proactively, rather than reactively. Several enterprises still have traditional perimeter security tools that are cumbersome and no longer competent to protect against NextGen cyber threats. With time, enterprises have also developed from small-scale, contained environments to decentralised architectures.”

These are significant steps as Aralelema highlights how threat actors have evolved to conduct more advanced and sophisticated attacks on networks. This has now understandably become a critical vulnerability for businesses as these types of targeted digital attacks and breaches now come from “inside the corporate perimeters.”

How can organisations determine the most appropriate Zero Trust strategy for themselves?

“While adopting the zero-trust security framework, there are six key tenets that need to be considered by cybersecurity leaders: Secure Identity, Secure Device, Secure Applications, Secure Networks, Secure Data, and Cyber Governance. 

“Identity grants conditional access based on user behaviour, device security posture, and location. By securing devices remote access is protected with solutions such as vulnerability management, Cloud Workload Protection Platform (CWPP), Extended Detection and Response (XDR) and enterprise mobile device management.”

Aralelema stresses that data centric security is an absolute necessity for businesses as critical data leakage can result in huge financial losses and a risk to their reputation and credibility. He states that these measures are only effective when cybersecurity governance is automated, dynamic and real-time.

He said: “Adopting a Zero trust model is not without challenges. Often organisations adopt a piecemeal approach, resulting in gaps and unexpected security lapses. Watch out for high costs with zero-trust deployment, as it could involve significant hardware, software and even process changes to be successful. 

“Zero Trust needs ongoing administration and maintenance, requiring dedicated resources or employing a managed services provider to accomplish the task. 

“However, the benefits of following a zero-trust strategy far outweigh not having a zero-trust solution in place. The consequence of not adopting ZTA can be catastrophic, and going forward, it will be the long-term solution to securing enterprises from modern data breaches.”

******

For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine.

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.