The Importance of Planning and Inclusivity When It Comes to Security
It’s not enough to say everyone should be responsible for security. For this concept to actually work, organizations must go back to people, processes, and technology. Planning and inclusivity come into play by including the security up front instead of mid-way through development or at the end.
Going a step further, security teams can be placed into core application and platform teams from the start. Shea says, “That allows communication to normalize between what the security team needs and expects and what the application or platform team needs and expects. That normalized communication will break down a ton of barriers as well. It’s a useful exercise because it starts to create shared understanding.” Using the same tools helps to improve the workflow and enhance collaboration.
Does Zero Trust Hamper Productivity?
It’s been said that the core challenge of Zero Trust is tightening access without bringing workflows to a halt. That change is always difficult, and in many cases, people will find themselves without access to tools, servers, and platforms they should have never had access to in the first place.
Shea explains what Zero Trust means in a more granular sense, “What Zero Trust means to me is don’t assume anything about the target environment. It used to be I would say, ‘I don’t need to worry about the network, but we can broaden Zero Trust wider than the network. If I assume my network team has taken care of that, then great. Then I don’t have to do anything. This is a shift in that mindset. This is largely because if you actually look at the communication breakdown between teams, it’s not that things are misconfigured, but that they’re misunderstood.”