Today’s cybersecurity environment is complex. As it seems that the world is becoming more open and trusting, organizations are doubling down on security measures. A zero-trust approach is common among security-oriented organizations.
Why is zero trust a good thing? We’ve asked an expert: Ian Mortimer, Senior VP of Technology at Pexip.
There are countless important conversations, critical decisions, and strategic discussions happening right now over video technology. At the same time, there are equally countless threats, attempts at attack, and breaches of security happening. It never stops. It’s ongoing, growing, and increasing in sophistication all the time, and no one and nothing can be trusted.
This is the cybersecurity environment in which we are operating today.
Zero trust in the world of cyber security means that nothing is trusted until it is verified. It is a strategic approach that requires every user and every device in a network to be continuously validated before getting access. The organizations that embrace ‘zero trust’ are essentially acknowledging that a cyber-attack is just a headline away, and so they work systematically, with zero trust policies in place, to stay one step ahead.
It may sound like a mission impossible.
The reality is that many organizations today don’t think much about cybersecurity until after a breach occurs. But that’s a bit like locking the stable door after the horse has already bolted. It’s too late.
I’ve been working with video technology for nearly my entire career. I’ve been a part of its evolution, from the days of clunky, complex equipment to today’s pervasive, one-click-away mentality. Video has changed the way work gets done. People are more dispersed, and teams are no longer bound to a physical location. It’s made the world more connected than ever. What once happened behind closed doors is now happening between screens. With that comes new vulnerabilities.
But our progress in exploiting the potential of video technology cannot outpace our progress on cyber security.
While zero trust is a recommended strategic approach to address security issues, there’s also a cultural element at play. As the saying goes, security cannot be retrofitted. It needs to be built in from the first line of code. Security must be just as deeply ingrained as our need for speed and scale in development and in the minds of the people doing the development. You should expect nothing less of your video technology and its makers.
The strategic, digital missions of organizations today are critical. A security breach can be a devastating blow to progress and, more importantly, the trust of stakeholders. But your transformation cannot be stopped for fear of the next headline announcing “Breach!” to the world. Video technology has enormous potential to reshape how you deliver services and engage with customers, but it must be done in a way in which security comes first, last, and everything in between.
Here's my advice.
1. Understand and accept that there’s always the possibility of a breach. How you respond to that breach is critical.
The most secure companies I’ve worked with behave as if a threat is always imminent. They treat security as a full-time job and constantly keep up with the vulnerabilities at play. Decide now (before the threat happens) how you will respond (for when it does happen).
The organizations that act swiftly and decisively in the wake of an attack, with a clear plan for dealing with the fallout even if their most critical platforms are compromised, are the ones who are best able to maintain trust and get back to business quicker.
2. Know where your data is and recognize that more than just your core data is at risk.
Do you know where your data is stored? This is a critical question, as the more vendors you have, the more dispersed your data may be. Is it being stored with other organizations’ data? And who has access to it? These are critical questions that you should be asking everyone who is providing digital services to you.
It’s also important to understand that even though the threat actors may meet some tough barriers when it comes to accessing your core data, there’s still much to be gleaned about you and your organization from the metadata – which often isn’t as rigorously protected. Things like who is meeting whom and when. So, find out what solutions are in place to keep that metadata equally private.
3. Hire people who care about security and build a security mindset into your corporate culture.
For me and the people I work with, thinking about security from the start is a must. It’s how we develop and design software, and it’s how we treat our customer data. ‘Zero trust’ is a strong message to your organization that you take security seriously but building a security mindset into everything you do across all layers of the organization is an even stronger message. It says that security is who you are and what you do.
There’s only one true guarantee in the world of cyber security, and it’s that the threats will not stop, and the attacks will keep coming. There is no antidote to this problem, but building resilience can be powerful preventative medicine. Don’t wait until the breach happens to act. Start talking more about security now. Ask your vendors the tough questions about where your data is and how it’s stored. And invest time in instilling a strong security mindset in your organization. Your people can be your best defense.
About the author
Ian is the SVP of Technology at Pexip. He is responsible for helping shape our unique tech and products. He's worked in software and communications technology for over 20 years with a strong focus on creating high-quality products with a clear value for our customers.