Posted on

How Banks Stay Competitive in a Digital Landscape with Increased Cyber Threats

Ricardo Ferreira, Field CISO, Fortinet

In banking and finance, the transformation strategy needs to have the customer experience in focus to build trust, which is crucial in today’s digital life with fewer physical customer meetings.

Banks must be agile in their business model to quickly create new applications that are required for an optimized user experience, says Ricardo Ferreira, Field CISO at Fortinet.

With DORA (Digital Operational Resilience Act), European financial institutions get new guidelines aimed at reducing the risk of cyber-attacks. Fortinet helps its customers comply with these regulatory requirements. – We can protect everything that has access to the network and banks should have a security architecture that includes multiple private and public cloud platforms. What makes Fortinet unique is that we can take a holistic approach to security in the financial institutions’ digital transformation journey, says Lars Berggren, Country Manager Fortinet Sweden.

 

An improved user experience with Bank 4.0

In the Nordics, cash handling has decreased significantly in recent years, while digital payment solutions have increased rapidly. Swedish banks, for example, were early in launching internet banks, but in recent years the focus has shifted to make sure they comply with the regulatory requirements. With new Fintech companies attracting customers, Swedish banks need to put more effort into their digital development to be competitive. Cyberattacks and threats are becoming more and more sophisticated. Fortinet provides support in the digital transformation and has crucial expertise in risks and threats

– Cloud-based platforms, both private and public cloud, are crucial for banks when developing solutions for a better, high-quality user experience. The transformation that banks need to go through, with new digital platforms and a more agile business model, is what we refer to as Bank 4.0. Today, you need to be fast and flexible to protect yourself and there must be a proactive security platform that supports the business and provides a holistic view, says Lars Berggren.

 

Secure the brand reputation of your bank

Digitalization brings many opportunities for the banks, such as increased sales, finding new business models and applications as well as refined customer offerings. Fortinet can help improve user-friendliness and at the same time secure the bank’s brand reputation by reducing the risk of cyber-attacks, says Ricardo Ferreira.

Read more about the driving forces in the market that are affecting banks right now, and how an improved infrastructure for cyber security can strengthen your competitiveness, in this e-book.

 

About Fortinet

According to Gartner, Fortinet is a leading provider of cybersecurity solutions and enables companies to build secure digital infrastructure and be at the forefront of their digitalization journey. The Fortinet Security Fabric platform provides broad, integrated, and automated protection for the entire digital attack surface, by securing critical devices, data, applications, and connections from the data center to the cloud as well as to the home office.

*This article was contributed by Lars Berggren of Fortinet.

Posted on

Brussels Airlines’ CFO Nina Oewerdieck: Managing Change, Challenges, and Culture In a Crisis

The airline industry was hit the hardest during the pandemic as the number of global passengers drastically reduced to 1.76 billion compared to the 4.5 billion before COVID-19. As chief financial officer (CFO) of Brussels Airlines, Nina Oewerdieck was tasked with overseeing a crisis that saw the role of finance changing from one of support to strategy.

In this interview, we dive into and talk about how Oewerdieck approached the challenges as a finance leader in the airlines’ industry, how she managed and encouraged a “change” mindset, and the traits of a modern CFO in a post-pandemic world.

 

Weathering The Crisis and Challenging Legacy Habits

 

COVID-19 has pushed many financial executives beyond their traditional role as a support for an organization. To weather the crisis caused by the pandemic, the role and scope of the CFO function have expanded to include leadership roles and to act as an agent of change.

As CFO of Belgium’s largest airlines, it was a challenge for Oewerdieck to ensure that the company survived during the pandemic. However, focusing on flexibility and challenging legacy habits proved to be the key factor in Brussels Airlines’ survival.

 

How were you forced to change your role as a CFO for Brussels Airlines? What were your challenges and key focuses as a finance leader during the pandemic?

 

For us as an airline, it was the heaviest crisis we have ever seen. We were used to managing crises such as “9/11”, the bird flu, or the bomb attack in Brussels 2016. But this crisis was heavier and longer than expected and even caused that Brussels Airlines’ fleet to be grounded for several weeks in 2020. That means we were not able to operate any flights, and really, to come out of this crisis was a tremendous challenge for everybody. 

Our priority was to save the company and we were in discussions with the Belgian state to get a loan to overcome these challenging times. It was a heavy challenge for everybody, not only on the personal side, to safeguard the future of this company and its employees. 

We made it through the crisis with very strict cash management and changing our perspective from EBIT-driven and bottom-line to a cash focus. We switched to micro-management on a C-level and challenged every single expenditure, every flight that we were operating to make sure all our operations were cash-positive, meaning covering all variable costs. That was the change in our view.

 

How did you make the change from support to strategy from a finance position and grow the business? What were the initiatives you had to take and what can other businesses learn from this?

 

We are not yet in a position to talk about substantial growth. I would love to focus a little bit more on strategy because we are still in crisis mode. And we are tackling this very carefully. However, it was part of our business plan, which we also went through with the government, to do a very thorough restructuring of the company. 

The focus was not to get the money to overcome this challenging period and go back to “normal”, as it was pre-COVID. It is our responsibility not only to lead the company through this crisis but also to do a restructuring to come even stronger out of this and to reach structural profitability. 

What that meant was to challenge the setup of the company, the size of the company, and to question how we have done things before. The crisis allowed us to use the momentum to get rid of some legacy habits and issues.

As a CFO, we need to have a business focus. Not only just as the support role, to provide the data and the numbers, but to also understand the business and to see what the business needs are and then, to jointly find a solution on the financial side.

I think, we have to be able to play different roles: Our finance departments have to provide data, consultancy and support the business with all their knowledge to find the best way for the company. And at the same time we – as CFOs – have to take our C-level responsibility serious and sometimes have to act differently to what our departments recommend, e.g. when it comes to business cases that only foresee a low or negative contribution to the bottom line proposing an investment which will (only) safeguard our market position vs. competition. Usually, these business cases don’t come with a return rate, they are labeled as ‘strategic decisions’.

 

Pushing Change Through Communication and Commitment

 

The pandemic has shown that businesses that are willing to change and adapt will be the ones that survive through the major disruptions. Encouraging change and overcoming legacy operations were key factors for Brussels Airlines’ ability to withstand the COVID crisis.

For Oewerdieck, COVID-19 meant an opportunity to push for change in the processes and take steps towards digitalization. At the same time, overcoming the challenges that come from encouraging change in an industry that is set in its ways.

 

Change is always hard for any company. Was it an uphill battle for you to implement change during a crisis?

 

It was an uphill battle. The need for change was very visible in our situation, which provided good momentum for us to go through this restructuring. Everybody in our organization understands that we can’t go back to how it was before, after the crisis. 

So the need for change was tangible and we were in this position to set up an organization with the right people in place and to define the right size. To go through such a crisis, to go through a restructuring, and to set up a state-of-the-art finance organization, you need to have the right people in place. People who are willing to change, who like change, and maybe also drive the business through change with new ideas and openness.

 

How do you encourage change within the workforce? What were the challenges and initiatives you had to push for?

 

It was a lot of communication work, people-driven communication work. We were very transparent and kept everyone informed throughout. We had to let them know that we were fighting for their jobs and to keep them in our company.

It was important for us to give them confidence, prove the commitment to the company, and let them know what the current status is so that they are always involved and to let them be part of the change. 

We involved our people, encouraging them, and let them come up with ideas on how to make this “change” happen. One of the positive aspects of this current situation is that it allows you to foster talent.

Of course, we are still currently in crisis mode so there’s a lot of micro-management and usually, talents are not very positive on this, but that’s the challenge, to keep them on the right track and to show that there is some light at the end of the tunnel. And finally to find the right momentum and time to steer back and to give back ownership. 

 

The Modern CFO and Bridging The Digital Gap 

 

The CFO role in a post-pandemic landscape has gone beyond just being a financial executive. Finance leaders today need to take on the role of digital transformation bastions and as people leaders.

Throughout her time as CFO for Brussels Airlines during the pandemic, Oewerdieck realized and highlighted the fact that the traditional roles of a CFO have to be more than just the numbers and the path towards digitalization and growth starts from the top.

 

Digital transformation is top-of-mind for many businesses today. How should CFOs approach and encourage digitalization for their organization?

 

In my opinion, we have to reverse our approach and let change and digital transformation be pulled by our people. If you are just saying from the top of management “this is the way want to go” or figure out the next tool, that does not work because the strength of the organization will be too heavy to fight against that. 

I had good experiences with implementing smaller lighthouse projects to make robotics, automation, or digitalization a little bit more tangible to the people so that people don’t have to fear it.

It shows that we want to foster and focus on their knowledge for higher quality work. A skill set of a financial expert can’t be used only to compile reports – we need their expertise, their knowledge to read a story out of numbers.

With lighthouse projects we can prove that there are benefits for the entire organization and also for our people, that will make acceptance easier and even let them pull new ideas.

 

In your point of view, what are the necessary traits for a modern finance leader? What is the duty of a CFO in a post-pandemic landscape?

 

From my point of view, CFOs nowadays do not have to be the best expert. Rather, you have to be a people leader, to encourage your people, to listen to your people, and to steer them through uncertainty, or even into profitability, and to reach growth and to let them grow. 

We have to be very open to change, to new ideas, and to challenge our company and our people about which new ideas are out there, such as robotics, automation, or artificial intelligence. 

I think that’s one of our major duties as CFOs. To steer the organization, to foster our talents, and let them rock in the end.

Posted on

What Does the Future of Cloud in Europe Look Like?

Cloud technologies have been catalysts for growth, innovation and agility for data-driven organizations across Europe. How do IT leaders ensure that their organizational cloud-based environments are scalable, effective and comply with relevant data privacy regulatory laws?  

Daniel Melin, Strategist at Skatteverket; and Kaj Kjellgren*, Senior Network Architect at Netnod Internet Exchange; help us navigate the current volatile cloud landscape and provide answers to important questions on cloud security, compliance, and challenges. In addition, we hear about the roles they play in the highly anticipated and talked about cloud project, Gaia-X.  

 

How can businesses ensure effective cloud data protection?  

Daniel: Customers need to choose cloud services that are sufficiently secure for their information. When evaluating security, the customer needs to take the whole spectrum of security into account; physical, IT, information, legal, and political. Security is like a chain and every link has to be evaluated

The Swedish Tax Agency has established a cloud center of excellence consisting of experts in IT security, legal, data protection, document and archiving, physical security, procurement, and architecture to make sure that all aspects are looked at before a new cloud service is enabled for users. 

Kaj: Protection of data must be based on an initial categorization of the data itself and identification of requirements on each data element. Not every piece of data requires the same protection. Of course, there are legislations and traditional security requirements that have to be followed.

For information security, this normally comprises availability, correctness, and confidentiality. If you start from zero, orchestrated microservices are the easiest way of ensuring adequate protection using the zero trust concept to isolate the various containers touching the data. Once again, this has to be according to the defined requirements for each data element. This orchestration, often called cloud, can be self-hosted or hosted by third parties, just like any service an organization needs.  

 

What are the biggest challenges concerning compliance with cloud data protection regulations and laws? 

Daniel: There are direct challenges with laws like the Swedish Public Access to Information and Secrecy Act (offentlighets- och sekretesslagen) and the GDPR. Both are challenges for Swedish public sector customers today. However, the Protective Security Act will be the hardest law to comply with, especially when a non-Swedish cloud provider has access to huge amounts of aggregated information. 

Kaj: The main legal challenge for any IT-related issue since 1990 is that legislation is different in different jurisdictions. The market economy pushes for large specialized organizations, services, and products that are bigger than any jurisdiction. This has hurt the flow of money and created tax havens for a number of years. A similar situation now exists for services. 

Those rules made by politicians with imaginary borders do not comply with the foundation of the Internet, which was made by technicians and engineers to be open, free, and unlimited by country borders between jurisdictions. On top of that, no single economy today is large enough to produce services for that economy alone without having to scale impact price for production. 

 

Tell us about your role in the Gaia-X project. 

Daniel: The Swedish Tax Agency currently has an assignment from the Swedish government to monitor Gaia-X. That work includes talking to all relevant stakeholders, gathering information, presenting at conferences, and taking part in the Swedish hub. We are positive about Gaia-X and what it brings to the table. 

Kaj: Netnod is one of the founding members of Gaia-X in Sweden, and together with similar organizations helps with basic services like transport which are needed for players higher up in the value chain. We are currently most active in the Sub-working group Interconnection & Networking which lies under the Architecture Workgroup within the Technical Committee under Gaia-X AISBL. 

 

What role does the human factor play in cloud security and vulnerability? 

Daniel: The human factor is as relevant as always; I don’t see that cloud services create any particular new challenges. However, a successful breach of a hyperscaler yields an extreme effect due to its size and storage of aggregated information. 

Kaj: When implementing any kind of service, there are many different kinds of threats where insider actions, both mistake or intentional, are included. This is where a proper orchestration of microservices using zero trust comes into play. The integrity of a pod managing certain data is important so that it is self-contained and secure regardless of how an attack against the data is designed. One never knows the goal of the attacker, so second-guessing detailed attack scenarios is always doomed to failure. There are always unknown unknowns.  

Most cloud services are provided as unmanaged components, pieces of a bigger puzzle, regardless of whether the cloud is self-hosted or not. The engineers at a company have to create a functional workflow that creates, configures, and secures solutions based on these pieces. This is both a big risk and a safety net, since a lot of people don’t fully understand the complexity of said services and tools, and don’t understand what needs to be secured or how. That being said, those tools are built to be robust and not expose users to dangerous or even impossible configurations. 

 

What areas should organizations consider when choosing a cloud service provider? 

Daniel: One of the biggest concerns today is that cloud service providers have to adapt better to customer needs. Currently, there are a handful of providers offering a one-size-fits-all model. It is certainly a cost-effective model, but the price tag on the invoice does not tell the whole story. The legal implications when using cloud services based in countries with extraterritorial legislation will be an ongoing issue. 

Kaj: Categorization of information must take place, followed by an analysis of what requirements there are in each category. The requirements have to take both legal and security (availability, confidentiality, and correctness) aspects into account. In some cases, there is a balance between goals where the so-called risk appetite is to be decided upon. Be aware of benefits and risks, and make sure you avoid creating solutions where there are too many unknown unknowns.  

 

What are your predictions for cloud trends in the next five years?

Daniel: We will see a market with more cloud providers, from small to hyperscalers, which will provide cloud services that fit different customers. The American hyperscalers will continue to license their technology to other cloud providers. Laws and regulations related to national security will be broader and will affect both cloud providers and customers more and more. The effects of geopolitics will be worse over time and the EU will follow China and USA in being more protectionist. 

Kaj: We see more legislation, specifically in the EU, that isolates the EU from the rest of the world. This will create more borders that force us to use different solutions for different jurisdictions. What we instead need to do is harmonize the laws and regulations in different jurisdictions with each other so the market for IT-related services will not be as fragmented. We are close to a situation where we have serverless environments, with only pods managing information. Everything is orchestrated by mechanisms that understand both information and the policies applied to the information. 

 

The answers have been edited for length and clarity.

*Part of Kaj Kjellgren’s answers were contributed by his colleagues at Netnod: Mattias Ahnberg, Head of Architecture & Development; Patrik Fältström, Technical Director & Head of Security; and Christian Lindholm, Head of Sales and Marketing & Senior Product Manager

Posted on

Sofia van Berlekom: Why Risk Management and Business Continuity Must Exist Together

The last 18 months have been synonymous with risk and uncertainty. More organizations are pushing risk management initiatives to the top of their agenda to prepare for unprecedented threats in the new world of work.  

In this article, we share highlights from our conversation with Sofia van Berlekom, Risk, Business Continuity and Compliance Director at AstraZeneca Sweden Operations; on emerging risk & compliance trends, effective risk & compliance communication and the importance of risk management in business continuity.  

 

Risk as a Vital Process in Business Continuity 

An effective risk management system not only protects an organization, but helps in recognizing new market opportunities. According to van Berlekom, “The pandemic has taught us that we have a lot of common risks and compliances regardless of business sector. But there are opportunities as well, not just risk and compliance issues that have emerged.”  

Risk management is one of the most vital processes companies can do, allowing them to be prepared and mitigate whatever they can in a proper fashion. “Business continuity and risk are linked from a risk perspective, and you know what to focus as resources never are unlimited.,” van Berlekom says. When it comes to allocation of resources, she stresses that “it’s also about priorities, and not wasting resources on something that is not needed.” 

A high level of organizational flexibility is needed for viable business continuity, especially in the wake of a global health crisis. “With the pandemic hitting hard, it was important to be agile and be able to think differently,” van Berlekom says. 

 

Communication Challenges in the Risk Space 

NAVEX Global predicts a rise in Chief Risk Officer (CRO) or Chief Risk and Compliance Officer (CRCO) appointments in the next few years. More organizations will have a more holistic risk management strategy, integrating compliance, IT, operational, reputational, third-party, and ESG practices. The success of this rests heavily on effective communication and van Berlekom says it’s much broader than the 3LoD.  

Communication around risk is difficult because it’s a specialized area. It’s also an area which is very general and generalized in the everyday life of people.” There is difficulty speaking the right language that can be understood company-wide. “It’s quite easy to get people confused when you’re talking about business risks compared to the general risks people encounter in their everyday life,” van Berlekom states.  

Risk & compliance managers on all levels need to practice good oversight without getting lost in the details,” van Berlekom adds. In risk management, a big communication challenge is to find that balance and ensure employees understand “what they can do and what they are obliged to do.” At AstraZeneca, risk identification and risk discussions are incorporated into the tier structure. Regular meetings are held where questions such as “Has anybody seen any risks?” and “Are there any risks that should be mitigated?” are commonplace. Risk awareness at all levels of an organization will improve decision-making and support a culture of innovation. 

 

Effective Digital Tools in Risk & Compliance  

The shift towards cloud technology has resulted in an exponential increase in data. There is a high demand for trusted data for compliance purposes in addition to real-time data to deal with unexpected events. Therefore, companies need to have a good grasp of technologies that can help them understand and interpret important data about potential risks. Another use of digital tools in the risk space is to increase transparency, according to van Berlekom. 

Here are the top technologies used in risk & compliance: 

  • Robotic process automation (RPA) is helpful in automating rules-based GRC processes. With RPA, all business tasks can be managed through a single device, effectively facilitating compliance.  
  • Advanced data analytics in risk data management is useful for predicting, measuring and reducing risk. 
  • AI and its subsets — machine learning, and natural language processing — can be applied to large data sets to help find indicators of known and unknown risks
 

Risk & Compliance in 2022

The digital world presents a lot of threats such as cyber threats and information threats,” van Berlekom says. It is no secret that the remote working environment brought IT risks such as data breaches, policy violations, audit failures, and third-party risk to the GRC space.  

Therefore, it makes sense that cybersecurity is now weaved into an organization’s risk management strategy. “At AstraZeneca, digital threats and cyber threats are a part of our risk landscape. We also have the IT department connected to the global operations network, which means that it is a natural part of the risk discussion,” van Berlekom states.   

In addition, van Berlekom says that the effects of the global political landscape should not be underestimated, as they can impact an organization’s operations and value chain. Moving forward, companies must be aware of the latest developments in today’s geopolitical environment and the possible regulations and enforcements that will follow. Risk & compliance officers must also extend their expertise to supply chain teams to build a strong supplier risk management strategy.  

 

Risk management professionals will play a key role in creating future-proof business continuity plans alongside C-level peers. As workplaces continue to evolve, risk & compliance initiatives will remain a priority as organizations find new and innovative ways to do business. 

Posted on

Die Grundlagen für einen echten Zero Trust-Sicherheitsansatz

Die digitale Transformation hat die Kommunikation und den Arbeitsalltag in modernen Unternehmen grundlegend verändert. Mit zunehmender Mobilität der Mitarbeiter werden eigenen Geräte sowohl für die persönliche Kommunikation als auch für den Beruf genutzt, so dass damit auf Geschäftsanwendungen und -daten über öffentliche Netze zugegriffen wird. Gleichzeitig wurden sensible Geschäftsdaten immer weiter verteilt und befinden sich außerhalb des Unternehmenspreimeters in SaaS-Anwendungen wie Microsoft 365 und privaten Anwendungen in AWS, Azure oder Google Cloud-Plattformen.

Der Prozess der digitalen Transformation steigert die Agilität und den Informationsfluss von Unternehmen, vergrößert jedoch ebenfalls die Angriffsfläche dramatisch und setzt Unternehmen neuen Bedrohungen aus. Dies hat dazu geführt, dass die traditionelle Firewall-basierte Netzwerksicherheit zugunsten einer Cloud-basierten Zero-Trust-Architektur überdacht wird. Allerdings wird der Begriff Zero Trust in den letzten Jahren inflationär behandelt mit der Folge der Verwirrung von Unternehmen und zögerlicher Umsetzung.

 

Was bedeuted ist Zero Trust?

 

Obwohl das Konzept von Zero Trust in der Cybersicherheitsbranche seit mehr als einem Jahrzehnt existiert, versteckt sich hinter dem Begriff nicht einfach eine einzelne Technologie, wie im Falle von Identitäts-Management, Fernzugriff oder Netzwerksegmentierung. Zero Trust ist ein ganzheitlicher Ansatz zur Absicherung moderner Organisationen. Er basiert auf dem Prinzip des Least Privileged Access und damit dem Grundsatz, dass kein Benutzer und keine Anwendung von vorneherein als vertrauenswürdig eingestuft werden sollten. Ohne den Vertrauensvorschuss muss jeglicher Zugriff auf Basis der Anwenderauthentifizierung und des Kontexts eingerichtet werden. Unternehmensrichtlinien dienen bei diesem Konzept auf jedem Schritt als Gatekeeper.

Im Kern wird eine Zero-Trust-Sicherheitsplattform von drei Eckpfeilern gebildet:

  • Konnektivität basiert auf Identität und Richtlinien werden Kontext-basiert erstellt
  • Anwendungen werden für Angreifern unsichtbar gemacht
  • Verwendung einer proxy-basierten Architektur zur Verbindung mit Anwendungen und zur Überprüfung des Datenverkehrs
 

Identitäts-und Richtlinien-basierte Konnektivität

 

Herkömmliche VPNs und Firewalls bringen die Benutzer für den Anwendungszugriff in das Netz. Sobald der Benutzer im Netzwerk ist, erhöht sich durch gewährte Vertrauen das Risiko von lateralen Bewegungen durch eingeschleppte Malware. Im Gegensatz dazu verwendet Zero Trust eine Kontext- und Identitäts-basierte Authentifizierung und Richtlinienüberprüfung, um verifizierte Benutzer sicher mit ganz bestimmten, genehmigten Anwendungen zu verbinden, ohne Benutzer direkt auf das Unternehmensnetzwerk zugreifen zu lassen. Dies verhindert laterale Bewegungen und reduziert so das Geschäftsrisiko. Da die Netzwerkressourcen niemals dem Internet ausgesetzt werden, können sich Unternehmen auf diese Weise vor Ransomware, DDoS und gezielten Angriffen schützen.

 

Anwendungen werden für Außenstehende unsichtbar

 

Die Migration von Anwendungen in die Cloud vergrößert die Angriffsfläche eines Unternehmens erheblich. Herkömmliche Firewalls veröffentlichen Anwendungen im Internet, so dass sie von Benutzern aber eben auch Hackern gefunden werden können. Ein Zero Trust-Ansatz vermeidet es, das Unternehmensnetzwerk dem Internet auszusetzen, indem Quellidentitäten verborgen und IP-Adressen verschleiert werden. Die Angriffsfläche eines Unternehmens lässt sich reduzieren, indem Anwendungen für Angreifer unsichtbar und nur für autorisierte Benutzer zugänglich sind. Damit können Unternehmen ihren Zugriff auf Anwendungen im Internet, in SaaS sowie in öffentlichen oder privaten Clouds sicher gestalten.

 

Proxy-basierte Architektur zur Verbindung mit Anwendungen und zur Überprüfung des Datenverkehrs

 

Next-Generation Firewalls haben Schwierigkeiten, verschlüsselte Datenverkehr flächendeckend und ohne Leistungseinbußen zu prüfen. Dies zwingt Unternehmen oft dazu, sich zwischen schneller Verfügbarkeit und Sicherheit zu entscheiden, wobei oft die Verfügbarkeit gewinnt. Die Prüfung des verschlüsselten Datenverkehrs wird demzufolge umgangen, was zu einem größeren Risiko von Cybersecurity-Bedrohungen und Datenverlusten führen kann. Darüber hinaus verwenden Firewalls einen Passthrough-Ansatz, der es unbekannten Inhalten ermöglicht, ihr Ziel zu erreichen, bevor eine Analyse auf Malware abgeschlossen ist. Erst wenn eine Bedrohung erkannt wird, wird eine Warnung verschickt. Das kann unter Umständen zu spät sein, um die Ausführung der Malware zu verhindern.

Ein wirksamer Schutz vor Bedrohungen und Datenverlusten erfordert stattdessen eine Proxy-Architektur, die SSL-Sitzungen prüft, den Inhalt von Transaktionen analysiert und in Echtzeit Richtlinien- und Sicherheitsentscheidungen trifft, bevor der Datenverkehr an sein Ziel weitergeleitet wird. All dies muss außerdem in großem Umfang und ohne Beeinträchtigung der Leistung erfolgen, unabhängig davon, von wo aus die Benutzer eine Verbindung herstellen.

 

Zero Trust sorgt für moderne Sicherheit

 

Die erfolgreiche Einführung von Zero Trust beginnt mit der richtigen Plattform, die auf den oben genannten Säulen basiert. Zur Umsetzung müssen sich IT-Entscheidungsträger von traditionellen Denkweisen verabschieden. Moderne Sicherheit geht mit einer ganzheitlichen Transformation einher, die in das Gesamtkonzept der Cloud passt und das Ökosystem der Konnektivität mit Security verbindet. Die Zscaler Zscaler Zero Trust Exchange schafft die notwendige Grundlage dafür.