Protect, Detect, Deter, Respond is Not a Security Strategy

July 1, 2019 Corey Williams

The last few weeks haven’t been kind to cybersecurity. From the healthcare organizations tasked with handling our most sensitive patient records to startups that are supposed to be the vanguard of tech and immune to this sort of thing — no organization is genuinely safe. And no matter the strength of the defensive postures that might be put in place, it seems that malicious actors are still able to circumvent them and break through.

That’s because most organizations today have the wrong approach when it comes to cybersecurity.

The majority of executives today believe that bolstering protection against security vulnerabilities should be their number one priority — when, in fact, 80 percent of breaches today are the result of default or stolen passwords according to the Verizon Data Breach Investigations Report.

It’s not their fault; fancy zero-day attacks and stolen NSA tools steal the headlines and make cybersecurity seem like complicated stuff. What is clear is what’s not working. A strong perimeter “barrier” is no longer effective. It’s just not possible to separate the “good guys” from the “bad guys” (and they are likely inside the gates already). Passwords alone can’t stand up to the breadth and sophistication of today’s relentless attacks.

Technology by itself won’t eliminate the risk or guarantee that information stays safe without first implementing the right strategy and practices.

A prominent industry analyst summed things up nicely at a sold-out cybersecurity summit I recently attended:

“People will say, ‘We’re doing things. We’re working on it,’” he said. “Well, guess what Target’s strategy was before the breach? Protect, detect, deter, respond. Guess what OMB’s strategy was before the breach? Protect, detect, deter, respond. That’s not a strategy. Those are things that you do. Those are pieces of it.”

He’s right. “Protect, detect, deter, respond” is not a security strategy. It’s a reaction to the forces at play in the cybersecurity world today.

That’s why Idaptive has been built around a proven approach that does actually reduce data breaches: Zero Trust.

Zero Trust is a foundational approach to cybersecurity that ensures every person and device granted access are who and what they say they are. It’s the single most important step a company can take to help themselves make sense of the increasing complexity tied to cybersecurity and identity & access today. The philosophy that defines Zero Trust is “never trust, always verify,” which ensures that every user is verified, every device is validated, and access is intelligently limited — every time. Studies have shown that companies adopting this approach experience 50 percent fewer breaches, while also reducing the overall cost of access technology by an average of 40 percent.

“If you stand up and say, ‘Our security strategy is to work towards a Zero Trust infrastructure.’ There it is,” this prominent industry analyst concluded. “One sentence. Everyone can get behind that.”

So, stay tuned in the coming weeks as I dig into the steps your organization can take to adopt a Zero Trust base, including how to make existing and new technology work and how to get your teams to buy-in to Zero Trust. If you’re serious about taking your cybersecurity to the next level and keeping sensitive information safe, you won’t want to miss them.

Read the Zero Trust series here:

Zero Trust Series – 1  What Is Zero Trust and Why Is it So Important?

Zero Trust Series – 2 Like the Night King, Perimeter Defense is Dead

Zero Trust Series – 3 Imposter Syndrome: Why You Can’t Separate the “Good Guys” from the “Bad Guys”

Zero Trust Series – 4 Passwords are Just one Piece of the Cybersecurity Puzzle

Zero Trust Series – 5 The Future of Cybersecurity is Artificial: Intelligence Will Transform Enterprise Governance

Zero Trust Series – 6 Protect, Detect, Deter, Respond is Not a Security Strategy.

Zero Trust Series – 7 Upping the Security Ante: How to Get Teams’ Buy-in for Zero Trust

Zero Trust Series – 8 Next-Gen Access and Zero Trust are the PB&J of Security

Zero Trust Series – 9 Passwords Need Fixing. Zero Trust is the Solution.

Zero Trust Series – 10 The One-Two Punch of Zero Trust. Verify Every User, Validate Every Device.

Zero Trust Series – 11 “Should I Stay or Should I Go?” Artificial Intelligence (And The Clash) has the Answer to Your Employee Access Dilemma.

Zero Trust Series – 12 Grow Up! Plotting Your Path Along the Zero Trust Maturity Model

Previous Article
NIST 800-63-3 Digital Identity Guidelines – A Primer
NIST 800-63-3 Digital Identity Guidelines – A Primer

The National Institute of Standards and Technology (NIST), in June 2017, published a new set of guidelines ...

Next Article
Just-In-Time Access: Right Access, Right Resources, Right Reasons
Just-In-Time Access: Right Access, Right Resources, Right Reasons

Just-in-time is a management philosophy that can be traced back to the early 1970s in Toyota manufacturing ...